# ============================================================================
# ROA2WEB Unified Backend - Environment Configuration (PRODUCTION)
# ============================================================================
# Single backend process serving Reports, Data Entry, and Telegram modules
# IMPORTANT: This is a TEMPLATE - fill in production values before deploying!

# ============================================================================
# ORACLE DATABASE CONFIGURATION (REQUIRED - Shared by all modules)
# ============================================================================
# Connection to CONTAFIN_ORACLE schema for authentication and user management
# PRODUCTION: Direct connection to Oracle server (no SSH tunnel)

ORACLE_USER=CONTAFIN_ORACLE
ORACLE_PASSWORD=CHANGE_IN_PRODUCTION
ORACLE_HOST=your_oracle_server_ip_or_hostname
ORACLE_PORT=1521
ORACLE_SID=ROA

# ============================================================================
# JWT AUTHENTICATION (REQUIRED - Shared by all modules)
# ============================================================================
# CRITICAL: Generate new secrets for production!
# python3 -c "import secrets; print(secrets.token_urlsafe(32))"

JWT_SECRET_KEY=GENERATE_NEW_SECRET_FOR_PRODUCTION
JWT_ALGORITHM=HS256

# Token expiration settings
ACCESS_TOKEN_EXPIRE_MINUTES=30
REFRESH_TOKEN_EXPIRE_DAYS=7

# ============================================================================
# SESSION SECURITY - EMAIL 2FA (REQUIRED for Telegram email login)
# ============================================================================
# CRITICAL: Generate new secret for production!
# python3 -c "import secrets; print(secrets.token_urlsafe(32))"

AUTH_SESSION_SECRET=GENERATE_NEW_SECRET_FOR_PRODUCTION

# ============================================================================
# SERVER CONFIGURATION
# ============================================================================
# Unified backend server settings

API_HOST=0.0.0.0
API_PORT=8000
DEBUG=false

# CORS Origins (comma-separated) - Update with production frontend URL
CORS_ORIGINS=https://your-production-domain.com,http://localhost:3000

# ============================================================================
# REPORTS MODULE - CACHE CONFIGURATION (OPTIONAL - defaults provided)
# ============================================================================
# Two-tier hybrid cache system (L1: in-memory LRU, L2: SQLite persistent)

# Core Settings
CACHE_ENABLED=True
CACHE_TYPE=hybrid
CACHE_SQLITE_PATH=./data/cache/roa2web_cache_prod.db
CACHE_MEMORY_MAX_SIZE=1000
CACHE_DEFAULT_TTL=900

# TTL per Cache Type (seconds)
CACHE_TTL_SCHEMA=86400
CACHE_TTL_COMPANIES=1800
CACHE_TTL_DASHBOARD_SUMMARY=1800
CACHE_TTL_DASHBOARD_TRENDS=1800
CACHE_TTL_INVOICES=600
CACHE_TTL_INVOICES_SUMMARY=900
CACHE_TTL_TREASURY=600

# Maintenance
CACHE_CLEANUP_INTERVAL=3600

# Event-Based Invalidation (experimental)
CACHE_AUTO_INVALIDATE=False
CACHE_CHECK_INTERVAL=300

# Performance Tracking
CACHE_TRACK_PERFORMANCE=True
CACHE_BENCHMARK_ON_STARTUP=False

# ============================================================================
# DATA ENTRY MODULE - CONFIGURATION
# ============================================================================
# Data Entry module settings (receipts, OCR, etc.)

# Environment identifier
ORACLE_ENV=prod

# SQLite Database (production)
SQLITE_DATABASE_PATH=data/receipts/receipts_prod.db

# File uploads
UPLOAD_PATH=data/receipts/uploads
MAX_UPLOAD_SIZE_MB=10

# ============================================================================
# TELEGRAM MODULE - BOT CONFIGURATION (REQUIRED for Telegram features)
# ============================================================================
# Obtain bot token from @BotFather on Telegram
# CRITICAL: Use production bot token, not development!

TELEGRAM_BOT_TOKEN=your_bot_token_from_botfather

# Backend URL for bot to communicate with API
BACKEND_URL=http://localhost:8000

# Internal API port (bot's internal API for backend callbacks)
INTERNAL_API_PORT=8002

# Enable internal API documentation (DISABLE in production!)
ENABLE_DOCS=false

# ============================================================================
# TELEGRAM MODULE - EMAIL AUTHENTICATION (SMTP) (REQUIRED for email 2FA)
# ============================================================================
# CRITICAL: Update with production SMTP credentials

# SMTP Server Configuration
SMTP_HOST=mail.romfast.ro
SMTP_PORT=587
SMTP_USER=ups@romfast.ro
SMTP_PASSWORD=CHANGE_IN_PRODUCTION
SMTP_FROM_EMAIL=ups@romfast.ro
SMTP_FROM_NAME=ROA2WEB
SMTP_USE_TLS=true

# Email Retry Settings
EMAIL_MAX_RETRIES=3
EMAIL_RETRY_DELAY=2.0

# ============================================================================
# TELEGRAM MODULE - DATABASE (SQLite for bot data)
# ============================================================================
# Separate SQLite database for Telegram bot auth codes and sessions

TELEGRAM_SQLITE_DATABASE_PATH=data/telegram/telegram_prod.db