DATABASE_URL="postgresql://setrip_user:setrip_password@localhost:5432/setrip_db"
NEXTAUTH_SECRET="3GaP/mqi1IYbafyLfyI54ouPRDE0IUK5vFqpKJQM5hg="
NEXTAUTH_URL="http://localhost:3000"
NEXT_PUBLIC_SITE_URL="https://arifal.imola.ai"
ADMIN_EMAILS=admin@setrip.id

# 32-byte key (hex) for AES-256-GCM encryption of KYC data (NIK + KTP/liveness files)
# Generate with: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
KYC_ENCRYPTION_KEY=
# 32-byte hex secret used as HMAC pepper for NIK uniqueness lookup
# Generate with: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
KYC_NIK_PEPPER=
# Absolute path for private KYC uploads (default: <cwd>/uploads/private)
KYC_UPLOAD_DIR=

GOOGLE_CLIENT_ID="xxxxxxxx"
GOOGLE_CLIENT_SECRET="xxxxxxxx"

# === Midtrans payment gateway (Phase C) ===
# Server key dari dashboard Midtrans (sandbox: SB-Mid-server-..., production: Mid-server-...).
# RAHASIA — server-side only, jangan commit nilai aslinya.
MIDTRANS_SERVER_KEY=
# Client key untuk init Snap.js di browser (sandbox: SB-Mid-client-..., production: Mid-client-...).
# Aman diekspos via NEXT_PUBLIC_ — bukan rahasia.
NEXT_PUBLIC_MIDTRANS_CLIENT_KEY=
# 'true' untuk production, 'false' atau kosong untuk sandbox.
# Dibaca di server (untuk Snap API endpoint) DAN client (untuk Snap.js URL).
NEXT_PUBLIC_MIDTRANS_IS_PRODUCTION=false
# Webhook URL di Midtrans dashboard harus diset ke: <NEXT_PUBLIC_SITE_URL>/api/webhooks/midtrans


# === Cron jobs (auto-complete trip, dst) ===
# Bearer token yang harus di-kirim cron eksternal (system crontab / Vercel Cron / dst)
# saat memanggil endpoint `/api/cron/*`. Kalau kosong, endpoint hard-fail 500.
# Generate ≥32-byte hex secret:
#   openssl rand -hex 32
# Setup detail: lihat docs/CRON_SETUP.md
CRON_SECRET=


# === Admin alerting (opsional) ===
# Discord webhook URL untuk push notif saat cron FAILED. Tanpa env, `notifyAdmins`
# no-op — admin tetap bisa cek manual di /admin/system. Cara setup:
#   1. Discord channel internal → Edit Channel → Integrations → Webhooks → New
#   2. Copy "Webhook URL", paste di sini
# Format: https://discord.com/api/webhooks/<id>/<token>
ADMIN_ALERT_WEBHOOK_URL=


# === Email notifications (Resend) ===
# API key Resend untuk kirim email transaksional (KYC, refund, payment, suspend).
# Tanpa env, sync send di-skip dan semua email di-queue di DB (status PENDING).
# Setelah env di-set, cron `/api/cron/process-email-jobs` akan drain queue.
# Sign up: https://resend.com → API Keys
RESEND_API_KEY=
# Email sender — format RFC 5322 "Display Name <email@domain>".
# Domain harus diverifikasi di Resend dashboard (SPF + DKIM).
# Default `onboarding@resend.dev` cocok untuk dev/testing.
EMAIL_FROM="SeTrip <onboarding@resend.dev>"