[app]
SECRET_KEY = your_secret_key
APP_DEBUG = true
TIMEZONE = Europe/London

[server]
HOST = 0.0.0.0
PORT = 8000
SSL_CERTFILE = instance/certs/cert.pem
SSL_KEYFILE = instance/certs/key.pem
; Server configuration
; DEVELOPMENT_MODE: When true, enables development features (default: false)
DEVELOPMENT_MODE = true
; Watch for file changes and reload automatically (development only, default: false)
WATCH_FILES = true
; Number of worker processes for Uvicorn (default: 1)
; For production, set to 2-4 workers for most servers
; "auto" uses CPU count but may be excessive for some systems
WORKERS = 2
; Maximum number of seconds a worker can live (helps with memory leaks)
WORKER_LIFETIME = 86400
; Determines if server should stop gracefully or immediately on receiving SIGINT/SIGTERM
GRACEFUL_SHUTDOWN = true
; Timeout in seconds for graceful shutdown (default: 30)
SHUTDOWN_TIMEOUT = 30

[database]
; Current SQLite configuration
SQLALCHEMY_DATABASE_URI = sqlite:///database.db
SQLALCHEMY_TRACK_MODIFICATIONS = false

; ====== DATABASE CONNECTION EXAMPLES ======
; Uncomment one of these examples and comment out the SQLite connection above to switch databases

; === PostgreSQL Example ===
; Setup: 
;   1. Install PostgreSQL server
;   2. Create database and user with proper permissions
;   3. Install Python driver: pip install psycopg2-binary
; 
; SQLALCHEMY_DATABASE_URI = postgresql://username:password@localhost:5432/database_name
; For SSL connection:
; SQLALCHEMY_DATABASE_URI = postgresql://username:password@localhost:5432/database_name?sslmode=require

; === MySQL/MariaDB Example ===
; Setup:
;   1. Install MySQL/MariaDB server
;   2. Create database and user with proper permissions
;   3. Install Python driver: pip install pymysql
;
; SQLALCHEMY_DATABASE_URI = mysql+pymysql://username:password@localhost:3306/database_name
; For SSL connection:
; SQLALCHEMY_DATABASE_URI = mysql+pymysql://username:password@localhost:3306/database_name?ssl_ca=/path/to/ca.pem

; === MSSQL Server Example ===
; Setup:
;   1. Install MSSQL Server
;   2. Create database and user
;   3. Install Python driver: pip install pyodbc
;   4. Install ODBC Driver for SQL Server:
;      - On Ubuntu/Debian: 
;        sudo apt-get install -y unixodbc-dev
;        sudo curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add -
;        sudo curl https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/prod.list > /etc/apt/sources.list.d/mssql-release.list
;        sudo apt-get update
;        sudo ACCEPT_EULA=Y apt-get install -y msodbcsql18  # Driver 18 (latest)
;        # Or for older driver: sudo ACCEPT_EULA=Y apt-get install -y msodbcsql17
;      - On RHEL/CentOS:
;        sudo curl https://packages.microsoft.com/config/rhel/8/prod.repo > /etc/yum.repos.d/mssql-release.repo
;        sudo ACCEPT_EULA=Y dnf install -y msodbcsql18  # Driver 18 (latest)
;        # Or for older driver: sudo ACCEPT_EULA=Y dnf install -y msodbcsql17
;      - On Windows: 
;        Download and install from https://go.microsoft.com/fwlink/?linkid=2249006  # Driver 18
;        # Or for older driver: https://go.microsoft.com/fwlink/?linkid=2187217  # Driver 17
;
; # Using ODBC Driver 18 (recommended)
; SQLALCHEMY_DATABASE_URI = mssql+pyodbc://username:password@server_name/database_name?driver=ODBC+Driver+18+for+SQL+Server
; # Using ODBC Driver 17
; SQLALCHEMY_DATABASE_URI = mssql+pyodbc://username:password@server_name/database_name?driver=ODBC+Driver+17+for+SQL+Server
; # For named instance:
; SQLALCHEMY_DATABASE_URI = mssql+pyodbc://username:password@server_name\\instance_name/database_name?driver=ODBC+Driver+18+for+SQL+Server

[session]
SESSION_COOKIE_SECURE = true
SESSION_COOKIE_HTTPONLY = true
SESSION_COOKIE_SAMESITE = Lax
REMEMBER_COOKIE_SECURE = true
REMEMBER_COOKIE_HTTPONLY = true
REMEMBER_COOKIE_DURATION = 7200
PERMANENT_SESSION_LIFETIME = 7200

[cache]
STATIC_MAX_AGE = 86400
IMAGE_MAX_AGE = 604800
JS_CSS_MAX_AGE = 43200
ENABLE_COMPRESSION = true
COMPRESSION_LEVEL = 6
COMPRESSION_MIN_SIZE = 500

[security]
; Security headers configuration
CONTENT_SECURITY_POLICY = default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; frame-ancestors 'self'; form-action 'self'; base-uri 'self'
ENABLE_HSTS = true
HSTS_MAX_AGE = 31536000
ENABLE_SECURITY_HEADERS = true

[rate_limiting]
; Rate limiting configuration
ENABLE_RATE_LIMITING = true
; Redis connection for rate limiting (leave empty to use in-memory storage)
; REDIS_URL = redis://localhost:6379/0
REDIS_URL = 
; Login endpoint limits
LOGIN_LIMIT = 10
LOGIN_PERIOD = 60
; Registration endpoint limits  
REGISTER_LIMIT = 5
REGISTER_PERIOD = 300
; API endpoint limits
API_LIMIT = 60
API_PERIOD = 60

[proxy]
; Reverse proxy configuration for Traefik
; Number of proxies between the client and your app (default: 1 for single proxy like Traefik)
PROXY_COUNT = 1
; Whether to trust X-Forwarded-For header (required for Traefik)
TRUST_X_FORWARDED_FOR = true
; Whether to trust X-Forwarded-Proto header (for HTTPS detection)
TRUST_X_FORWARDED_PROTO = true
; Whether to trust X-Forwarded-Host header 
TRUST_X_FORWARDED_HOST = true
; Whether to trust X-Forwarded-Port header
TRUST_X_FORWARDED_PORT = true
; Whether to trust X-Forwarded-Prefix header
TRUST_X_FORWARDED_PREFIX = false
; Trusted proxy IPs (leave empty to trust all, comma-separated for multiple)
; For production with Traefik, specify your Traefik container IP or Docker network CIDR
; Examples:
; TRUSTED_PROXIES = 172.16.0.0/12,10.0.0.0/8,192.168.0.0/16  # Docker default networks
; TRUSTED_PROXIES = 172.20.0.2,172.20.0.3                     # Specific Traefik IPs
; TRUSTED_PROXIES = 172.18.0.0/16                             # Custom Docker network
; For development/testing, leave empty to trust all proxies:
TRUSTED_PROXIES =

[logging]
; Database logging configuration
; Enable/disable database logging entirely
DB_LOGGING_ENABLED = true

; Loggers to exclude from database logging (comma-separated)
; These loggers often create feedback loops or excessive noise
DB_LOGGING_FILTERED_LOGGERS = watchfiles.main,watchfiles.watcher,watchdog,uvicorn.access,__mp_main__,__main__,app

; Message patterns to exclude from database logging (comma-separated)
; Messages containing these patterns will not be logged to database
DB_LOGGING_FILTERED_PATTERNS = database.db,instance/,file changed,reloading

; Enable filtering of file watcher logs (prevents feedback loops in debug mode)
FILTER_FILE_WATCHER_LOGS = true

; Minimum time between identical log entries (seconds) to prevent spam
DB_LOGGING_DEDUPE_INTERVAL = 1