services:
  mongo:
    image: mongo:7.0
    container_name: nachsuche-mongo
    restart: unless-stopped
    # Port intentionally NOT exposed externally - MongoDB must only be
    # reachable from within the Docker network (backend service)
    environment:
      - MONGO_INITDB_ROOT_USERNAME=nachsuche
      - MONGO_INITDB_ROOT_PASSWORD=${MONGO_PASSWORD}
      - MONGO_INITDB_DATABASE=nachsuche
    volumes:
      - mongo-data:/data/db
    healthcheck:
      test: ["CMD", "mongosh", "--username", "nachsuche", "--password", "${MONGO_PASSWORD}", "--authenticationDatabase", "admin", "--eval", "db.adminCommand('ping')"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s

  backend:
    build: ./backend
    container_name: nachsuche-backend
    restart: unless-stopped
    # Port 5010 bound to localhost only – NOT accessible from external IPs.
    # Portal nginx reaches the backend via the shared jagd-network (container name).
    ports:
      - "127.0.0.1:5010:5000"
    networks:
      - default
      - jagd-network
    volumes:
      - geocode-cache:/app/geocode-cache.json
    environment:
      - NODE_ENV=production
      - MONGO_URI=mongodb://nachsuche:${MONGO_PASSWORD}@mongo:27017/nachsuche?authSource=admin
      - JWT_SECRET=${NACHSUCHE_JWT_SECRET}
      - JWT_EXPIRES_IN=24h
      - CORS_ORIGIN=${CORS_ORIGIN:-http://localhost:8080}
      - ADMIN_THORSTEN_PASSWORD=${ADMIN_THORSTEN_PASSWORD}
      - GEOCODE_URL=https://nominatim.openstreetmap.org/search
      - GEOCODE_USER_AGENT=nachsuche-app/1.0 (t.meyer@jaegerschaft-fallingbostel.de)
      - GEOCODE_MIN_DELAY_MS=1100
      # E-Mail / Passwort-Reset (optional – ohne SMTP-Konfiguration wird der Reset-Link in die Logs geschrieben)
      # - SMTP_HOST=mail.example.com
      # - SMTP_PORT=587
      # - SMTP_USER=user@example.com
      # - SMTP_PASS=${SMTP_PASS}
      # - SMTP_FROM=nachsuche@example.com
      # - APP_URL=https://example.com/nachsuche
    depends_on:
      mongo:
        condition: service_healthy
    healthcheck:
      test: ["CMD", "wget", "-q", "--spider", "http://localhost:5000/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s

  frontend:
    build:
      context: ./frontend
      args:
        - PUBLIC_URL=/nachsuche/
        - REACT_APP_API_URL=${REACT_APP_API_URL:-}
    container_name: nachsuche-frontend
    restart: unless-stopped
    ports:
      - "127.0.0.1:8080:80"
    networks:
      - default
      - jagd-network
    depends_on:
      - backend
    healthcheck:
      test: ["CMD", "wget", "-q", "--spider", "http://localhost/health"]
      interval: 30s
      timeout: 10s
      retries: 3

volumes:
  mongo-data:
    name: nachsuche-mongo-data
  geocode-cache:
    name: nachsuche-geocode-cache

networks:
  default: {}
  jagd-network:
    external: true
    name: jagd-network