.env.example

# =============================================================================
# API Gateway Environment Configuration
# =============================================================================
# Copy this file to .env and fill in your actual values
# Never commit the .env file to version control!

# -----------------------------------------------------------------------------
# Environment
# -----------------------------------------------------------------------------
# Options: "production" or "development"
# Affects cookie security settings and database naming
ENVIRONMENT=development

# -----------------------------------------------------------------------------
# Database
# -----------------------------------------------------------------------------
# Database name (filename will be {DB_NAME}_{ENVIRONMENT}.db)
DB_NAME=apigateway

# Reset database on startup (CAUTION: deletes all data)
# RESET_DB=true

# -----------------------------------------------------------------------------
# CORS Configuration
# -----------------------------------------------------------------------------
# Comma-separated list of allowed origins for CORS (NO SPACES!)
# IMPORTANT: Required for cookies to work with credentials
# Production example: CORS_ORIGINS=https://app.yourdomain.com,https://www.yourdomain.com
# Development example: CORS_ORIGINS=http://localhost:3000,http://localhost:5173
CORS_ORIGINS=http://localhost:3000,http://localhost:5173

# -----------------------------------------------------------------------------
# JWT Authentication
# -----------------------------------------------------------------------------
# Secret key for signing JWT tokens (REQUIRED)
# Generate with: python -c "import secrets; print(secrets.token_urlsafe(64))"
JWT_SECRET=your-secret-key-here-change-me

# JWT algorithm for token signing
JWT_ALGORITHM=HS256

# Access token expiry in minutes (short-lived, for API requests)
# Production: 5-15 minutes | Development: 30-60 minutes
JWT_ACCESS_EXPIRY_MINUTES=15

# Refresh token expiry in days (long-lived, for getting new access tokens)
# Production: 7-14 days | Development: 30-90 days
JWT_REFRESH_EXPIRY_DAYS=7

# -----------------------------------------------------------------------------
# Google OAuth
# -----------------------------------------------------------------------------
# Google OAuth Client ID for Google Sign-In
# Get from: https://console.cloud.google.com/apis/credentials
AUTH_SIGN_IN_GOOGLE_CLIENT_ID=your-google-client-id.apps.googleusercontent.com

# -----------------------------------------------------------------------------
# Admin Configuration
# -----------------------------------------------------------------------------
# Comma-separated list of admin email addresses
# Example: ADMIN_EMAILS=admin@example.com,boss@example.com
ADMIN_EMAILS=

# -----------------------------------------------------------------------------
# Payment Integration (Razorpay)
# -----------------------------------------------------------------------------
# Razorpay API credentials
# Get from: https://dashboard.razorpay.com/app/keys
RAZORPAY_KEY_ID=your_razorpay_key_id
RAZORPAY_KEY_SECRET=your_razorpay_key_secret

# Razorpay webhook secret for verifying webhook signatures
# Get from: https://dashboard.razorpay.com/app/webhooks
RAZORPAY_WEBHOOK_SECRET=your_webhook_secret

# -----------------------------------------------------------------------------
# Google Drive Backup (Optional)
# -----------------------------------------------------------------------------
# Path to Google Drive service account credentials JSON file
# Used for automatic database backups to Google Drive
# GOOGLE_DRIVE_CREDENTIALS_PATH=/path/to/credentials.json

# Google Drive folder ID where backups should be stored
# GOOGLE_DRIVE_FOLDER_ID=your_folder_id

# -----------------------------------------------------------------------------
# Gemini AI API Keys
# -----------------------------------------------------------------------------
# Comma-separated list of Gemini API keys for video generation
# Get from: https://makersuite.google.com/app/apikey
# Example: GEMINI_API_KEYS=key1,key2,key3
GEMINI_API_KEYS=your-gemini-api-key

# Number of concurrent jobs per API key (rate limiting)
JOB_PER_API_KEY=2

# Enable mock mode for testing without consuming API credits
# GEMINI_MOCK_MODE=true

# -----------------------------------------------------------------------------
# Email Configuration (Optional)
# -----------------------------------------------------------------------------
# SMTP settings for sending emails (contact form, notifications, etc.)
# SMTP_HOST=smtp.gmail.com
# SMTP_PORT=587
# SMTP_USER=your-email@gmail.com
# SMTP_PASSWORD=your-app-password
# SMTP_FROM=noreply@yourdomain.com

# -----------------------------------------------------------------------------
# Logging
# -----------------------------------------------------------------------------
# Log level: DEBUG, INFO, WARNING, ERROR, CRITICAL
LOG_LEVEL=INFO

# -----------------------------------------------------------------------------
# Server Configuration
# -----------------------------------------------------------------------------
# Server host and port (for uvicorn)
# HOST=0.0.0.0
# PORT=8000

# Number of worker processes
# WORKERS=4

# -----------------------------------------------------------------------------
# Feature Flags (Optional)
# -----------------------------------------------------------------------------
# Enable/disable specific features
# ENABLE_RATE_LIMITING=true
# ENABLE_AUDIT_LOGGING=true
# ENABLE_AUTO_BACKUP=true

# =============================================================================
# Notes
# =============================================================================
# 1. JWT_SECRET is REQUIRED - generate a secure one before deploying!
# 2. In production, set ENVIRONMENT=production for proper cookie security
# 3. CORS_ORIGINS must match your frontend domain exactly (including https://)
# 4. Never commit your .env file - it contains sensitive credentials
# 5. Keep your .env.example file updated as you add new variables