services:
  # ===========================================
  # Keycloak Identity Provider
  # ===========================================
  keycloak:
    image: quay.io/keycloak/keycloak:latest
    container_name: keycloak
    environment:
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: admin
      # Set hostname so tokens are issued with consistent issuer URL
      KC_HOSTNAME: http://localhost:8081
      KC_HOSTNAME_STRICT: false
      KC_HTTP_ENABLED: true
    ports:
      - "8081:8080"
    command: start-dev
    volumes:
      - keycloak_data:/opt/keycloak/data
    healthcheck:
      test: ["CMD-SHELL", "exec 3<>/dev/tcp/localhost/8080 && echo -e 'GET /health/ready HTTP/1.1\\r\\nHost: localhost\\r\\nConnection: close\\r\\n\\r\\n' >&3 && cat <&3 | grep -q '200 OK'"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 30s

  # ===========================================
  # FastAPI Backend
  # ===========================================
  fastapi-app:
    build:
      context: ./backend
      dockerfile: Dockerfile
    container_name: fastapi-app
    ports:
      - "8080:8080"
    volumes:
      - ./backend:/app
    env_file:
      - .env
    extra_hosts:
      - "localhost:host-gateway"
    depends_on:
      keycloak:
        condition: service_healthy

  # ===========================================
  # React Frontend
  # ===========================================
  frontend:
    build:
      context: ./frontend
      dockerfile: Dockerfile
    container_name: frontend
    ports:
      - "3000:80"
    depends_on:
      - fastapi-app

networks:
  default:
    name: keycloak-auth-network

volumes:
  keycloak_data: