# ──────────────────────────────────────────────────────────────────────────
# Barg-e Vasat — ENV_FILE
# Paste the contents of this file (filled in) into the Gitea repo secret:
#   https://git.soroushasadi.com/soroushdes/HokmPlay/settings/secrets  → ENV_FILE
# The deploy job writes it verbatim to `.env`, which docker compose reads.
#
# NOTE: NEXT_PUBLIC_SERVER_URL is baked into the web bundle at BUILD time —
# changing it requires a new CI run (push a commit) to take effect.
# ──────────────────────────────────────────────────────────────────────────

# Host ports (1500–1600 range so the stack coexists with manual dev on 3000/5005)
WEB_PORT=1500
API_PORT=1505
DB_PORT=1510

# Database (postgres container)
POSTGRES_PASSWORD=change-me-strong-password

# JWT — generate with:  openssl rand -hex 32
JWT_KEY=CHANGE-ME-to-a-32+char-random-secret
JWT_ISSUER=hokm
JWT_AUDIENCE=hokm-clients

# Browser-facing API origin (host-mapped api port).
# If the browser is NOT on the deploy host, use the host LAN IP instead of
# localhost, e.g.  http://172.28.144.1:1505   (localhost can be VPN-hijacked).
NEXT_PUBLIC_SERVER_URL=http://localhost:1505

# Origins allowed by the API's CORS (comma-separated). Must include the web URL.
CORS_ORIGINS=http://localhost:1500

# ZarinPal (sandbox for now — switch in admin/panel later)
ZARINPAL_MERCHANT_ID=299685fb-cadf-4dfc-98e2-d4af5d81528d
ZARINPAL_SANDBOX=true
ZARINPAL_CALLBACK_URL=http://localhost:1505/api/coins/pay/callback
ZARINPAL_CLIENT_RETURN_URL=http://localhost:1500