# Use external network from infrastructure
networks:
  maple-dev:
    external: true

services:
  app:
    container_name: maplefile-backend-dev
    stdin_open: true
    build:
      context: .
      dockerfile: ./dev.Dockerfile
    ports:
      - "${SERVER_PORT:-8000}:${SERVER_PORT:-8000}"
    env_file:
      - .env
    environment:
      # Application Configuration
      APP_ENVIRONMENT: ${APP_ENVIRONMENT:-development}
      APP_VERSION: ${APP_VERSION:-0.1.0}
      APP_DATA_DIRECTORY: ${APP_DATA_DIRECTORY:-/app/data}

      # HTTP Server Configuration
      SERVER_HOST: ${SERVER_HOST:-0.0.0.0}
      SERVER_PORT: ${SERVER_PORT:-8000}
      SERVER_READ_TIMEOUT: ${SERVER_READ_TIMEOUT:-30s}
      SERVER_WRITE_TIMEOUT: ${SERVER_WRITE_TIMEOUT:-30s}
      SERVER_IDLE_TIMEOUT: ${SERVER_IDLE_TIMEOUT:-60s}
      SERVER_SHUTDOWN_TIMEOUT: ${SERVER_SHUTDOWN_TIMEOUT:-10s}

      # Cassandra Database Configuration
      # Connect to external infrastructure (use all 3 nodes in cluster)
      DATABASE_HOSTS: ${DATABASE_HOSTS:-cassandra-1:9042,cassandra-2:9042,cassandra-3:9042}
      DATABASE_KEYSPACE: ${DATABASE_KEYSPACE:-maplefile}
      DATABASE_CONSISTENCY: ${DATABASE_CONSISTENCY:-QUORUM}
      DATABASE_REPLICATION: ${DATABASE_REPLICATION:-3}
      DATABASE_MIGRATIONS_PATH: ${DATABASE_MIGRATIONS_PATH:-file://migrations}
      DATABASE_CONNECT_TIMEOUT: ${DATABASE_CONNECT_TIMEOUT:-10s}
      DATABASE_REQUEST_TIMEOUT: ${DATABASE_REQUEST_TIMEOUT:-5s}
      DATABASE_MAX_RETRIES: ${DATABASE_MAX_RETRIES:-3}
      DATABASE_RETRY_DELAY: ${DATABASE_RETRY_DELAY:-1s}

      # Redis Cache Configuration
      # Connect to external infrastructure
      CACHE_HOST: ${CACHE_HOST:-redis}
      CACHE_PORT: ${CACHE_PORT:-6379}
      CACHE_PASSWORD: ${CACHE_PASSWORD:-}
      CACHE_DB: ${CACHE_DB:-0}

      # S3 Configuration (SeaweedFS - S3-compatible storage)
      # Using nginx-s3-proxy on port 8334 for CORS-enabled access
      S3_ENDPOINT: ${S3_ENDPOINT:-http://nginx-s3-proxy:8334}
      S3_ACCESS_KEY: ${S3_ACCESS_KEY:-any}
      S3_SECRET_KEY: ${S3_SECRET_KEY:-any}
      S3_BUCKET: ${S3_BUCKET:-maplefile}
      S3_REGION: ${S3_REGION:-us-east-1}
      S3_USE_SSL: ${S3_USE_SSL:-false}
      S3_USE_PATH_STYLE: ${S3_USE_PATH_STYLE:-true}

      # JWT Authentication
      JWT_SECRET: ${JWT_SECRET:-change-me-in-production}
      JWT_ACCESS_TOKEN_DURATION: ${JWT_ACCESS_TOKEN_DURATION:-15m}
      JWT_REFRESH_TOKEN_DURATION: ${JWT_REFRESH_TOKEN_DURATION:-168h}
      JWT_SESSION_DURATION: ${JWT_SESSION_DURATION:-24h}
      JWT_SESSION_CLEANUP_INTERVAL: ${JWT_SESSION_CLEANUP_INTERVAL:-1h}

      # Email (Mailgun)
      MAILGUN_API_KEY: ${MAILGUN_API_KEY:-}
      MAILGUN_DOMAIN: ${MAILGUN_DOMAIN:-}
      MAILGUN_API_BASE: ${MAILGUN_API_BASE:-https://api.mailgun.net/v3}
      MAILGUN_FROM_EMAIL: ${MAILGUN_FROM_EMAIL:-noreply@maplefile.app}
      MAILGUN_FROM_NAME: ${MAILGUN_FROM_NAME:-MapleFile}
      MAILGUN_FRONTEND_URL: ${MAILGUN_FRONTEND_URL:-http://localhost:3000}

      # Invite Email Configuration
      MAPLEFILE_INVITE_MAX_EMAILS_PER_DAY: ${MAPLEFILE_INVITE_MAX_EMAILS_PER_DAY:-3}

      # Login Rate Limiting
      LOGIN_RATE_LIMIT_MAX_ATTEMPTS_PER_IP: ${LOGIN_RATE_LIMIT_MAX_ATTEMPTS_PER_IP:-50}
      LOGIN_RATE_LIMIT_IP_WINDOW: ${LOGIN_RATE_LIMIT_IP_WINDOW:-15m}
      LOGIN_RATE_LIMIT_MAX_FAILED_PER_ACCOUNT: ${LOGIN_RATE_LIMIT_MAX_FAILED_PER_ACCOUNT:-10}
      LOGIN_RATE_LIMIT_LOCKOUT_DURATION: ${LOGIN_RATE_LIMIT_LOCKOUT_DURATION:-30m}

      # Observability
      OBSERVABILITY_ENABLED: ${OBSERVABILITY_ENABLED:-true}
      OBSERVABILITY_PORT: ${OBSERVABILITY_PORT:-9090}
      OBSERVABILITY_HEALTH_TIMEOUT: ${OBSERVABILITY_HEALTH_TIMEOUT:-5s}
      OBSERVABILITY_METRICS_ENABLED: ${OBSERVABILITY_METRICS_ENABLED:-true}
      OBSERVABILITY_HEALTH_ENABLED: ${OBSERVABILITY_HEALTH_ENABLED:-true}
      OBSERVABILITY_DETAILED_HEALTH: ${OBSERVABILITY_DETAILED_HEALTH:-false}

      # Logging
      LOG_LEVEL: ${LOG_LEVEL:-info}
      LOG_FORMAT: ${LOG_FORMAT:-json}
      LOG_STACKTRACE: ${LOG_STACKTRACE:-false}
      LOG_CALLER: ${LOG_CALLER:-true}

      # Security
      SECURITY_GEOLITE_DB_PATH: ${SECURITY_GEOLITE_DB_PATH:-./data/GeoLite2-Country.mmdb}
      SECURITY_BANNED_COUNTRIES: ${SECURITY_BANNED_COUNTRIES:-}
      SECURITY_RATE_LIMIT_ENABLED: ${SECURITY_RATE_LIMIT_ENABLED:-true}
      SECURITY_IP_BLOCK_ENABLED: ${SECURITY_IP_BLOCK_ENABLED:-true}

      # Leader Election
      LEADER_ELECTION_ENABLED: ${LEADER_ELECTION_ENABLED:-true}
      LEADER_ELECTION_LOCK_TTL: ${LEADER_ELECTION_LOCK_TTL:-10s}
      LEADER_ELECTION_HEARTBEAT_INTERVAL: ${LEADER_ELECTION_HEARTBEAT_INTERVAL:-3s}
      LEADER_ELECTION_RETRY_INTERVAL: ${LEADER_ELECTION_RETRY_INTERVAL:-2s}

    volumes:
      - ./:/go/src/codeberg.org/mapleopentech/monorepo/cloud/maplefile-backend
    networks:
      - maple-dev
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:${SERVER_PORT:-8000}/health"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 30s