version: '3.8'

services:
  # --- INFRASTRUCTURE ---

  postgres:
    image: postgres:16-alpine
    container_name: veza_postgres_staging
    restart: unless-stopped
    environment:
      POSTGRES_USER: veza
      POSTGRES_PASSWORD: ${STAGING_DB_PASSWORD:?STAGING_DB_PASSWORD must be set}
      POSTGRES_DB: veza_staging
    volumes:
      - postgres_staging_data:/var/lib/postgresql/data
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready -U veza" ]
      interval: 10s
      timeout: 5s
      retries: 5

  redis:
    image: redis:7-alpine
    container_name: veza_redis_staging
    restart: unless-stopped
    command: redis-server --save 60 1 --loglevel warning
    volumes:
      - redis_staging_data:/data
    healthcheck:
      test: [ "CMD", "redis-cli", "ping" ]
      interval: 10s

  rabbitmq:
    image: rabbitmq:3-management-alpine
    container_name: veza_rabbitmq_staging
    restart: unless-stopped
    environment:
      RABBITMQ_DEFAULT_USER: veza
      RABBITMQ_DEFAULT_PASS: ${STAGING_RABBITMQ_PASSWORD:?STAGING_RABBITMQ_PASSWORD must be set}
    volumes:
      - rabbitmq_staging_data:/var/lib/rabbitmq
    healthcheck:
      test: rabbitmq-diagnostics -q ping
      interval: 20s

  # --- APPLICATION SERVICES ---

  backend:
    build:
      context: ./veza-backend-api
      dockerfile: Dockerfile.production
    container_name: veza_backend_staging
    restart: unless-stopped
    environment:
      - APP_ENV=staging
      - DB_HOST=postgres
      - DB_PORT=5432
      - DB_USER=veza
      - DB_PASSWORD=${STAGING_DB_PASSWORD:?STAGING_DB_PASSWORD must be set}
      - DB_NAME=veza_staging
      - DATABASE_URL=postgresql://veza:${STAGING_DB_PASSWORD:?STAGING_DB_PASSWORD must be set}@postgres:5432/veza_staging?sslmode=require
      - REDIS_URL=redis://redis:6379
      - RABBITMQ_URL=amqp://veza:${STAGING_RABBITMQ_PASSWORD:?STAGING_RABBITMQ_PASSWORD must be set}@rabbitmq:5672/%2f
      - JWT_SECRET=${STAGING_JWT_SECRET}
      - ENABLE_CLAMAV=false
      - LOG_DIR=/var/log/veza
      - LOG_LEVEL=INFO
      # Cookie Security Settings (Staging)
      - COOKIE_SECURE=true           # true en staging (HTTPS requis)
      - COOKIE_SAME_SITE=strict       # strict pour sécurité maximale
      - COOKIE_DOMAIN=${STAGING_COOKIE_DOMAIN:-.staging.veza.app}
      - COOKIE_HTTP_ONLY=true
      - COOKIE_PATH=/
      - CORS_ALLOWED_ORIGINS=${STAGING_CORS_ORIGINS:-https://staging.veza.app,https://staging-api.veza.app}
    volumes:
      - veza_logs_staging:/var/log/veza
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy
      rabbitmq:
        condition: service_healthy
    ports:
      - "8080:8080"

  frontend:
    build:
      context: ./apps/web
      dockerfile: Dockerfile.production
    container_name: veza_frontend_staging
    restart: unless-stopped
    environment:
      - VITE_API_URL=${STAGING_API_URL:-https://staging-api.veza.app}
      - VITE_APP_ENV=staging
    ports:
      - "3000:3000"
    depends_on:
      - backend

volumes:
  postgres_staging_data:
  redis_staging_data:
  rabbitmq_staging_data:
  veza_logs_staging: