STARTUP_ADMIN_EMAIL=admin@localhost.com
STARTUP_ADMIN_PASSWORD=SecPassword!12345

# Unified cache/DB mode
MEM_OR_EXTERNAL=MEM

# Mongo (optional when memory-only)
MONGO_DB_HOSTS=localhost:27017
MONGO_REPLICA_SET_NAME=rs0

# Redis (recommended for rate-limiting/cache)
REDIS_HOST=localhost
REDIS_PORT=6379
REDIS_DB=0

# Dumps path (memory-only mode)
MEM_DUMP_PATH=generated/memory_dump.bin

# Auth
JWT_SECRET_KEY=please-change-me
# Access/refresh token expiry (defaults shown)
AUTH_EXPIRE_TIME=30
AUTH_EXPIRE_TIME_FREQ=minutes
AUTH_REFRESH_EXPIRE_TIME=7
AUTH_REFRESH_EXPIRE_FREQ=days

# Secrets & Encryption
# Encrypt API keys at rest and memory dumps
TOKEN_ENCRYPTION_KEY=optional-secret-for-api-key-encryption
MEM_ENCRYPTION_KEY=change-this-32+chars

# CORS/HTTPS
ALLOWED_ORIGINS=http://localhost:3000
CORS_STRICT=true
ALLOW_CREDENTIALS=true
ALLOW_METHODS=GET,POST,PUT,DELETE,OPTIONS,PATCH,HEAD
ALLOW_HEADERS=*
HTTPS_ONLY=true
# Enforce CSRF double-submit validation (and set Secure cookies when HTTPS_ONLY=true)
HTTPS_ENABLED=true
COOKIE_DOMAIN=localhost

# App
PORT=5001
THREADS=4
DEV_RELOAD=false
SSL_CERTFILE=./certs/localhost.crt
SSL_KEYFILE=./certs/localhost.key
PID_FILE=doorman.pid