.env.dist

# This file (.env.dist) is an example template for the environment variables required by the application.
# The .env file is not versioned in the repository and should be created by duplicating this file.
# To use it, copy this file as .env and define the appropriate values.
# The environment variables defined in .env will be automatically loaded by Docker Compose.

###> Application Core Settings ###
APP_ENV=prod
APP_DEBUG=0
APP_SECRET=CHANGE_THIS_TO_A_SECRET
APP_ONLINE_MODE=1

# Port configuration:
# The port on which the application listens (both inside and outside the container).
# Docker mapping: ${APP_PORT}:${APP_PORT}
APP_PORT=8080

XDEBUG_MODE=off  # You can enable it by changing to "debug", "off" to leave it disabled
XDEBUG_CONFIG="client_host=host.docker.internal"

# Configure the BASE_PATH for subdirectory installation.
# Leave it empty if you want to use the root directory.
# IMPORTANT: You must start with a slash (/) and Do not end with a slash (/).
# Examples:
#   BASE_PATH= (installation at root)
#   BASE_PATH=/exelearning
#   BASE_PATH=/web/exelearning
BASE_PATH=

# Allow users to import/install styles
ONLINE_THEMES_INSTALL=0

# Allow users to import/install iDevices
ONLINE_IDEVICES_INSTALL=0

###> Test User (development only, APP_ENV=dev) ###
# Test user is ONLY created when APP_ENV=dev AND both variables are set
TEST_USER_EMAIL=user@exelearning.net
TEST_USER_PASSWORD=1234
###< Test User (development only, APP_ENV=dev) ###

###> Admin User ###
# Admin user is created/updated when ADMIN_EMAIL and ADMIN_PASSWORD are set (non-empty)
# If the user exists, password and roles are updated (allows admin recovery)
# ADMIN_EMAIL=admin@example.com
# ADMIN_PASSWORD=
###< Admin User ###

###> Authentication Configuration ###
# Available modes (comma-separated):
# - "none": Offline mode (no authentication)
# - "password": Traditional username/password login
# - "cas": CAS authentication
# - "openid": OpenID Connect authentication
# - "guest": Guest access — creates a temporary user, no login required
# Examples:
# APP_AUTH_METHODS=none
# APP_AUTH_METHODS=password,cas
APP_AUTH_METHODS=password,cas,openid,guest

# Automatically create users when authenticating with CAS/OpenID (true/false)
AUTH_CREATE_USERS=true
# Domain used when generating temporary emails for CAS/OpenID users without one
# Leave empty to use the default value (domain.local)
AUTH_TEMP_EMAIL_DOMAIN=domain.local

###> CAS Configuration (required if using CAS) ###
# Test server: https://casserverpac4j.herokuapp.com
CAS_URL=https://casserverpac4j.herokuapp.com
CAS_VALIDATE_PATH=/p3/serviceValidate
CAS_LOGIN_PATH=/login
CAS_LOGOUT_PATH=/logout

###> OpenID Connect Configuration (required if using OpenID) ###
# Test server: https://demo.duendesoftware.com
OIDC_ISSUER=https://demo.duendesoftware.com
OIDC_AUTHORIZATION_ENDPOINT=https://demo.duendesoftware.com/connect/authorize
OIDC_TOKEN_ENDPOINT=https://demo.duendesoftware.com/connect/token
OIDC_USERINFO_ENDPOINT=https://demo.duendesoftware.com/connect/userinfo
OIDC_SCOPE="openid email"
OIDC_CLIENT_ID=interactive.confidential
OIDC_CLIENT_SECRET=secret

## Sample Google Oauth values
# OIDC_ISSUER=https://accounts.google.com
# OIDC_AUTHORIZATION_ENDPOINT=https://accounts.google.com/o/oauth2/v2/auth
# OIDC_TOKEN_ENDPOINT=https://oauth2.googleapis.com/token
# OIDC_USERINFO_ENDPOINT=https://openidconnect.googleapis.com/v1/userinfo
# OIDC_SCOPE="openid email"
# OIDC_CLIENT_ID=PLEASE_CHANGEME
# OIDC_CLIENT_SECRET=PLEASE_CHANGEME

###< Authentication Configuration ###

###> API JWT (local Bearer tokens) ###
# Secret for locally signed JWTs accepted by the API
API_JWT_SECRET=dev_secret_change_me
# Optional issuer and audience checks
# API_JWT_ISSUER=exelearning
# API_JWT_AUDIENCE=exelearning_clients
###< API JWT (local Bearer tokens) ###

###> Reverse Proxy Configuration ###
# If the app is behind a reverse proxy (Nginx, Apache, load balancer, etc.),
# configure which proxies are trusted to set X-Forwarded-* headers.
# This is essential for SSO (CAS, OpenID) to build correct callback URLs.
#
# Options for TRUSTED_PROXIES (comma-separated):
#   - Specific IPs: '192.168.1.1,10.0.0.1'
#   - CIDR ranges: '10.0.0.0/8,172.16.0.0/12'
#   - 'private_ranges': All private IPv4/IPv6 subnets (10.x, 172.16-31.x, 192.168.x, etc.)
#   - 'REMOTE_ADDR': Trust the immediate connecting IP (use with single-hop proxies)
#
# Example for typical reverse proxy setup:
TRUSTED_PROXIES=private_ranges,REMOTE_ADDR

# Headers to trust from reverse proxies (comma-separated, lowercase).
# These headers are used to detect the original protocol, host, and client IP.
# Only processed if the request comes from a TRUSTED_PROXIES address.
# Keep x-forwarded-proto to detect HTTPS; REMOVE it if your proxy cannot be fully trusted.
TRUSTED_HEADERS=x-forwarded-for,x-forwarded-host,x-forwarded-proto,x-forwarded-port,x-forwarded-prefix
###< Reverse Proxy Configuration ###

###> symfony/mailer ###
# MAILER_DSN=smtp://localhost
###< symfony/mailer ###

###> doctrine/doctrine-bundle ###
# Format described at https://www.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html
# IMPORTANT: You must configure your database server version, either here or in config/packages/doctrine.yaml
# SQLite configuration (default)
DB_DRIVER=pdo_sqlite
DB_HOST=
DB_PORT=
DB_NAME=
DB_USER=
DB_PASSWORD=
DB_CHARSET=
DB_SERVER_VERSION=3.32
DB_PATH=/mnt/data/exelearning.db

# MySQL configuration
# DB_DRIVER=pdo_mysql
# DB_HOST=db
# DB_PORT=3306
# DB_NAME=exelearning
# DB_USER=root
# DB_PASSWORD=secret
# DB_CHARSET=utf8mb4
# DB_SERVER_VERSION=8.0
# DB_PATH=

# PostgreSQL configuration
# DB_DRIVER=pdo_pgsql
# DB_HOST=db
# DB_PORT=5432
# DB_NAME=exelearning
# DB_USER=myuser
# DB_PASSWORD=mypassword
# DB_CHARSET=utf8
# DB_SERVER_VERSION=13
# DB_PATH=
###< doctrine/doctrine-bundle ###

###> Files, cache, and logs directories ###
FILES_DIR="/mnt/data/"
CACHE_DIR=""
LOG_DIR=""
TMP_CLEANUP_KEY=
###< Files, cache, and logs directories ###

###> User Storage and File Upload Limits ###
# Maximum disk space per user in MB
USER_STORAGE_MAX_DISK_SPACE=1024

# Default quota for new users in MB (leave empty for unlimited)
# This value is used as the default when creating new users from the admin panel
DEFAULT_QUOTA=4096

# Whether autosaved files count towards user storage quota (true/false)
COUNT_USER_AUTOSAVE_SPACE_ODE_FILES=true

# Maximum file upload size in MB (application level)
# This limit will be compared with PHP limits (upload_max_filesize, post_max_size, memory_limit)
# The most restrictive limit will be enforced
FILE_UPLOAD_MAX_SIZE=1024
###< User Storage and File Upload Limits ###

###> Autosave Configuration ###
# Time interval for autosave in seconds
PERMANENT_SAVE_AUTOSAVE_TIME_INTERVAL=600

# Maximum number of autosaved files to maintain
PERMANENT_SAVE_AUTOSAVE_MAX_NUMBER_OF_FILES=10

# Enable/disable autosave functionality (true/false)
AUTOSAVE_ODE_FILES_FUNCTION=true
###< Autosave Configuration ###

###> Application Features ###
# Enable/disable version control (true/false)
VERSION_CONTROL=true

# Default visibility for new projects
# Options: "private" (only owner/collaborators), "public" (anyone with link)
DEFAULT_PROJECT_VISIBILITY=private

# Number of recent ODE files to show
USER_RECENT_ODE_FILES_AMOUNT=3

# Collaborative blocking level: "page" blocks entire pages, "idevice" blocks individual devices
COLLABORATIVE_BLOCK_LEVEL=idevice
###< Application Features ###

###> Google ###
GOOGLE_CLIENT_ID=example.com.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=example.com
###< Google ###

###> Dropbox ###
DROPBOX_CLIENT_ID=example.com
DROPBOX_CLIENT_SECRET=example.com
###< Dropbox ###

###> openEQUELLA ###
OPENEQUELLA_CLIENT_ID=example.com
OPENEQUELLA_CLIENT_SECRET=example.com
###< openEQUELLA ###

###> Redis Configuration (for multi-instance deployments) ###
# Redis host for Yjs WebSocket synchronization across instances
# Leave empty for single-instance deployments
# Example: REDIS_HOST=redis (docker) or REDIS_HOST=localhost
REDIS_HOST=

# Redis port (default: 6379)
REDIS_PORT=6379

# Redis password (optional)
REDIS_PASSWORD=
###< Redis Configuration ###

###> Multiple Platform Providers Configuration ###
# Support for multiple educational platform providers (e.g., Moodle, Moodle Workplace, Others etc.)
# Each provider needs a URL, token, and unique identifier
# Use comma-separated values with positional mapping (same order for all three variables)

# Provider URLs - base URLs for each platform
# Example: PROVIDER_URLS=https://moodle_lms.com,https://moodle_workplace.example.com,https://custom_lms.example.com
PROVIDER_URLS=

# Provider tokens - authentication tokens/secrets for each platform
# Example: PROVIDER_TOKENS=moodle_lms_token,workplace_token,custom_lms_token
PROVIDER_TOKENS=

# Provider IDs - unique identifiers for each platform
# Example: PROVIDER_IDS=moodlelms,workplace,custommoodle
PROVIDER_IDS=

# Default provider fallback settings
DEFAULT_PROVIDER_URL=
DEFAULT_PROVIDER_TOKEN=
DEFAULT_PROVIDER_ID=
###< Multiple Platform Providers Configuration ###

###> Project Cleanup Settings ###
# Enable automatic cleanup of unsaved and guest projects (true/false)
CLEANUP_ENABLED=false

# Interval between cleanup runs in hours (default: 24)
CLEANUP_INTERVAL_HOURS=24

# Age in hours after which unsaved projects (saved_once=0) are deleted (default: 24)
CLEANUP_UNSAVED_AGE_HOURS=24

# Age in days after which guest user projects are deleted (default: 7)
CLEANUP_GUEST_AGE_DAYS=7
###< Project Cleanup Settings ###