FROM node:alpine AS build
WORKDIR /build

RUN apk update --no-cache && apk upgrade --no-cache
RUN apk add --no-cache cmake ninja clang alpine-sdk yaml-dev brotli-dev json-c-dev util-linux-dev

RUN git clone https://tuxist.de/git/jan.koester/libcmdplus.git && \
    mkdir libcmdplus/build && \
    cd libcmdplus/build && cmake ../ -G Ninja -DCMAKE_INSTALL_PREFIX=/usr/local -DCMAKE_CXX_FLAGS="-fPIC" && ninja install

RUN git clone https://tuxist.de/git/tuxist/uuidplus.git && \
    mkdir uuidplus/build && \
    cd uuidplus/build && cmake ../ -G Ninja -DCMAKE_INSTALL_PREFIX=/usr/local && ninja install

RUN git clone https://tuxist.de/git/jan.koester/libnetplus.git && \
    mkdir libnetplus/build && \
    cd libnetplus/build && cmake ../ -G Ninja -DCMAKE_INSTALL_PREFIX=/usr/local && ninja install

RUN git clone https://tuxist.de/git/jan.koester/libhtmlpp.git && \
    mkdir libhtmlpp/build && \
    cd libhtmlpp/build && cmake ../ -G Ninja -DCMAKE_INSTALL_PREFIX=/usr/local && ninja install

RUN git clone https://tuxist.de/git/jan.koester/libhttppp.git && \
    mkdir libhttppp/build && \
    cd libhttppp/build && cmake ../ -G Ninja -DCMAKE_INSTALL_PREFIX=/usr/local && ninja install

RUN git clone https://tuxist.de/git/jan.koester/libconfplus.git && \
    mkdir libconfplus/build && \
    cd libconfplus/build && cmake ../ -G Ninja -DCMAKE_INSTALL_PREFIX=/usr/local -DCMAKE_CXX_FLAGS="-fPIC" && ninja install

RUN git clone https://tuxist.de/git/tuxist/libparitypp.git && \
    mkdir libparitypp/build && \
    cd libparitypp/build && cmake ../ -G Ninja -DCMAKE_INSTALL_PREFIX=/usr/local && ninja install

RUN git clone https://tuxist.de/git/jan.koester/authdb.git && \
    mkdir authdb/build && \
    cd authdb/build && cmake ../ -G Ninja -DCMAKE_INSTALL_PREFIX=/usr/local -DBUILD_BINDINGS=OFF -DDATAPATH:PATH=/usr/local/share/authdb && ninja install

# --- Runtime stage ---
FROM node:alpine

RUN addgroup authdb && \
    adduser authdb -h /var/lib/authdb -S -G authdb

RUN apk update && apk upgrade && \
    apk add --no-cache yaml brotli openssl json-c libuuid libstdc++

RUN mkdir -p /etc/authdb/certs /var/lib/authdb /usr/local/share/authdb /var/log/authdb && \
    chown -R authdb:authdb /var/lib/authdb /var/log/authdb

COPY --from=build /usr/local/bin/authdb /usr/local/bin/
COPY --from=build /usr/local/lib /usr/local/lib/
COPY --from=build /usr/local/lib/authdb /usr/local/lib/authdb
COPY --from=build /usr/local/share/authdb /usr/local/share/authdb

# Ports: 9090 = HTTP API, 4433 = cluster QUIC
EXPOSE 9090 4433

CMD ["authdb", "-f", "true", "-c", "yaml:///etc/authdb/config.yaml"]
