version: '3.8'

services:
  web:
    build: .
    container_name: liaowang-web
    ports:
      - "5000:5000"
    environment:
      - DB_HOST=${DB_HOST:-db}
      - DB_PORT=${DB_PORT:-5432}
      - DB_USER=${DB_USER:-liaowang}
      - DB_PASSWORD=${DB_PASSWORD:-liaowang_secret}
      - DB_NAME=${DB_NAME:-liaowang_db}
      - SECRET_KEY=${SECRET_KEY:-change-me-to-a-random-secret}
      - JWT_SECRET_KEY=${JWT_SECRET_KEY:-jwt-secret-change-me-to-random-string}
      - SSO_BASE_URL=${SSO_BASE_URL:-http://192.168.92.61:8200}
      - SSO_CLIENT_ID=${SSO_CLIENT_ID}
      - SSO_CLIENT_SECRET=${SSO_CLIENT_SECRET}
      - SSO_REDIRECT_URI=${SSO_REDIRECT_URI:-http://localhost:5000/auth/callback}
      - SSO_FRONTEND_URL=${SSO_FRONTEND_URL:-http://localhost:5000}
      - SSO_SCOPE=${SSO_SCOPE:-email}
      - SSO_LOGOUT_REDIRECT_URL=${SSO_LOGOUT_REDIRECT_URL:-http://192.168.92.61:9200/login}
    env_file:
      - .env
    depends_on:
      db:
        condition: service_healthy
    volumes:
      # 开发模式：挂载代码实现热重载
      - .:/app
      - /app/venv  # 排除虚拟环境目录
    restart: unless-stopped
    # 健康检查
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:5000"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 15s

  db:
    image: postgres:16-alpine
    container_name: liaowang-db
    environment:
      POSTGRES_DB: ${DB_NAME:-liaowang_db}
      POSTGRES_USER: ${DB_USER:-liaowang}
      POSTGRES_PASSWORD: ${DB_PASSWORD:-liaowang_secret}
    ports:
      - "5432:5432"
    volumes:
      - postgres_data:/var/lib/postgresql/data
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-liaowang}"]
      interval: 10s
      timeout: 5s
      retries: 5

volumes:
  postgres_data: