# =============================================================================
# tOS Environment Configuration
# =============================================================================
# Copy this file to .env and fill in the values
# NEVER commit .env to version control!
# =============================================================================

# -----------------------------------------------------------------------------
# General
# -----------------------------------------------------------------------------
NODE_ENV=development
TZ=Europe/Berlin

# -----------------------------------------------------------------------------
# Database (PostgreSQL)
# -----------------------------------------------------------------------------
# NOTE: Application uses tos_app (Keycloak uses tos_db)
DATABASE_URL=postgresql://tos_user:tos_secret_password@localhost:5432/tos_app?schema=public

# -----------------------------------------------------------------------------
# Redis
# -----------------------------------------------------------------------------
REDIS_URL=redis://localhost:6379

# -----------------------------------------------------------------------------
# NextAuth.js Configuration
# -----------------------------------------------------------------------------
NEXTAUTH_SECRET=your-super-secret-nextauth-key-change-in-production
NEXTAUTH_URL=http://localhost:3000

# -----------------------------------------------------------------------------
# Keycloak Configuration
# -----------------------------------------------------------------------------
# Frontend client (confidential - used by NextAuth)
KEYCLOAK_ID=tos-frontend
KEYCLOAK_SECRET=your-keycloak-frontend-secret
KEYCLOAK_ISSUER=http://localhost:8080/realms/tOS

# Backend client (confidential)
KEYCLOAK_BACKEND_CLIENT_ID=tos-backend
KEYCLOAK_BACKEND_CLIENT_SECRET=your-keycloak-backend-secret

# -----------------------------------------------------------------------------
# Security & Encryption
# -----------------------------------------------------------------------------
# REQUIRED in production! Generate with: openssl rand -base64 32
ENCRYPTION_KEY=dev-encryption-key-32-bytes-long!

# JWT secret for API token signing (generate with: openssl rand -base64 64)
JWT_SECRET=your-jwt-secret-change-in-production

# -----------------------------------------------------------------------------
# API Configuration
# -----------------------------------------------------------------------------
API_PORT=3001
API_PREFIX=api/v1
API_CORS_ORIGINS=http://localhost:3000

# -----------------------------------------------------------------------------
# Frontend Configuration
# -----------------------------------------------------------------------------
NEXT_PUBLIC_API_URL=http://localhost:3001
NEXT_PUBLIC_APP_URL=http://localhost:3000
NEXT_PUBLIC_KEYCLOAK_URL=http://localhost:8080

# -----------------------------------------------------------------------------
# Integration API Keys (Phase 3 - variable names match config.validation.ts)
# -----------------------------------------------------------------------------
# PlentyONE (OAuth2 Client Credentials)
PLENTYONE_BASE_URL=
PLENTYONE_CLIENT_ID=
PLENTYONE_CLIENT_SECRET=

# ZULIP (Basic Auth with API Key)
ZULIP_BASE_URL=
ZULIP_EMAIL=
ZULIP_API_KEY=

# Todoist (Bearer Token)
TODOIST_API_TOKEN=

# FreeScout (API Key)
FREESCOUT_API_URL=
FREESCOUT_API_KEY=

# Nextcloud (Basic Auth / App Password)
NEXTCLOUD_URL=
NEXTCLOUD_USERNAME=
NEXTCLOUD_PASSWORD=

# ecoDMS (Session-based Auth)
ECODMS_API_URL=
ECODMS_USERNAME=
ECODMS_PASSWORD=

# GembaDocs
GEMBADOCS_API_URL=
GEMBADOCS_API_KEY=