# Environment Variables for Backend
# Copy this file to .env and fill in your values
# SECURITY: Never commit .env to version control

# Server
PORT=5000
NODE_ENV=development

# Database Configuration
DB_HOST=localhost
DB_PORT=5432
DB_NAME=skyartshop
DB_USER=skyartapp
DB_PASSWORD=CHANGE_THIS_STRONG_PASSWORD

# Session Security (CRITICAL: Generate strong random secrets)
# Generate with: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
SESSION_SECRET=CHANGE_THIS_64_CHARACTER_HEX_STRING
JWT_SECRET=CHANGE_THIS_64_CHARACTER_HEX_STRING

# CORS Configuration
CORS_ORIGIN=http://localhost:3000

# File Upload Settings
MAX_FILE_SIZE=5242880
ALLOWED_FILE_TYPES=image/jpeg,image/png,image/gif,image/webp

# Rate Limiting
RATE_LIMIT_WINDOW_MS=900000
RATE_LIMIT_MAX_REQUESTS=100

# Logging
LOG_LEVEL=info

# Security Headers
FORCE_HTTPS=false

# ⚠️ SECURITY CHECKLIST:
# [ ] Change SESSION_SECRET to 64-character random hex
# [ ] Change JWT_SECRET to 64-character random hex  
# [ ] Set strong DB_PASSWORD (12+ chars, mixed case, numbers, symbols)
# [ ] Update CORS_ORIGIN for production domain
# [ ] Set NODE_ENV=production in production
# [ ] Set FORCE_HTTPS=true in production
# [ ] Review all settings before deploying