services:
  # PostgreSQL 数据库
  postgres:
    image: postgres:16-alpine
    container_name: paperburner-db
    restart: unless-stopped
    environment:
      POSTGRES_USER: ${DB_USER:-paperburner}
      POSTGRES_PASSWORD: ${DB_PASSWORD:-changeme}
      POSTGRES_DB: ${DB_NAME:-paperburner}
    volumes:
      - postgres_data:/var/lib/postgresql/data
    ports:
      - "${DB_PORT:-5432}:5432"
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-paperburner}"]
      interval: 10s
      timeout: 5s
      retries: 5

  # Paper Burner X 应用
  app:
    # 方式 1: 从 Docker Hub 拉取（推荐用于生产，快速启动）
    # image: feather2dev/paper-burner-x:latest
    # pull_policy: always

    # 方式 2: 从本地构建（推荐用于开发和自定义修改）
    # 已切换为本地构建，便于验证当前仓库代码改动
    build:
      context: .
      dockerfile: Dockerfile

    container_name: paperburner-app
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy
    environment:
      # 数据库配置
      DATABASE_URL: postgresql://${DB_USER:-paperburner}:${DB_PASSWORD:-changeme}@postgres:5432/${DB_NAME:-paperburner}

      # 服务器配置
      NODE_ENV: ${NODE_ENV:-production}
      PORT: ${PORT:-3000}

      # JWT 配置
      JWT_SECRET: ${JWT_SECRET:-your-super-secret-jwt-key-change-in-production}
      JWT_EXPIRES_IN: ${JWT_EXPIRES_IN:-7d}

      # 加密密钥（生产必填）
      ENCRYPTION_SECRET: ${ENCRYPTION_SECRET:-your-encryption-secret-min-32-chars-change-in-production}

      # CORS 配置
      CORS_ORIGIN: ${CORS_ORIGIN:-*}

      # 部署模式
      DEPLOYMENT_MODE: backend
      RUN_MIGRATIONS: "true"
      # 后端模式下临时允许内联脚本（CSP），以兼容现有页面
      CSP_ALLOW_INLINE: "true"

      # OCR API Keys（可选，可通过管理面板配置）
      MINERU_API_TOKEN: ${MINERU_API_TOKEN:-}
      DOC2X_API_TOKEN: ${DOC2X_API_TOKEN:-}

      # 翻译模型 API Keys（可选）
      DEEPSEEK_API_KEY: ${DEEPSEEK_API_KEY:-}
      GEMINI_API_KEY: ${GEMINI_API_KEY:-}
      CLAUDE_API_KEY: ${CLAUDE_API_KEY:-}
      TONGYI_API_KEY: ${TONGYI_API_KEY:-}
      VOLCANO_API_KEY: ${VOLCANO_API_KEY:-}

    ports:
      # 避免与本机可能占用的 3000 端口冲突，改为仅绑定 IPv4 127.0.0.1:3300
      - "127.0.0.1:3300:3000"
      # 如需同时绑定 IPv6 本地回环，可取消下一行注释（某些环境不支持）：
      # - "[::1]:3300:3000"
    volumes:
      # 如果需要持久化上传的文件
      - app_uploads:/app/uploads
      # 将迁移与 schema 挂载到容器，确保旧镜像也能找到迁移（只读）
      - ./server/prisma/migrations:/app/server/prisma/migrations:ro
      - ./server/prisma/schema.prisma:/app/server/prisma/schema.prisma:ro
      # 挂载前端与服务端源码为只读，确保容器运行当前工作区代码（避免旧镜像残留）
      - ./server/src:/app/server/src:ro
      - ./index.html:/app/index.html:ro
      - ./admin:/app/admin:ro
      - ./views:/app/views:ro
      - ./js:/app/js:ro
      - ./css:/app/css:ro
      - ./public:/app/public:ro

  # Nginx 反向代理（可选，用于生产环境）
  nginx:
    image: nginx:alpine
    container_name: paperburner-nginx
    restart: unless-stopped
    depends_on:
      - app
    ports:
      - "${NGINX_PORT:-80}:80"
      - "${NGINX_SSL_PORT:-443}:443"
    volumes:
      - ./docker/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./docker/ssl:/etc/nginx/ssl:ro
    profiles:
      - production

volumes:
  postgres_data:
    driver: local
  app_uploads:
    driver: local

networks:
  default:
    name: paperburner-network