# =============================================================================
# VEZA BACKEND API - ENVIRONMENT TEMPLATE
# =============================================================================
# This is a template file. Copy to .env and fill in actual values.
# DO NOT commit .env with real secrets to Git!
# =============================================================================

# --- ENVIRONMENT ---
# Options: development, staging, production
APP_ENV=development
APP_PORT=8080
LOG_LEVEL=info

# --- DATABASE (REQUIRED) ---
# PostgreSQL connection string
# Format: postgres://user:password@host:port/database?sslmode=disable
DATABASE_URL=postgres://veza:password@localhost:5432/veza?sslmode=disable
DATABASE_MAX_OPEN_CONNS=25
DATABASE_MAX_IDLE_CONNS=5
DATABASE_CONN_MAX_LIFETIME=5m

# --- JWT & AUTHENTICATION (REQUIRED) ---
# CRITICAL: Must be at least 32 characters in production
# Generate with: openssl rand -base64 32
JWT_SECRET=dev-secret-key-minimum-32-characters-long-for-testing-only
JWT_ISSUER=veza-api
JWT_AUDIENCE=veza-app
JWT_ACCESS_TOKEN_DURATION=15m
JWT_REFRESH_TOKEN_DURATION=30d

# --- COOKIES ---
# Set to true in production for HTTPS-only cookies
COOKIE_SECURE=false
COOKIE_SAME_SITE=lax
COOKIE_DOMAIN=

# --- CORS (REQUIRED) ---
# Comma-separated list of allowed origins
# Development: http://localhost:5173,http://localhost:3000
# Production: https://app.veza.com,https://www.veza.com
CORS_ALLOWED_ORIGINS=http://localhost:5173,http://localhost:3000

# --- REDIS (REQUIRED for CSRF, rate limiting, cache) ---
# Redis connection URL
# Format: redis://[:password@]host:port[/database]
REDIS_URL=redis://localhost:6379
REDIS_ADDR=localhost:6379
REDIS_PASSWORD=
REDIS_DB=0

# --- RABBITMQ (OPTIONAL) ---
# Enable message queue for async events
RABBITMQ_ENABLE=false
RABBITMQ_URL=amqp://guest:guest@localhost:5672/

# --- SENTRY (OPTIONAL - Recommended for production) ---
# Error tracking and monitoring
SENTRY_DSN=
SENTRY_ENVIRONMENT=development
SENTRY_SAMPLE_RATE_ERRORS=1.0
SENTRY_SAMPLE_RATE_TRANSACTIONS=0.1

# --- RATE LIMITING ---
RATE_LIMIT_ENABLED=true
RATE_LIMIT_REQUESTS_PER_SECOND=100

# --- FILE UPLOADS ---
UPLOAD_DIR=./uploads
ENABLE_CLAMAV=false
CLAMAV_REQUIRED=false

# --- EXTERNAL SERVICES (OPTIONAL) ---
STREAM_SERVER_URL=http://localhost:8082
CHAT_SERVER_URL=http://localhost:8081

# --- EMAIL (OPTIONAL) ---
# Required if email verification / password reset enabled
SMTP_HOST=
SMTP_PORT=587
SMTP_USERNAME=
SMTP_PASSWORD=
SMTP_FROM=noreply@veza.com

# --- MONITORING (OPTIONAL) ---
PROMETHEUS_URL=

# =============================================================================
# VALIDATION RULES
# =============================================================================
#
# REQUIRED (app will not start without these):
# - DATABASE_URL
# - JWT_SECRET (min 32 chars)
# - REDIS_URL or REDIS_ADDR
# - CORS_ALLOWED_ORIGINS (can be empty for strict mode)
#
# RECOMMENDED for production:
# - SENTRY_DSN
# - COOKIE_SECURE=true
# - COOKIE_SAME_SITE=strict
#
# OPTIONAL:
# - RABBITMQ_* (if async events not used)
# - SMTP_* (if email not used)
# - CLAMAV_* (if file scanning not used)
#
# =============================================================================