services:
  db:
    image: postgres:16-alpine
    environment:
      POSTGRES_USER: mtms
      POSTGRES_PASSWORD: mtms_secret
      POSTGRES_DB: mtms
    volumes:
      - pgdata:/var/lib/postgresql/data
      - ./backend/db/init.sql:/docker-entrypoint-initdb.d/00-init.sql
    ports:
      - "5432:5432"
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U mtms -d mtms"]
      interval: 5s
      timeout: 5s
      retries: 10

  api:
    build:
      context: ./backend
      dockerfile: Dockerfile
    environment:
      DATABASE_URL: postgresql://mtms:mtms_secret@db:5432/mtms
      JWT_SECRET: ${JWT_SECRET:-dev-change-me-use-openssl-rand-hex-32-in-prod}
      PORT: 4000
      NODE_ENV: production
      CORS_ORIGIN: http://localhost:5173,http://localhost:5174,http://localhost:8080,http://127.0.0.1:5173,http://127.0.0.1:5174,http://127.0.0.1:8080
      GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID:-}
    ports:
      - "4000:4000"
    depends_on:
      db:
        condition: service_healthy

  web:
    build:
      context: ./frontend
      dockerfile: Dockerfile
      args:
        # Relative URLs → nginx proxies to api (works for localhost or 127.0.0.1:8080)
        VITE_API_URL: ""
        VITE_GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID:-}
    ports:
      - "8080:80"
    depends_on:
      - api

volumes:
  pgdata: