refactor: optimize Dockerfile with multi-stage build and improved Node.js setup

Dockerfile

@@ -1,23 +1,33 @@
-# Stage 1: Setup Nginx and Supervisor
+# Dockerfile for Weight Tracker App with Nginx, Basic Auth, and Node.js API
+
+# Stage 1: Build Node.js app and generate package-lock.json
+FROM node:alpine AS builder
+WORKDIR /app-builder
+# Copy package.json (and package-lock.json if it exists, though npm install will regenerate/respect it)
+COPY package.json ./
+# If you have an .npmrc file for private registries or specific npm configurations, copy it here:
+# COPY .npmrc ./
+RUN npm install
+# Now /app-builder contains package.json, package-lock.json, and node_modules
+
+# Stage 2: Final image with Nginx and the Node.js API
 FROM nginx:alpine
 
-# Install Supervisor, Node.js runtime, and apache2-utils (for htpasswd)
+# Install Supervisor, Node.js runtime (for running the API), and apache2-utils (for htpasswd)
+# npm is also needed here for 'npm install --production'
 RUN apk add --no-cache supervisor nodejs npm apache2-utils
 
 # Remove default Nginx configuration
 RUN rm /etc/nginx/conf.d/default.conf
 
-# Declare build arguments for credentials
-ARG AUTH_USERNAME
-ARG AUTH_PASSWORD
-
-# Copy custom Nginx configuration
+# Copy Nginx configuration files
 COPY nginx.conf /etc/nginx/nginx.conf
-
-# Copy Basic Auth config (nginx-auth.conf)
 COPY nginx-auth.conf /etc/nginx/nginx-auth.conf
 
-# Generate .htpasswd file using build arguments
+# Setup Basic Authentication
+# For production, consider environment variables or Docker secrets for credentials
+ARG AUTH_USERNAME
+ARG AUTH_PASSWORD
 RUN htpasswd -cb /etc/nginx/.htpasswd ${AUTH_USERNAME} ${AUTH_PASSWORD} \
     && chown nginx:nginx /etc/nginx/.htpasswd \
     && chmod 600 /etc/nginx/.htpasswd
@@ -25,15 +35,18 @@ RUN htpasswd -cb /etc/nginx/.htpasswd ${AUTH_USERNAME} ${AUTH_PASSWORD} \
 # Copy Supervisor configuration
 COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 
-# Set up Node.js application for the API
+# Set up Node.js application for the API in /app
 WORKDIR /app
-COPY package.json ./
-# If you have a package-lock.json, uncomment the next line
-COPY package-lock.json ./
+# Copy package.json and package-lock.json from the builder stage
+COPY --from=builder /app-builder/package.json ./
+COPY --from=builder /app-builder/package-lock.json ./
+# Install only production dependencies using the copied package-lock.json
 RUN npm install --production
+# Copy the server API script from the build context (your local machine)
 COPY server-api.js ./
 
 # Copy static website content (HTML, CSS, JS for the frontend)
+# These are copied from your local build context
 COPY index.html /usr/share/nginx/html/
 COPY js/ /usr/share/nginx/html/js/
 COPY css/ /usr/share/nginx/html/css/
@@ -41,16 +54,11 @@ COPY css/ /usr/share/nginx/html/css/
 # COPY images/ /usr/share/nginx/html/images/
 
 # Create data directory (volume will be mounted here by docker-compose)
-# Ensure Nginx (and Node.js if it needs to write logs/pid here) has permissions
-# Ensure the /app directory is owned by nginx user if Node.js needs to write logs there under nginx user
-# Or run Node.js process as a non-root user that has permissions to /app
-# For now, Node.js will run as root by default in Supervisor, then switch to 'nginx' user as per supervisord.conf
-
-RUN mkdir -p /data && chown nginx:nginx /data # Or appropriate user for Node.js if it writes here
+RUN mkdir -p /data && chown nginx:nginx /data
 VOLUME /data
 
-# Expose port 80 for Nginx (which handles auth and proxies to API)
+# Expose port 80 for Nginx
 EXPOSE 80
 
-# Start Supervisor when the container launches
+# Start Supervisor
 CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]