# ─── Production template ─────────────────────────────────────────────────────
#   cp .env.production.example .env.production
# Edit .env.production with real secrets (gitignored).
# Deploy: npm run deploy:pack  →  uploads .env.production as .env on the server
# See DEPLOY_NAMECHEAP.md

NODE_ENV=production
# Do not set PORT — Phusion Passenger assigns it on Namecheap

API_PREFIX=api

# Where the React web app is hosted (OAuth redirect after Google login)
APP_ORIGIN=https://divyourday.tradedatainsight.com

# Comma-separated; must match exact browser origins (https, no trailing slash)
CORS_ORIGINS=https://divyourday.tradedatainsight.com,https://admin.tradedatainsight.com

PLATFORM_ADMIN_EMAIL=ganeshbhagyasampath@gmail.com

DATABASE_URL=DATABASE_URL=mysql://tradfrvw_divyourday:Myfuture123@@localhost:3306/tradfrvw_divyourday

# Generate: openssl rand -hex 32  (run three times for the three secrets below)
JWT_ACCESS_SECRET=replace-with-64-char-random-hex
JWT_REFRESH_SECRET=replace-with-64-char-random-hex
JWT_ACCESS_EXPIRES_IN=15m
JWT_REFRESH_EXPIRES_IN=7d
COOKIE_SECRET=replace-with-32-char-random-hex

# Google Cloud Console → OAuth 2.0 Client (Web application)
# Authorized redirect URI (single slash — no //):
#   https://divyourday.tradedatainsight.com/api/v1/auth/google/callback
# Authorized JavaScript origins:
#   https://divyourday.tradedatainsight.com
GOOGLE_CLIENT_ID=958001870244-bl85lbkfrombftd0uibc3j4g846mroh5.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=set-in-env-production-not-in-git
GOOGLE_CALLBACK_URL=https://divyourday.tradedatainsight.com/api/v1/auth/google/callback

SMTP_HOST=business142.web-hosting.com
SMTP_PORT=465
SMTP_SECURE=true
SMTP_USER=info@tradedatainsight.com
SMTP_PASS="]ek?bZ}~uj{bVP6o"
SMTP_FROM=Divyourday <info@tradedatainsight.com>

UPLOAD_PUBLIC_URL=https://divyourday.tradedatainsight.com

THROTTLE_TTL=60
THROTTLE_LIMIT=100
BCRYPT_ROUNDS=12
