FROM php:8.5.4-apache-trixie
WORKDIR /opt/share-app

COPY --chown=root:root --chmod=500 ./src/clean.sh                /root/
COPY --chown=root:root --chmod=500 ./src/flag.txt                /root/
COPY --chown=root:root --chmod=400 ./src/getflag.c               /
COPY --chown=root:root --chmod=444 ./src/default.rules           /opt/
COPY --chown=root:root --chmod=400 ./src/vhost.conf              /etc/apache2/sites-available/000-default.conf
COPY --chown=root:root --chmod=400 ./src/snuffleupagus.ini       /usr/local/etc/php/conf.d/snuffleupagus.ini
COPY --chown=1000:1000 --chmod=400 ./src/share_notes_app/app.py  /opt/share-app/app.py
COPY --chown=root:root             ./src/main_notes_app/         /var/www/html/

# hadolint ignore=DL3003
RUN apt-get update                              && \
    apt-get install -qy --no-install-recommends    \
        git=1:*                                    \
        cron=3.*                                   \
        python3=3.*                                \
        python3-pip=25.*                           \
        supervisor=4.*                          && \
    apt-get clean                               && \
    rm -rf /var/lib/apt/lists/                  && \
                                                   \
    useradd -m -s /bin/bash ctf                 && \
                                                   \
    echo "*/10 * * * * root /root/clean.sh"        \
        > /etc/cron.d/clean-fs-cron             && \
    chmod 0644 /etc/cron.d/clean-fs-cron        && \
    crontab /etc/cron.d/clean-fs-cron           && \
                                                   \
    gcc /getflag.c -o /getflag                  && \
    rm /getflag.c                               && \
    chmod u+s /getflag                          && \
                                                   \
    git clone                                      \
        https://github.com/jvoisin/snuffleupagus   \
        /opt/snuffleupagus                      && \
    cd /opt/snuffleupagus/src                   && \
    phpize                                      && \
    ./configure --enable-snuffleupagus          && \
    make                                        && \
    make install                                && \
                                                   \
    cd /var/www/html/                           && \
    a2enmod                                        \
        proxy                                      \
        proxy_http                                 \
        headers                                    \
        rewrite                                 && \
                                                   \
    pip3 install                                   \
        --no-cache-dir                             \
        --break-system-packages                    \
        "Flask>=3.1.3"                             \
        "requests>=2.33.0"                      && \
                                                   \
    # Patch for snuffleupagus to work with symfony \
    sed -i "s/\$ser = unserialize(\$ser, \['allowed_classes' => false\]);/\$ser = unserialize(serialize(json_decode(json_encode(\$ser), true)));/" \
        /var/www/html/vendor/symfony/config/ResourceCheckerConfigCache.php && \
    chmod 700 /tmp/

COPY --chown=root:root --chmod=400 ./src/supervisord.conf  /etc/supervisor/conf.d/supervisord.conf

CMD [ "/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf" ]
