From b5b74845f212f8288e2dd55e8f20255c27e6e76f Mon Sep 17 00:00:00 2001
From: Beda Schmid <beda@tukutoi.com>
Date: Mon, 2 Mar 2026 15:41:39 -0300
Subject: [PATCH] Switch frontend container to production-aware runtime mode

---
 doc/operations-and-configuration.md |  4 ++++
 docker-compose.yml                  |  1 +
 frontend/Dockerfile                 |  4 +++-
 frontend/docker-entrypoint.sh       | 17 +++++++++++++++++
 frontend/vite.config.ts             |  5 +++++
 5 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 frontend/docker-entrypoint.sh

diff --git a/doc/operations-and-configuration.md b/doc/operations-and-configuration.md
index f209f37..7adc680 100644
--- a/doc/operations-and-configuration.md
+++ b/doc/operations-and-configuration.md
@@ -139,9 +139,13 @@ Recommended LIVE pattern:
 ## Frontend Runtime
 
 - Frontend no longer consumes `VITE_API_TOKEN`.
+- Frontend startup mode is environment-driven:
+  - `APP_ENV=development` runs `vite dev`
+  - `APP_ENV=production` runs `vite build` then `vite preview`
 - Vite dev server host allowlist uses the union of:
   - hostnames extracted from `CORS_ORIGINS`
   - optional explicit hostnames from `VITE_ALLOWED_HOSTS`
+- The same host allowlist policy is applied to both Vite `server` and `preview`.
 - Session authentication is cookie-based; browser reloads and new tabs can reuse an active session until it expires or is revoked.
 - Protected media and file download flows still use authenticated fetch plus blob/object URL handling.
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 621faba..b7a02bc 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -151,6 +151,7 @@ services:
         NPM_FETCH_RETRY_MAXTIMEOUT: ${NPM_FETCH_RETRY_MAXTIMEOUT:-120000}
         NPM_FETCH_TIMEOUT: ${NPM_FETCH_TIMEOUT:-300000}
     environment:
+      APP_ENV: ${APP_ENV:-development}
       VITE_API_BASE: ${VITE_API_BASE:-}
       CORS_ORIGINS: '${CORS_ORIGINS:-["http://localhost:5173","http://localhost:3000"]}'
       VITE_ALLOWED_HOSTS: ${VITE_ALLOWED_HOSTS:-}
diff --git a/frontend/Dockerfile b/frontend/Dockerfile
index 1a7f121..bd4d27f 100644
--- a/frontend/Dockerfile
+++ b/frontend/Dockerfile
@@ -23,9 +23,11 @@ COPY --chown=node:node tsconfig.node.json /app/tsconfig.node.json
 COPY --chown=node:node vite.config.ts /app/vite.config.ts
 COPY --chown=node:node index.html /app/index.html
 COPY --chown=node:node src /app/src
+COPY --chown=node:node docker-entrypoint.sh /app/docker-entrypoint.sh
+RUN chmod +x /app/docker-entrypoint.sh
 
 EXPOSE 5173
 
 USER node
 
-CMD ["npm", "run", "dev", "--", "--host", "0.0.0.0", "--port", "5173"]
+CMD ["/app/docker-entrypoint.sh"]
diff --git a/frontend/docker-entrypoint.sh b/frontend/docker-entrypoint.sh
new file mode 100644
index 0000000..d0cac0e
--- /dev/null
+++ b/frontend/docker-entrypoint.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+# Frontend runtime entrypoint.
+# Uses APP_ENV to select development or production Vite startup mode.
+
+set -eu
+
+APP_ENV_VALUE="${APP_ENV:-development}"
+HOST_VALUE="${FRONTEND_HOST:-0.0.0.0}"
+PORT_VALUE="${FRONTEND_PORT:-5173}"
+
+if [ "$APP_ENV_VALUE" = "production" ]; then
+  npm run build
+  exec npm run preview -- --host "$HOST_VALUE" --port "$PORT_VALUE"
+fi
+
+exec npm run dev -- --host "$HOST_VALUE" --port "$PORT_VALUE"
diff --git a/frontend/vite.config.ts b/frontend/vite.config.ts
index 7f50d21..eef2d2c 100644
--- a/frontend/vite.config.ts
+++ b/frontend/vite.config.ts
@@ -81,5 +81,10 @@ export default defineConfig(({ mode }) => {
       port: 5173,
       ...(allowedHosts ? { allowedHosts } : {}),
     },
+    preview: {
+      host: '0.0.0.0',
+      port: 5173,
+      ...(allowedHosts ? { allowedHosts } : {}),
+    },
   };
 });