# Front-end public URL, without leading slash
PUBLIC_URL=http://localhost:5173

# Site name, displayed on the UI and in emails
PUBLIC_SITE_NAME=Amanita SSO

# Database connection (mysql)
DATABASE_HOST=localhost
DATABASE_DB=icyauth
DATABASE_USER=icyauth
DATABASE_PASS=icyauth

# Secret keys for sessions and challenges
# These keys should be rotated as part of regular maintenance
SESSION_SECRET=32 char key
CHALLENGE_SECRET=64 char key

# Set "Secure" flag on the cookie
SESSION_SECURE=true

# OpenID Connect JWT (ID token) settings
# Private keys for JWTs are stored as files in the private directory
JWT_ALGORITHM=RS256
JWT_EXPIRATION=7d
JWT_ISSUER=http://localhost:5173

# SMTP settings
EMAIL_ENABLED=true
EMAIL_FROM=no-reply@icynet.eu
EMAIL_SMTP_HOST=mail.icynet.eu
EMAIL_SMTP_PORT=587
EMAIL_SMTP_SECURE=false
EMAIL_SMTP_USER=
EMAIL_SMTP_PASS=

# Enable new account registrations
REGISTRATIONS=true

# Trust the first proxy to give us the user's real IP
ADDRESS_HEADER=X-Forwarded-For
XFF_DEPTH=1

# Run database migrations automatically on startup
AUTO_MIGRATE=true