version: '3.8'

services:
  # --- INFRASTRUCTURE ---

  postgres:
    image: postgres:16-alpine
    container_name: veza_postgres_staging
    restart: unless-stopped
    environment:
      POSTGRES_USER: veza
      POSTGRES_PASSWORD: ${STAGING_DB_PASSWORD:?STAGING_DB_PASSWORD must be set}
      POSTGRES_DB: veza_staging
    volumes:
      - postgres_staging_data:/var/lib/postgresql/data
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready -U veza" ]
      interval: 10s
      timeout: 5s
      retries: 5

  redis:
    image: redis:7-alpine
    container_name: veza_redis_staging
    restart: unless-stopped
    command: redis-server --save 60 1 --loglevel warning
    volumes:
      - redis_staging_data:/data
    healthcheck:
      test: [ "CMD", "redis-cli", "ping" ]
      interval: 10s

  rabbitmq:
    image: rabbitmq:3-management-alpine
    container_name: veza_rabbitmq_staging
    restart: unless-stopped
    environment:
      RABBITMQ_DEFAULT_USER: veza
      RABBITMQ_DEFAULT_PASS: ${STAGING_RABBITMQ_PASSWORD:?STAGING_RABBITMQ_PASSWORD must be set}
    volumes:
      - rabbitmq_staging_data:/var/lib/rabbitmq
    healthcheck:
      test: rabbitmq-diagnostics -q ping
      interval: 20s

  # --- APPLICATION SERVICES ---

  backend:
    build:
      context: ./veza-backend-api
      dockerfile: Dockerfile.production
    container_name: veza_backend_staging
    restart: unless-stopped
    environment:
      - APP_ENV=staging
      - DB_HOST=postgres
      - DB_PORT=5432
      - DB_USER=veza
      - DB_PASSWORD=${STAGING_DB_PASSWORD:?STAGING_DB_PASSWORD must be set}
      - DB_NAME=veza_staging
      - DATABASE_URL=postgresql://veza:${STAGING_DB_PASSWORD:?STAGING_DB_PASSWORD must be set}@postgres:5432/veza_staging?sslmode=require
      - REDIS_URL=redis://redis:6379
      - RABBITMQ_URL=amqp://veza:${STAGING_RABBITMQ_PASSWORD:?STAGING_RABBITMQ_PASSWORD must be set}@rabbitmq:5672/%2f
      - JWT_SECRET=${STAGING_JWT_SECRET}
      - ENABLE_CLAMAV=false
      - LOG_DIR=/var/log/veza
      - LOG_LEVEL=INFO
      # Cookie Security Settings (Staging)
      - COOKIE_SECURE=true           # true en staging (HTTPS requis)
      - COOKIE_SAME_SITE=strict       # strict pour sécurité maximale
      - COOKIE_DOMAIN=${STAGING_COOKIE_DOMAIN:-.staging.veza.app}
      - COOKIE_HTTP_ONLY=true
      - COOKIE_PATH=/
      - CORS_ALLOWED_ORIGINS=${STAGING_CORS_ORIGINS:-https://staging.veza.app,https://staging-api.veza.app}
    volumes:
      - veza_logs_staging:/var/log/veza
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy
      rabbitmq:
        condition: service_healthy
    ports:
      - "8080:8080"
    healthcheck:
      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/api/v1/health"]
      interval: 10s
      timeout: 5s
      retries: 3

  chat-server:
    build:
      context: ./veza-chat-server
      dockerfile: Dockerfile.production
    container_name: veza_chat_staging
    restart: unless-stopped
    environment:
      - DATABASE_URL=postgresql://veza:${STAGING_DB_PASSWORD:?STAGING_DB_PASSWORD must be set}@postgres:5432/veza_staging?sslmode=require
      - REDIS_URL=redis://redis:6379
      - JWT_SECRET=${STAGING_JWT_SECRET:?STAGING_JWT_SECRET must be set}
      - PORT=8081
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy
    healthcheck:
      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8081/health"]
      interval: 10s
      timeout: 5s
      retries: 3

  stream-server:
    build:
      context: ./veza-stream-server
      dockerfile: Dockerfile.production
    container_name: veza_stream_staging
    restart: unless-stopped
    environment:
      - DATABASE_URL=postgresql://veza:${STAGING_DB_PASSWORD:?STAGING_DB_PASSWORD must be set}@postgres:5432/veza_staging?sslmode=require
      - REDIS_URL=redis://redis:6379
      - JWT_SECRET=${STAGING_JWT_SECRET:?STAGING_JWT_SECRET must be set}
      - PORT=3001
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy
    healthcheck:
      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:3001/health"]
      interval: 10s
      timeout: 5s
      retries: 3

  frontend:
    build:
      context: ./apps/web
      dockerfile: Dockerfile.production
    container_name: veza_frontend_staging
    restart: unless-stopped
    environment:
      - VITE_API_URL=/api/v1
      - VITE_WS_URL=ws://caddy/ws
      - VITE_STREAM_URL=ws://caddy/stream
      - VITE_APP_ENV=staging
    depends_on:
      - backend
      - chat-server
      - stream-server
    healthcheck:
      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:5173"]
      interval: 10s
      timeout: 5s
      retries: 3

  caddy:
    image: caddy:2-alpine
    container_name: veza_caddy_staging
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./config/caddy/Caddyfile.staging:/etc/caddy/Caddyfile:ro
      - caddy_data:/data
      - caddy_config:/config
    depends_on:
      - backend
      - chat-server
      - stream-server
      - frontend

volumes:
  postgres_staging_data:
  redis_staging_data:
  rabbitmq_staging_data:
  veza_logs_staging:
  caddy_data:
  caddy_config: