# 应用配置
APP_NAME=TradeMate
SECRET_KEY=change-this-to-a-random-secret-key
JWT_ALGORITHM=HS256
ACCESS_TOKEN_EXPIRE_MINUTES=60
REFRESH_TOKEN_EXPIRE_DAYS=30

# 数据库
DATABASE_URL=postgresql+asyncpg://tradmate:tradmate@localhost:5432/tradmate

# Redis
REDIS_URL=redis://localhost:6379/0

# Celery
CELERY_BROKER_URL=redis://localhost:6379/1
CELERY_RESULT_BACKEND=redis://localhost:6379/2

# AI 提供商（至少配置一个）
OPENAI_API_KEY=
ANTHROPIC_API_KEY=
DEEPL_API_KEY=

# 本地模型（可选）
LOCAL_MODEL_ENABLED=false
LOCAL_MODEL_URL=http://localhost:8001

# WhatsApp Cloud API
WHATSAPP_API_TOKEN=
WHATSAPP_PHONE_NUMBER_ID=
WHATSAPP_WEBHOOK_VERIFY_TOKEN=

# 微信小程序
WECHAT_APP_ID=
WECHAT_APP_SECRET=
WECHAT_PAY_MCH_ID=
WECHAT_PAY_API_KEY=
WECHAT_PAY_SERIAL_NO=
WECHAT_PAY_CERT_DIR=./certs
WECHAT_PAY_NOTIFY_URL=https://your-domain.com/api/v1/payment/notify

# 汇率 API（免费层即可）
EXCHANGE_RATE_API_KEY=

# 文件存储
UPLOAD_DIR=./uploads
MAX_UPLOAD_SIZE=10485760

# 错误监控 (Sentry)
SENTRY_DSN=
DEBUG=true

# URL
FRONTEND_URL=http://localhost:3000
BACKEND_URL=http://localhost:8000

# Security (CSRF/CORS) - CSRF protection is enabled by default
# Frontend must send X-CSRF-Token header with state-changing requests
# The token is provided via csrf_token cookie and X-CSRF-Token response header