# Database Configuration
DATABASE_URL="postgresql://pos_user:your_production_password@your_db_host:5432/pos_db?schema=public"

# JWT Configuration
JWT_SECRET="your-super-secret-jwt-key-change-this-in-production-must-be-very-long-and-random"
JWT_EXPIRES_IN="7d"

# Application Configuration
NODE_ENV="production"
PORT="3001"
HOST="0.0.0.0"

# Client URLs for CORS
FRONTEND_URL="https://pos.g2khub.co.tz"
MOBILE_APP_URL="https://your-mobile-app-domain.com"

# Stripe Configuration (for production)
STRIPE_SECRET_KEY="sk_test_..."
STRIPE_WEBHOOK_SECRET="whsec_..."
STRIPE_PUBLIC_KEY="pk_test_..."

# Redis Configuration (for caching and sessions)
REDIS_URL="redis://localhost:6379"
REDIS_PASSWORD=""

# Email Configuration (for notifications)
SMTP_HOST="smtp.gmail.com"
SMTP_PORT="587"
SMTP_SECURE="false"
SMTP_USER="your-email@gmail.com"
SMTP_PASS="your-app-password"

# File Upload Configuration
MAX_FILE_SIZE="10485760" # 10MB in bytes
UPLOAD_PATH="./uploads"
ALLOWED_FILE_TYPES="jpg,jpeg,png,gif,pdf,doc,docx"

# Logging Configuration
LOG_LEVEL="debug"
LOG_FILE="./logs/application.log"
LOG_MAX_SIZE="20m"
LOG_MAX_FILES="14d"

# Rate Limiting
RATE_LIMIT_TTL="60" # seconds
RATE_LIMIT_LIMIT="100" # requests per TTL

# Security
BCRYPT_ROUNDS="12"
COOKIE_SECRET="your-cookie-secret-key"
SESSION_SECRET="your-session-secret-key"

# Feature Flags
ENABLE_SWAGGER="true"
ENABLE_CORS="true"
ENABLE_RATE_LIMITING="true"
ENABLE_LOGGING="true"

# Development Only
DEBUG="false"
MOCK_EXTERNAL_SERVICES="false"

# Production Only (set these in production environment)
# SSL_KEY_PATH="/path/to/ssl/private.key"
# SSL_CERT_PATH="/path/to/ssl/certificate.crt"
# DATABASE_SSL="true"
# SENTRY_DSN="https://your-sentry-dsn@sentry.io/project-id"