.env.sample

# ========================================
# APPLICATION PORT
# ========================================
PORT=3000

# ========================================
# POSTGRESQL DATABASES
# ========================================

# --- Full Connection URLs (Primarily for Prisma Migrations/Studio) ---
# Note: These are NOT directly used by the migration script anymore,
# but are kept for standard Prisma tooling (e.g., migrate, studio).
# The migration script now constructs the URL from the components above.
GROUP_DB_URL="postgresql://postgres:identitypassword@localhost:5432/group"
IDENTITY_DB_URL="postgresql://postgres:identitypassword@localhost:5432/identity"
MEMBER_DB_URL="postgresql://postgres:identitypassword@localhost:5432/member"

# ========================================
# MYSQL LEGACY AUTH DB (Source for Migration)
# ========================================
# Used by the migration script
MYSQL_HOST=127.0.0.1
MYSQL_PORT=3306 # Port exposed on the host by docker-compose
MYSQL_USER=mysql-user # User created in the MySQL container
MYSQL_PASSWORD=mysql-password # Password for MYSQL_USER
MYSQL_DATABASE=authorization_db # DB name inside the MySQL container
MYSQL_ROOT_PASSWORD=mysql-user-root-password # Root password for MySQL container (used for import)

# ========================================
# REDIS CACHE
# ========================================
REDIS_HOST=127.0.0.1
REDIS_PORT=6379
# REDIS_PASSWORD= # Uncomment and set if password protection is enabled
# REDIS_DB=0      # Optional: default Redis DB index

# ========================================
# JWT VALIDATION (Incoming User Requests)
# ========================================

# Validation Mode:
# HS256: Use for local development with tokens generated using AUTH_SECRET.
# RS256: Use for production/staging with tokens from an external IdP (e.g., Auth0) using JWKS.
JWT_VALIDATION_MODE=HS256

# --- HS256 Settings (if JWT_VALIDATION_MODE=HS256) ---
# Used by jwt.strategy.ts and local token generation script
# IMPORTANT: Replace with a strong, unique secret key in your actual .env file if using HS256
AUTH_SECRET="your-local-dev-secret-key-placeholder"
# Optional: Set to match the issuer/audience in your HS256 tokens for stricter validation
JWT_ISSUER_URL="https://api.topcoder-dev.com"
JWT_AUDIENCE="www.example.com"

# --- RS256 Settings (if JWT_VALIDATION_MODE=RS256) ---
# Used by jwt.strategy.ts if mode is RS256
# Ensure this matches the 'iss' claim in the JWTs from your IdP (e.g., Auth0)
# JWT_ISSUER_URL="https://topcoder-dev.auth0.com/"
# Ensure this matches the 'aud' claim (audience) the JWTs are intended for (your API identifier in IdP)
# JWT_AUDIENCE="https://api.topcoder-dev.com/v5"
# JWKS URI from your IdP (often found at ${JWT_ISSUER_URL}.well-known/jwks.json)
# JWT_JWKS_URI="https://topcoder-dev.auth0.com/.well-known/jwks.json"

# ========================================
# M2M AUTHENTICATION (Service-to-Service)
# ========================================
# Used for authenticating outgoing requests (e.g., to Event Bus)

# --- Auth0 Client Credentials Example ---
# Replace with your actual Auth0 Machine-to-Machine application details
AUTH0_URL="https://topcoder-dev.auth0.com/oauth/token" # Your Auth0 domain
AUTH0_AUDIENCE="https://m2m.topcoder-dev.com/"     # API Audience for M2M
AUTH0_CLIENT_ID="change-me"               # Client ID of M2M App
AUTH0_CLIENT_SECRET="change-me"        # Client Secret of M2M App
AUTH0_DOMAIN="topcoder-dev.auth0.com"

AUTH0_NEW_DOMAIN="topcoder-dev.auth0.com"
AUTH0_NEW_CLIENT_ID="change-me"
AUTH0_NEW_CLIENT_SECRET="change-me"

# Optional: URL of proxy server if needed for token fetching
#AUTH0_PROXY_SERVER_URL=
# Optional: Token cache expiry time in minutes (used by M2M client)
TOKEN_CACHE_TIME=1440 # Example: 24 hours

# ========================================
# EVENT BUS SERVICE
# ========================================
BUSAPI_URL="https://api.topcoder-dev.com/v5" # Example URL - REPLACE IF NEEDED
KAFKA_ERROR_TOPIC="common.error.reporting"
# ========================================
# MEMBER SERVICE
# ========================================
MEMBER_API_URL=https://api.topcoder-dev.com/v5/members
# ========================================
# ROLE CONFIGURATION
# ========================================
ADMIN_ROLE_NAME="administrator" # The name of the admin role in the 'identity' Role table

# ========================================
# SLACK
# ========================================

SLACK_BOT_KEY="key"
SLACK_CHANNEL_ID="C04ENKCU4TZ"

# ========================================
# AUTHENTICATION
# ========================================
JWT_SECRET="my-secret"


# Legacy Blowfish Encryption Key (Base64 Encoded - !!! REPLACE WITH ACTUAL KEY FROM OLD SYSTEM !!!)
# Used for compatibility with the old password encoding scheme.
LEGACY_BLOWFISH_KEY=!!!_REPLACE_WITH_BASE64_ENCODED_KEY_!!!

## SENDGRID
SENDGRID_RESEND_ACTIVATION_EMAIL_TEMPLATE_ID="d-73c29be82bfa4d68beea2208b6a3c4b2"
SENDGRID_SELFSERVICE_RESEND_ACTIVATION_EMAIL_TEMPLATE_ID="d-73c29be82bfa4d68beea2208b6a3c4b2"
SENDGRID_WELCOME_EMAIL_TEMPLATE_ID="d-26c8962fb48c42a3997053ebe5954516"
SENDGRID_SELFSERVICE_WELCOME_EMAIL_TEMPLATE_ID="d-26c8962fb48c42a3997053ebe5954516"

SSO_TOKEN_SALT=change-me

AUTH_OTP_DURATION=10

# cookie expiry seconds
COOKIE_EXPIRY_SECONDS=7776000

ZENDESK_SECRET=change-me
ZENDESK_PREFIX=zendesk-idprefix

# used to build AUTH_DOMAIN
AUTH_DOMAIN="topcoder-dev.com"

VALID_ISSUERS='["https://api.topcoder-dev.com","https://topcoder-dev.com","https://auth0.topcoder-dev.com"]'
# Optional: cache time for JWKS keys in tc-core-library-js (e.g., '24h')
# JWT_KEY_CACHE_TIME='24h'

SERVICEACC01_CID="sathyaadminin"
SERVICEACC01_SECRET="sathyaadminin"
SERVICEACC01_UID="100000070"
SERVICEACC02_CID="devadmin1"
SERVICEACC02_SECRET="devadmin1"
SERVICEACC02_UID="100000027"

# Note: Registration default password is no longer configurable; for social/SSO
# registrations without a provided password, a unique 16-character random
# password is generated at registration time.


# Prisma configuration

IDENTITY_SERVICE_PRISMA_TIMEOUT=10000