# Server Configuration
PORT=8080
ENV=development # development, staging, production
LOG_LEVEL=debug # debug, info, warn, error

# Database Configuration
DATABASE_URL=postgres://user:password@localhost:5432/sojorn?sslmode=disable
DB_MAX_CONNS=25
DB_MIN_CONNS=2
DB_MAX_IDLE_TIME=30m

# Authentication
# During transition, use the Supabase JWT secret to validate existing tokens
JWT_SECRET=your-supabase-jwt-secret-here
SUPABASE_URL=https://your-project.supabase.co
SUPABASE_KEY=your-supabase-anon-key

# Security
CORS_ORIGINS=http://localhost:3000,http://localhost:8080
RATE_LIMIT_RPS=10

# Firebase Cloud Messaging (FCM)
# Path to your Firebase service account JSON file
FIREBASE_CREDENTIALS_FILE=/opt/sojorn/firebase-service-account.json
# VAPID key for web push notifications (get from Firebase Console > Cloud Messaging)
FIREBASE_WEB_VAPID_KEY=BNxS7_your_actual_vapid_key_here

# Cloudflare R2 Storage (S3 Compatible)
R2_ACCOUNT_ID=your-cloudflare-account-id
R2_ACCESS_KEY=your-r2-access-key
R2_SECRET_KEY=your-r2-secret-key
R2_BUCKET_IMAGES=sojorn-media
R2_BUCKET_VIDEOS=sojorn-videos
R2_PUBLIC_URL=https://pub-your-id.r2.dev

# External Services
# SMTP_HOST=smtp.gmail.com
# SMTP_PORT=587
# SMTP_USER=your-email
# SMTP_PASS=your-password

# E2EE Backup & Recovery System
# Firebase Storage for encrypted backups
FIREBASE_PROJECT_ID=your-firebase-project-id
FIREBASE_PRIVATE_KEY_ID=your-private-key-id
FIREBASE_PRIVATE_KEY=-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n
FIREBASE_CLIENT_EMAIL=firebase-adminsdk-xyz@your-project.iam.gserviceaccount.com
FIREBASE_CLIENT_ID=123456789
FIREBASE_AUTH_URI=https://accounts.google.com/o/oauth2/auth
FIREBASE_TOKEN_URI=https://oauth2.googleapis.com/token

# Sync Code Configuration
SYNC_CODE_LENGTH=6
SYNC_CODE_EXPIRY_MINUTES=5
SYNC_CODE_MAX_ATTEMPTS=3
SYNC_CODE_MAX_PER_HOUR=5

# Backup Configuration
BACKUP_MAX_VERSIONS=3
BACKUP_MIN_PASSWORD_STRENGTH=3
ARGON2_ITERATIONS=3
ARGON2_MEMORY_KB=65536
ARGON2_PARALLELISM=4
ARGON2_SALT_LENGTH=32

# Social Recovery Configuration
SOCIAL_RECOVERY_THRESHOLD=3
SOCIAL_RECOVERY_SHARES=5
SOCIAL_RECOVERY_DELAY_HOURS=24

# Cloudflare Turnstile Configuration
TURNSTILE_SECRET=your_turnstile_secret_key_here

# AI Moderation System
MODERATION_ENABLED=true
OPENAI_API_KEY=sk-your-openai-api-key-here
GOOGLE_VISION_API_KEY=your-google-vision-api-key-here