# Norda Biznes Hub - Environment Configuration
# ==============================================

# Flask Configuration
SECRET_KEY=your-super-secret-key-change-in-production
FLASK_ENV=development

# Server Configuration
PORT=5000
HOST=0.0.0.0

# Database Configuration
# ==============================================
#
# DATABASE_URL: Full PostgreSQL connection string used by Python scripts
# Format: postgresql://username:password@host:port/database
#
# Development (local Docker):
#   DATABASE_URL=postgresql://nordabiz_user:nordabiz_password@localhost:5433/nordabiz
#
# Production (NORDABIZ-01 server):
#   DATABASE_URL=postgresql://nordabiz_app:your_password_here@10.22.68.249:5432/nordabiz
#
# IMPORTANT SECURITY NOTE:
# - NEVER hardcode production passwords in source code (CWE-798)
# - Keep this file (.env) out of version control (already in .gitignore)
# - Set DATABASE_URL as environment variable before running any script
# - All Python scripts will fail safely if DATABASE_URL is not set
#
DATABASE_URL=postgresql://nordabiz_app:your_password_here@10.22.68.249:5432/nordabiz

# PGPASSWORD: PostgreSQL password for shell scripts (psql, pg_dump, etc.)
# This environment variable is used by PostgreSQL command-line tools
#
# Shell scripts (like view_maturity_results.sh) require PGPASSWORD to be set:
#   export PGPASSWORD='your_database_password'
#   ./view_maturity_results.sh
#
# Or set it inline (one-time):
#   PGPASSWORD='your_database_password' ./view_maturity_results.sh
#
# SECURITY WARNING:
# - Do NOT set PGPASSWORD in this .env file (it's only read by Python/Flask)
# - Shell scripts cannot read .env files automatically
# - Set PGPASSWORD in your shell session or use .pgpass file instead
# - See: https://www.postgresql.org/docs/current/libpq-pgpass.html
#
# Example .pgpass file (~/.pgpass with chmod 600):
#   10.22.68.249:5432:nordabiz:nordabiz_app:your_password_here
#   localhost:5433:nordabiz:nordabiz_user:nordabiz_password

# Google Gemini API
GOOGLE_GEMINI_API_KEY=your_gemini_api_key_here

# Google PageSpeed Insights API (for SEO audits)
# Get your API key from: https://developers.google.com/speed/docs/insights/v5/get-started
# Free tier: 25,000 requests/day
GOOGLE_PAGESPEED_API_KEY=your_pagespeed_api_key_here

# Google Places API (for GBP audits - Google Business Profile)
# Get your API key from: https://console.cloud.google.com/apis/credentials
# Enable "Places API" in Google Cloud Console
# Free tier: $200/month credit (covers ~10,000 requests)
GOOGLE_PLACES_API_KEY=your_places_api_key_here

# Email Configuration (for user verification)
MAIL_SERVER=smtp.gmail.com
MAIL_PORT=587
MAIL_USE_TLS=True
MAIL_USERNAME=your_email@gmail.com
MAIL_PASSWORD=your_app_password_here
MAIL_DEFAULT_SENDER=noreply@norda-biznes.info

# Application URLs
APP_URL=http://localhost:5000
VERIFY_EMAIL_URL=http://localhost:5000/verify-email