.env.example

# Trivela Backend Environment Configuration
# Copy this file to .env and fill in your values

# Server Configuration
PORT=3001

# Public site URL — used by /sitemap.xml for absolute URLs (no trailing slash)
# SITE_URL=https://trivela.example.com

# Database backend (issue #284).
#
# - Unset / not starting with `postgres://` -> SQLite (better-sqlite3),
#   appropriate for dev and single-instance deployments.
# - postgres:// or postgresql:// URL -> PostgreSQL for campaigns + audit logs.
#   Required for multi-instance / horizontally scaled deployments.
#
# DATABASE_URL=postgres://trivela:trivela@localhost:5432/trivela
# PG_POOL_MAX=10
#
# Optional: when set, the dal/pg tests connect to this database and verify the
# repositories CRUD end to end. Leave unset to skip those tests in CI on
# branches that don't have a Postgres service.
# TEST_DATABASE_URL=postgres://trivela:trivela@localhost:5432/trivela_test

# Stellar Network Configuration
STELLAR_NETWORK=testnet
SOROBAN_RPC_URL=https://soroban-testnet.stellar.org
# Multi-RPC failover pool (comma-separated). When set, takes precedence over SOROBAN_RPC_URL.
# Requests round-robin across healthy endpoints; a failed node backs off for 30 s then recovers.
# SOROBAN_RPC_URLS=https://soroban-testnet.stellar.org,https://rpc.ankr.com/stellar_testnet
HORIZON_URL=https://horizon-testnet.stellar.org
# Optional override when using a non-standard passphrase for the selected network preset
# STELLAR_NETWORK_PASSPHRASE=Test SDF Network ; September 2015

# CORS Configuration
# For multiple origins, use comma-separated list
CORS_ALLOWED_ORIGINS=http://localhost:5173,http://localhost:3000

# Optional: Legacy single-origin CORS (fallback if CORS_ALLOWED_ORIGINS not set)
# CORS_ORIGIN=http://localhost:5173

# API Key Authentication (optional)
# If set, write endpoints (POST, PUT, DELETE) require a valid key
# Leave empty or unset for development (all endpoints open)
# TRIVELA_API_KEYS=sk_prod_old_key,sk_prod_new_key

# Legacy single key (still supported)
# TRIVELA_API_KEY=sk_prod_your_secure_key_here

# Master admin key for API key management endpoints (POST/GET/DELETE /api/v1/admin/api-keys)
# TRIVELA_MASTER_KEY=mk_prod_master_key_here

# Campaign categories (comma-separated controlled vocabulary)
# TRIVELA_CATEGORIES=DeFi,NFT,Community,Airdrop

# Image storage backend: local | s3 | ipfs
STORAGE_BACKEND=local
UPLOAD_DIR=./uploads
UPLOAD_PUBLIC_BASE_URL=http://localhost:3001/uploads

# S3 storage (when STORAGE_BACKEND=s3)
# S3_BUCKET=trivela-campaign-images
# AWS_REGION=us-east-1
# S3_PUBLIC_BASE_URL=https://cdn.example.com

# IPFS storage (when STORAGE_BACKEND=ipfs)
# IPFS_API_KEY=your_pinata_or_web3_storage_key
# IPFS_API_URL=https://api.pinata.cloud/pinning/pinFileToIPFS
# IPFS_GATEWAY_URL=https://gateway.pinata.cloud/ipfs

# Smart Contract IDs (optional)
# These are exposed via GET /api/v1/config
# REWARDS_CONTRACT_ID=CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABSC4
# CAMPAIGN_CONTRACT_ID=CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABSC4

# Rate Limiting Configuration
RATE_LIMIT_WINDOW_MS=60000
RATE_LIMIT_MAX_REQUESTS=60

# Auth Brute-Force / Lockout Configuration (#588)
# Failed auth attempts on guarded routes are tracked per client IP. After
# AUTH_LOCKOUT_SOFT_THRESHOLD consecutive failures, requests are progressively
# delayed; after AUTH_LOCKOUT_HARD_THRESHOLD, the client is temporarily locked
# out (HTTP 429) for AUTH_LOCKOUT_BASE_MS, backing off exponentially on repeat.
AUTH_LOCKOUT_SOFT_THRESHOLD=5
AUTH_LOCKOUT_HARD_THRESHOLD=10
AUTH_LOCKOUT_BASE_MS=60000

# Redis Configuration (optional)
# When set, rate limiting state is stored in Redis for horizontal scaling
# Leave empty to use in-memory rate limiter (default for local dev)
# REDIS_URL=redis://localhost:6379
# Or use separate host/port:
# REDIS_HOST=localhost:6379

# Background Job Runner (Issue #286)
# Total attempts before a job is moved to the failed_jobs dead-letter table.
# JOB_MAX_RETRIES=5
# Base delay in milliseconds for exponential backoff between retries
# (effective delay is JOB_BASE_DELAY_MS * 2^(attempt-1) + jitter, capped at JOB_MAX_DELAY_MS).
# JOB_BASE_DELAY_MS=1000
# Upper bound for retry backoff in milliseconds.
# JOB_MAX_DELAY_MS=30000
# OpenTelemetry distributed tracing (#288)
# Service identification in traces.
OTEL_SERVICE_NAME=trivela-backend
# OTLP/HTTP endpoint (Jaeger 1.35+, OTel Collector, Honeycomb, Tempo, etc.).
# Leave unset in dev to disable export — `withSpan()` still works as a no-op.
# OTEL_EXPORTER_OTLP_ENDPOINT=http://jaeger:4318
# Optional auth headers (comma-separated key=value).
# OTEL_EXPORTER_OTLP_HEADERS=x-honeycomb-team=YOUR_KEY,x-honeycomb-dataset=trivela

# Deployment Strategy
# Set to blue-green to enable the blue/green deployment script (scripts/deploy-blue-green.sh).
# When using blue-green, the deploy script manages two backend environments on different ports
# (blue: 3001, green: 3002) and atomically switches nginx traffic after health verification.
DEPLOY_STRATEGY=blue-green

# WebSocket Configuration (Issue #456)
# Enable or disable WebSocket server for real-time updates
ENABLE_WEBSOCKET=true
# WebSocket connection path
WEBSOCKET_PATH=/ws

# Web Push notifications (VAPID) — issue #619.
# Generate a keypair with: npx web-push generate-vapid-keys
# When unset, web push is disabled (the /push endpoints report not_configured)
# and the backend still boots normally.
VAPID_PUBLIC_KEY=
VAPID_PRIVATE_KEY=
VAPID_SUBJECT=mailto:notifications@trivela.app

# Distributed job lock TTL in ms (#564).
# When REDIS_URL is set, uses Redis SET NX PX. Otherwise uses an in-process Map.
# LOCK_TTL_MS=30000

# Data export retention in days (#562).
# Exports older than this many days are pruned from local storage.
# EXPORT_RETENTION_DAYS=30