FROM python:3.12-slim

ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PIP_NO_CACHE_DIR=1 \
    LANGFLOW_AUTO_LOGIN=False \
    LANGFLOW_SUPERUSER=administrator \
    LANGFLOW_SUPERUSER_PASSWORD=securepassword \
    LANGFLOW_SECRET_KEY=local-lab-secret-key-change-me \
    LANGFLOW_NEW_USER_IS_ACTIVE=True \
    LANGFLOW_OPEN_BROWSER=False \
    LANGFLOW_HOST=0.0.0.0 \
    LANGFLOW_PORT=7860 \
    LANGFLOW_CONFIG_DIR=/tmp/langflow-lab/config \
    LANGFLOW_KNOWLEDGE_BASES_DIR=/tmp/langflow-lab/knowledge_bases \
    CHALLENGE_PROXY_HOST=0.0.0.0 \
    CHALLENGE_PROXY_PORT=9101 \
    CHALLENGE_TARGET_DIR=/target/CVE-2026-42048

WORKDIR /opt/cve-2026-42048

RUN apt-get update \
    && apt-get install -y --no-install-recommends curl build-essential \
    && rm -rf /var/lib/apt/lists/*

RUN python -m pip install --upgrade pip setuptools wheel \
    && python -m pip install "langflow==1.8.4"

COPY challenge-proxy.py /opt/cve-2026-42048/challenge-proxy.py
COPY flag.txt /flag.txt
COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
RUN chmod 0444 /flag.txt \
    && chmod +x /usr/local/bin/docker-entrypoint.sh

EXPOSE 9101

HEALTHCHECK --interval=15s --timeout=5s --start-period=60s --retries=20 \
    CMD curl -fsS http://127.0.0.1:9101/health >/dev/null || exit 1

ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
