# Appwrite Configuration (Express / node-appwrite)
APPWRITE_ENDPOINT=https://cloud.appwrite.io/v1
APPWRITE_PROJECT_ID=your_project_id_here

# React (Vite): separate file client/.env — see client/.env.example (VITE_APPWRITE_*).
# APPWRITE_ENDPOINT + APPWRITE_PROJECT_ID here must match the real Appwrite project (same IDs as in client/.env).
# The Express server calls Appwrite directly, not through the Vite dev proxy (localhost:5173).
APPWRITE_API_KEY=your_api_key_here
APPWRITE_DATABASE_ID=your_database_id_here

# Optional: JWT for automated API tests against protected routes (create via Appwrite client: account.createJWT)
# APPWRITE_TEST_JWT=

# Database Configuration (for bootstrap script)
DB_ID=your_database_id_here
DB_NAME=EmailSorter
TABLE_PRODUCTS=products
TABLE_QUESTIONS=questions
TABLE_SUBMISSIONS=submissions
TABLE_ANSWERS=answers
TABLE_ORDERS=orders

# Product Configuration (for bootstrap script)
PRODUCT_ID=email-sorter-product
PRODUCT_SLUG=email-sorter
PRODUCT_TITLE=Email Sorter Setup
PRODUCT_PRICE_CENTS=4900
PRODUCT_CURRENCY=eur

# Stripe Configuration
STRIPE_SECRET_KEY=sk_test_your_stripe_secret_key_here
STRIPE_WEBHOOK_SECRET=whsec_your_webhook_secret_here
# STRIPE_PRICE_BASIC=price_xxx
# STRIPE_PRICE_PRO=price_xxx
# STRIPE_PRICE_BUSINESS=price_xxx

# Gitea Webhook (Deployment)
# Secret für X-Gitea-Signature und optional Bearer-Header (gleicher Wert möglich)
GITEA_WEBHOOK_SECRET=your_webhook_secret_here
# Optional: anderer Token nur für Authorization: Bearer (sonst wird GITEA_WEBHOOK_SECRET verwendet)
# GITEA_WEBHOOK_AUTH_TOKEN=

# Server Configuration
PORT=3000
BASE_URL=http://localhost:3000
FRONTEND_URL=http://localhost:5173
# CORS_ORIGIN=http://localhost:5173

# OAuth (optional; Gmail / Outlook)
# GOOGLE_CLIENT_ID=
# GOOGLE_CLIENT_SECRET=
# GOOGLE_REDIRECT_URI=http://localhost:3000/api/oauth/gmail/callback
# MICROSOFT_CLIENT_ID=
# MICROSOFT_CLIENT_SECRET=
# MICROSOFT_REDIRECT_URI=http://localhost:3000/api/oauth/outlook/callback

# HMAC secret for OAuth state (recommended in production). If unset, state is unsigned JSON (dev only).
# OAUTH_STATE_SECRET=

# Mistral AI (email categorization)
# MISTRAL_API_KEY=

# IMAP credential encryption (64 hex chars = 32-byte AES key). If unset, IMAP passwords are stored plaintext.
# Generate: openssl rand -hex 32
# ENCRYPTION_KEY=

# SMTP (Stripe lifecycle & system emails via nodemailer). If unset, emails are skipped (logged).
# SMTP_HOST=smtp.example.com
# SMTP_PORT=587
# SMTP_SECURE=false
# SMTP_USER=
# SMTP_PASS=
# SMTP_FROM=noreply@example.com

# Admin emails (comma-separated): name-labels, /api/me isAdmin, unlimited sort, effective subscription = top tier (see TOP_SUBSCRIPTION_PLAN)
# ADMIN_EMAILS=support@webklar.com

# Highest tier id (must match a key in server stripe PLANS: basic | pro | business). Admin comped plan uses this.
# TOP_SUBSCRIPTION_PLAN=business