FROM python:3.11-slim

# Create a non-root user for security
RUN groupadd -g 1000 flaskuser && useradd -u 1000 -g flaskuser flaskuser

WORKDIR /app

# Install dependencies
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt gunicorn

# Copy the rest of the code
COPY . .

# Change ownership to our non-root user
RUN chown -R flaskuser:flaskuser /app
USER flaskuser

# Run with Gunicorn (replaces uwsgi)
CMD ["gunicorn", "--bind", "0.0.0.0:5000", "app:app", "--workers", "4"]