# ──────────────────────────────────────────────────────────────────────────
# Barg-e Vasat — ENV_FILE TEMPLATE (placeholders only — NO real secrets here)
# Copy to deploy/ENV_FILE.local (git-ignored), fill real values, and paste the
# WHOLE thing into the Gitea repo secret ENV_FILE. Saving the secret REPLACES
# the entire file — always paste the complete contents.
# ──────────────────────────────────────────────────────────────────────────

# Ports
WEB_PORT=1500
API_PORT=1505
DB_PORT=1510
SITE_PORT=1520

# Database — MUST match the existing postgres volume's password
POSTGRES_PASSWORD=<strong-password>

# JWT — generate with:  openssl rand -hex 32
JWT_KEY=<32+char-random-secret>
JWT_ISSUER=hokm
JWT_AUDIENCE=hokm-clients

# URLs / CORS
NEXT_PUBLIC_SERVER_URL=https://api.bargevasat.ir
NEXT_PUBLIC_APP_URL=https://app.bargevasat.ir
NEXT_PUBLIC_SITE_URL=https://bargevasat.ir
CORS_ORIGINS=https://bargevasat.ir,https://www.bargevasat.ir,https://app.bargevasat.ir

# ZarinPal
ZARINPAL_MERCHANT_ID=<your-merchant-id>
ZARINPAL_SANDBOX=false
ZARINPAL_CALLBACK_URL=https://api.bargevasat.ir/api/coins/pay/callback
ZARINPAL_CLIENT_RETURN_URL=https://app.bargevasat.ir

# Admin panel token (openssl rand -hex 24)
ADMIN_TOKEN=<admin-token>

# In-app billing (Cafe Bazaar / Myket) — fill from the developer panels.
IAB_PACKAGE_NAME=com.bargevasat.app
IAB_BAZAAR_CLIENT_ID=<bazaar-client-id>
IAB_BAZAAR_CLIENT_SECRET=<bazaar-client-secret>
IAB_BAZAAR_REFRESH_TOKEN=<bazaar-refresh-token>
IAB_MYKET_ACCESS_TOKEN=<myket-access-token>
IAB_ALLOW_UNVERIFIED=false

# SMS OTP (Kavenegar). Template "hokmotp" has a %token placeholder we fill with
# the code. Leave SMS_API_KEY empty for dev mode (no SMS sent, code = 1234).
SMS_PROVIDER=kavenegar
SMS_API_KEY=<kavenegar-api-key>
SMS_TEMPLATE=hokmotp