# Server
NODE_ENV=production
PORT=3000

# CORS
CORS_ORIGIN=http://localhost

# Database (production)
DATABASE_URL=postgresql://spotlightcam:spotlightcam123@db-prod:5432/spotlightcam?schema=public

# JWT (CHANGE THESE IN PRODUCTION!)
JWT_SECRET=production-secret-key-CHANGE-THIS-IN-REAL-PRODUCTION
JWT_EXPIRES_IN=24h

# AWS SES (REPLACE WITH YOUR CREDENTIALS)
AWS_REGION=eu-central-1
AWS_ACCESS_KEY_ID=your-aws-access-key-id
AWS_SECRET_ACCESS_KEY=your-aws-secret-access-key
SES_FROM_EMAIL=noreply@spotlight.cam
SES_FROM_NAME=spotlight.cam

# Email Settings
FRONTEND_URL=http://localhost
VERIFICATION_TOKEN_EXPIRY=24h

# Security - Rate Limiting
RATE_LIMIT_ENABLED=true
RATE_LIMIT_WINDOW_MS=900000
RATE_LIMIT_MAX=100
RATE_LIMIT_AUTH_MAX=5
RATE_LIMIT_EMAIL_MAX=3

# Security - CSRF Protection
ENABLE_CSRF=true

# Security - Body Size Limits
BODY_SIZE_LIMIT=10kb

# Security - Password Policy
PASSWORD_MIN_LENGTH=8
PASSWORD_REQUIRE_UPPERCASE=true
PASSWORD_REQUIRE_LOWERCASE=true
PASSWORD_REQUIRE_NUMBER=true
PASSWORD_REQUIRE_SPECIAL=false

# Security - Account Lockout
ENABLE_ACCOUNT_LOCKOUT=true
MAX_LOGIN_ATTEMPTS=5
LOCKOUT_DURATION_MINUTES=15

# Logging
LOG_LEVEL=warn

# Scheduler
# Enable simple in-process scheduler for auto-matching (enable on exactly one replica)
ENABLE_SCHEDULER=false
# Global tick interval in seconds (e.g., 300 = 5min)
SCHEDULER_INTERVAL_SEC=300
# Per-event minimum time between runs in seconds to avoid thrashing
MATCHING_MIN_INTERVAL_SEC=120