version: '3.8'

services:
  # MySQL 資料庫服務
  mysql:
    image: mysql:8.0
    container_name: tempspec-mysql
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD:-tempspec123}
      MYSQL_DATABASE: ${DB_NAME:-tempspec_db}
      MYSQL_USER: ${DB_USER:-tempspec_user}
      MYSQL_PASSWORD: ${DB_PASSWORD:-tempspec_pass}
    ports:
      - "${DB_PORT:-3306}:3306"
    volumes:
      - mysql_data:/var/lib/mysql
      - ./mysql/init:/docker-entrypoint-initdb.d:ro
    command: --default-authentication-plugin=mysql_native_password
    networks:
      - tempspec-network
    healthcheck:
      test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "root", "-p${DB_ROOT_PASSWORD:-tempspec123}"]
      interval: 30s
      timeout: 10s
      retries: 5

  # ONLYOFFICE Document Server
  onlyoffice:
    image: onlyoffice/documentserver:latest
    container_name: tempspec-onlyoffice
    restart: unless-stopped
    environment:
      JWT_ENABLED: "true"
      JWT_SECRET: ${ONLYOFFICE_JWT_SECRET:-your_jwt_secret_key_here}
      JWT_HEADER: "Authorization"
      JWT_IN_BODY: "true"
    ports:
      - "${ONLYOFFICE_PORT:-8080}:80"
    volumes:
      - onlyoffice_data:/var/www/onlyoffice/Data
      - onlyoffice_logs:/var/log/onlyoffice
    networks:
      - tempspec-network
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost/healthcheck"]
      interval: 30s
      timeout: 10s
      retries: 5

  # Flask 應用程式
  app:
    build: .
    container_name: tempspec-app
    restart: unless-stopped
    environment:
      # Flask 設定
      FLASK_ENV: ${FLASK_ENV:-production}
      SECRET_KEY: ${SECRET_KEY:-your-secret-key-here}
      
      # 資料庫設定
      DATABASE_URL: mysql+pymysql://${DB_USER:-tempspec_user}:${DB_PASSWORD:-tempspec_pass}@mysql:3306/${DB_NAME:-tempspec_db}
      
      # LDAP 設定
      LDAP_SERVER: ${LDAP_SERVER:-ldap://your-dc.company.com}
      LDAP_PORT: ${LDAP_PORT:-389}
      LDAP_USE_SSL: ${LDAP_USE_SSL:-False}
      LDAP_SEARCH_BASE: ${LDAP_SEARCH_BASE:-DC=company,DC=com}
      LDAP_BIND_USER_DN: ${LDAP_BIND_USER_DN:-CN=service,DC=company,DC=com}
      LDAP_BIND_USER_PASSWORD: ${LDAP_BIND_USER_PASSWORD:-service_password}
      LDAP_USER_LOGIN_ATTR: ${LDAP_USER_LOGIN_ATTR:-userPrincipalName}
      
      # SMTP 郵件設定
      SMTP_SERVER: ${SMTP_SERVER:-smtp.company.com}
      SMTP_PORT: ${SMTP_PORT:-587}
      SMTP_USE_TLS: ${SMTP_USE_TLS:-True}
      SMTP_SENDER_EMAIL: ${SMTP_SENDER_EMAIL:-noreply@company.com}
      SMTP_SENDER_PASSWORD: ${SMTP_SENDER_PASSWORD:-smtp_password}
      
      # ONLYOFFICE 設定
      ONLYOFFICE_URL: http://onlyoffice:80
      ONLYOFFICE_JWT_SECRET: ${ONLYOFFICE_JWT_SECRET:-your_jwt_secret_key_here}
      
      # 其他設定
      UPLOAD_FOLDER: uploads
    ports:
      - "${APP_PORT:-5000}:5000"
    volumes:
      - ./uploads:/app/uploads
      - ./static/generated:/app/static/generated
      - ./logs:/app/logs
      - ./template_with_placeholders.docx:/app/template_with_placeholders.docx:ro
    depends_on:
      mysql:
        condition: service_healthy
      onlyoffice:
        condition: service_healthy
    networks:
      - tempspec-network
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:5000/"]
      interval: 30s
      timeout: 10s
      retries: 5

  # Nginx 反向代理 (可選)
  nginx:
    image: nginx:alpine
    container_name: tempspec-nginx
    restart: unless-stopped
    ports:
      - "${NGINX_PORT:-80}:80"
      - "${NGINX_SSL_PORT:-443}:443"
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./nginx/conf.d:/etc/nginx/conf.d:ro
      - ./nginx/ssl:/etc/nginx/ssl:ro
    depends_on:
      - app
    networks:
      - tempspec-network
    profiles:
      - production

volumes:
  mysql_data:
    driver: local
  onlyoffice_data:
    driver: local
  onlyoffice_logs:
    driver: local

networks:
  tempspec-network:
    driver: bridge