FROM node:22-bookworm-slim AS ui-build
WORKDIR /app
COPY package.json ./
RUN npm install
COPY index.html vite.config.js ./
COPY src/web ./src/web
RUN npm run build

FROM debian:bookworm-slim
ARG SINGBOX_VERSION=1.12.13

RUN apt-get update \
    && apt-get install -y --no-install-recommends ca-certificates curl iptables iproute2 nodejs dumb-init \
    && rm -rf /var/lib/apt/lists/*

RUN set -eux; \
    arch="$(dpkg --print-architecture)"; \
    case "$arch" in \
      amd64) sb_arch="amd64" ;; \
      arm64) sb_arch="arm64" ;; \
      *) echo "Unsupported architecture: $arch" >&2; exit 1 ;; \
    esac; \
    curl -fsSL "https://github.com/SagerNet/sing-box/releases/download/v${SINGBOX_VERSION}/sing-box-${SINGBOX_VERSION}-linux-${sb_arch}.tar.gz" -o /tmp/sing-box.tgz; \
    tar -xzf /tmp/sing-box.tgz -C /tmp; \
    mv "/tmp/sing-box-${SINGBOX_VERSION}-linux-${sb_arch}/sing-box" /usr/local/bin/sing-box; \
    chmod +x /usr/local/bin/sing-box; \
    rm -rf /tmp/sing-box*

WORKDIR /app
COPY --from=ui-build /app/dist /app/dist
COPY src/server /app/src/server
COPY entrypoint.sh /entrypoint.sh

RUN chmod +x /entrypoint.sh \
    && mkdir -p /etc/sing-box /var/lib/vpn-proxy /var/lib/sing-box

ENV PORT=3456 \
    PROXY_PORT=8080 \
    TPROXY_PORT=7895 \
    DATA_DIR=/var/lib/vpn-proxy \
    SING_BOX_CONFIG=/etc/sing-box/config.json \
    SING_BOX_CACHE=/var/lib/sing-box/cache.db

ENTRYPOINT ["dumb-init", "/entrypoint.sh"]
