# Flask 2FA Authentication Application Environment Configuration
# Copy this file to .env and modify the values as needed

# Flask Configuration
FLASK_CONFIG=development
FLASK_APP=run.py
FLASK_ENV=development

# Security Configuration (CRITICAL: Change these in production!)
SECRET_KEY=your-secret-key-change-this-in-production-use-secrets-manager-or-random-generator

# Database Configuration
DEV_DATABASE_URL=sqlite:///dev.db
DATABASE_URL=sqlite:///app.db

# Production Database Example (uncomment and modify for production)
# DATABASE_URL=postgresql://username:password@localhost/flask_2fa_prod

# Application Settings
DEBUG=True

# Mail Configuration (for location alerts and notifications)
MAIL_SERVER=smtp.gmail.com
MAIL_PORT=587
MAIL_USE_TLS=true
MAIL_USERNAME=your-email@gmail.com
MAIL_PASSWORD=your-app-password
MAIL_DEFAULT_SENDER=noreply@flask2fa.com

# Location Security Settings
MAX_LOGIN_ATTEMPTS=5
SUSPICIOUS_LOGIN_THRESHOLD_KM=100

# Security Headers (Production only)
# SESSION_COOKIE_SECURE=True
# SESSION_COOKIE_HTTPONLY=True
# SESSION_COOKIE_SAMESITE=Lax

# Logging Configuration
LOG_LEVEL=INFO
LOG_FILE=app.log

# SMTP Configuration (for future email features)
# MAIL_SERVER=smtp.gmail.com
# MAIL_PORT=587
# MAIL_USE_TLS=True
# MAIL_USERNAME=your-email@gmail.com
# MAIL_PASSWORD=your-app-password

# Development Notes:
# 1. Never commit the .env file to version control
# 2. Use strong, randomly generated SECRET_KEY in production
# 3. Use environment-specific database URLs
# 4. Enable HTTPS and secure cookies in production
# 5. Consider using external secret management services