NODE_ENV=production

# App
APP_BASE_URL=https://asolutions.jp
BFF_PORT=4000
APP_NAME=customer-portal-bff

# Database (PostgreSQL)
POSTGRES_DB=portal_prod
POSTGRES_USER=portal
POSTGRES_PASSWORD=CHANGE_ME
DATABASE_URL=postgresql://portal:CHANGE_ME@database:5432/portal_prod?schema=public

# Cache (Redis)
REDIS_URL=redis://cache:6379/0
AUTH_ALLOW_REDIS_TOKEN_FAILOPEN=false
# Redis-required token flow (when enabled, tokens require Redis to be available)
AUTH_REQUIRE_REDIS_FOR_TOKENS=false
# Maintenance mode for authentication service
AUTH_MAINTENANCE_MODE=false
AUTH_MAINTENANCE_MESSAGE=Authentication service is temporarily unavailable for maintenance. Please try again later.

# Security
JWT_SECRET=CHANGE_ME
JWT_EXPIRES_IN=7d
BCRYPT_ROUNDS=12

# CSRF Protection
CSRF_TOKEN_EXPIRY=3600000
CSRF_SECRET_KEY=CHANGE_ME_AT_LEAST_32_CHARACTERS_LONG
CSRF_COOKIE_NAME=csrf-secret
CSRF_HEADER_NAME=X-CSRF-Token

# CORS / Proxy
CORS_ORIGIN=https://asolutions.jp
TRUST_PROXY=true

# Rate Limiting (optional; defaults shown - ttl values in seconds)
RATE_LIMIT_TTL=60
RATE_LIMIT_LIMIT=100
AUTH_RATE_LIMIT_TTL=900
AUTH_RATE_LIMIT_LIMIT=3
AUTH_REFRESH_RATE_LIMIT_TTL=300
AUTH_REFRESH_RATE_LIMIT_LIMIT=10
LOGIN_RATE_LIMIT_TTL=900
LOGIN_RATE_LIMIT_LIMIT=5
LOGIN_CAPTCHA_AFTER_ATTEMPTS=3
SIGNUP_RATE_LIMIT_TTL=900
SIGNUP_RATE_LIMIT_LIMIT=5
PASSWORD_RESET_RATE_LIMIT_TTL=900
PASSWORD_RESET_RATE_LIMIT_LIMIT=5

# CAPTCHA Configuration
AUTH_CAPTCHA_PROVIDER=none
AUTH_CAPTCHA_SECRET=
AUTH_CAPTCHA_THRESHOLD=0
AUTH_CAPTCHA_ALWAYS_ON=false

# Validation error visibility (set true to show field-level errors to clients)
EXPOSE_VALIDATION_ERRORS=false

# WHMCS Credentials
WHMCS_BASE_URL=https://accounts.asolutions.co.jp
WHMCS_API_IDENTIFIER=
WHMCS_API_SECRET=
# Optional webhook security for WHMCS webhooks
WHMCS_WEBHOOK_SECRET=
# Salesforce Credentials
SF_LOGIN_URL=https://asolutions.my.salesforce.com
SF_CLIENT_ID=
SF_PRIVATE_KEY_PATH=/app/secrets/sf-private.key
SF_USERNAME=
SF_WEBHOOK_SECRET=
# Salesforce Authentication Timeouts (in milliseconds)
SF_AUTH_TIMEOUT_MS=30000
SF_TOKEN_TTL_MS=720000
SF_TOKEN_REFRESH_BUFFER_MS=60000

# Queue Throttling Configuration
WHMCS_QUEUE_CONCURRENCY=15
WHMCS_QUEUE_INTERVAL_CAP=300
WHMCS_QUEUE_TIMEOUT_MS=30000
SF_QUEUE_CONCURRENCY=15
SF_QUEUE_LONG_RUNNING_CONCURRENCY=22
SF_QUEUE_INTERVAL_CAP=600
SF_QUEUE_TIMEOUT_MS=30000
SF_QUEUE_LONG_RUNNING_TIMEOUT_MS=600000

# Salesforce Platform Events (Provisioning)
SF_EVENTS_ENABLED=true
SF_CATALOG_EVENT_CHANNEL=/event/Product_and_Pricebook_Change__e
SF_ACCOUNT_EVENT_CHANNEL=/event/Account_Internet_Eligibility_Update__e
SF_EVENTS_REPLAY=LATEST
SF_PUBSUB_NUM_REQUESTED=25
SF_PUBSUB_QUEUE_MAX=100
SF_PUBSUB_ENDPOINT=api.pubsub.salesforce.com:7443

# Salesforce Change Data Capture (CDC) for Catalog Cache Invalidation
# These use /data/ prefix for built-in CDC events (no setup needed in Salesforce)
SF_CATALOG_PRODUCT_CDC_CHANNEL=/data/Product2ChangeEvent
SF_CATALOG_PRICEBOOKENTRY_CDC_CHANNEL=/data/PricebookEntryChangeEvent
# Optional: Platform Event for account eligibility updates (requires Salesforce setup)
SF_ACCOUNT_ELIGIBILITY_CHANNEL=/event/Account_Internet_Eligibility_Update__e

# Salesforce Change Data Capture (CDC) for Order Cache Invalidation
# These use /data/ prefix for built-in CDC events (no setup needed in Salesforce)
# Smart filtering: Only invalidates cache for customer-facing field changes, NOT internal fulfillment fields
SF_ORDER_CDC_CHANNEL=/data/OrderChangeEvent
SF_ORDER_ITEM_CDC_CHANNEL=/data/OrderItemChangeEvent

# Salesforce Pricing
PORTAL_PRICEBOOK_ID=

# Logging
LOG_LEVEL=info
LOG_FORMAT=json

# Email (SendGrid)
SENDGRID_API_KEY=
EMAIL_FROM=no-reply@asolutions.jp
EMAIL_FROM_NAME=Assist Solutions
EMAIL_ENABLED=true
EMAIL_USE_QUEUE=true
SENDGRID_SANDBOX=false
EMAIL_TEMPLATE_RESET=
EMAIL_TEMPLATE_WELCOME=

# Freebit (SIM management; optional)
FREEBIT_BASE_URL=https://i1.mvno.net/emptool/api
FREEBIT_OEM_ID=PASI
FREEBIT_OEM_KEY=
FREEBIT_TIMEOUT=30000
FREEBIT_RETRY_ATTEMPTS=3
FREEBIT_DETAILS_ENDPOINT=/master/getAcnt/

# Node Options
NODE_OPTIONS=--max-old-space-size=512

# NOTE: Frontend (Next.js) uses a separate env file (portal-frontend.env)
# Do not include NEXT_PUBLIC_* variables here.
# Salesforce Account Portal Flags
ACCOUNT_PORTAL_STATUS_FIELD=Portal_Status__c
ACCOUNT_PORTAL_STATUS_SOURCE_FIELD=Portal_Registration_Source__c
ACCOUNT_PORTAL_LAST_SIGNED_IN_FIELD=Portal_Last_SignIn__c