# ============================================================
# CVE MONITOR - CONFIGURATION FILE
# ============================================================
# Copy this file to .env and adjust values for your environment


# ============================================================
# APPLICATION SETTINGS
# ============================================================
APP_NAME=CVE Monitor
APP_VERSION=1.0.0
DEBUG=False
HOST=0.0.0.0
PORT=5000


# ============================================================
# DATABASE CONFIGURATION
# ============================================================
DATABASE_PATH=./cve_db/cve_cache.db
DATABASE_WAL_MODE=True
DATABASE_CACHE_SIZE=10000


# ============================================================
# LOGGING CONFIGURATION
# ============================================================
LOG_LEVEL=INFO
LOG_FORMAT=%(asctime)s - %(name)s - %(levelname)s - %(message)s
LOG_FILE=./logs/cve_monitor.log
LOG_MAX_BYTES=10485760
LOG_BACKUP_COUNT=5


# ============================================================
# AUTO-UPDATE CONFIGURATION
# ============================================================
# Enable automatic CVE updates in background
ENABLE_AUTO_UPDATE=True

# How often to check for new CVEs (in hours)
UPDATE_INTERVAL_HOURS=1

# How many days back to fetch CVEs on first run
INITIAL_LOOKBACK_DAYS=365

# Cache duration in hours before considering data stale
CACHE_HOURS=24


# ============================================================
# EXTERNAL API KEYS (Optional but Recommended)
# ============================================================
# NVD API Key - Get yours at: https://nvd.nist.gov/developers/request-an-api-key
# Without API key: 5 requests per 30 seconds
# With API key: 50 requests per 30 seconds
NVD_API_KEY=

# GitHub Personal Access Token - Get yours at: https://github.com/settings/tokens
# Increases rate limit from 60 to 5000 requests per hour
GITHUB_TOKEN=


# ============================================================
# API ENDPOINTS (Advanced - Don't change unless necessary)
# ============================================================
NVD_API_URL=https://services.nvd.nist.gov/rest/json/cves/2.0
GITHUB_ADVISORIES_URL=https://api.github.com/advisories
NVD_TIMEOUT=30
GITHUB_TIMEOUT=15


# ============================================================
# GUNICORN CONFIGURATION (Production)
# ============================================================
WORKERS=4
WORKER_TIMEOUT=120
WORKER_CLASS=sync
MAX_REQUESTS=1000
MAX_REQUESTS_JITTER=50


# ============================================================
# SECURITY SETTINGS
# ============================================================
# Enable/disable security headers
ENABLE_SECURITY_HEADERS=True

# Enable rate limiting to prevent abuse
ENABLE_RATE_LIMITING=True

# Rate limit: requests per minute per IP
RATE_LIMIT_PER_MINUTE=60

# Enable gzip compression
ENABLE_COMPRESSION=True

# Enable ETag for caching
ENABLE_ETAG=True

# Content Security Policy
CSP_DEFAULT_SRC='self'
CSP_SCRIPT_SRC='self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com
CSP_STYLE_SRC='self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com
CSP_FONT_SRC='self' cdnjs.cloudflare.com
CSP_IMG_SRC='self' data:
CSP_CONNECT_SRC='self' cdn.jsdelivr.net

# X-Frame-Options: DENY, SAMEORIGIN, or ALLOW-FROM uri
X_FRAME_OPTIONS=DENY

# HSTS max age in seconds (1 year = 31536000)
HSTS_MAX_AGE=31536000


# ============================================================
# FEATURE FLAGS
# ============================================================
# Enable/disable specific features
ENABLE_CHARTS=True
ENABLE_SEARCH=True
ENABLE_EXPORT=True
ENABLE_DARK_MODE=True
ENABLE_PAGINATION=True


# ============================================================
# UI CONFIGURATION
# ============================================================
# Items per page in CVE list
ITEMS_PER_PAGE=50

# Maximum search results to display
MAX_SEARCH_RESULTS=50


# ============================================================
# CDN URLS (for offline use, download and host locally)
# ============================================================
BOOTSTRAP_CSS_CDN=https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css
BOOTSTRAP_JS_CDN=https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js
FONTAWESOME_CDN=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css
CHARTJS_CDN=https://cdn.jsdelivr.net/npm/chart.js@4.4.1/dist/chart.umd.js


# ============================================================
# DOCKER SPECIFIC SETTINGS
# ============================================================
# Set to True when running inside Docker
IS_DOCKER=False

# Timezone for Docker container
TZ=Europe/Warsaw


# ============================================================
# MONITORED VENDORS
# ============================================================
# Comma-separated list of vendor codes to monitor
# Available: microsoft,apple,fortinet,cisco,adobe,oracle,google,linux,vmware,paloalto,docker,kubernetes
MONITORED_VENDORS=microsoft,apple,cisco,fortinet,oracle,google,linux


# ============================================================
# NOTIFICATION SETTINGS (Future Feature)
# ============================================================
# Discord webhook for critical CVE notifications
DISCORD_WEBHOOK_URL=

# Slack webhook for notifications
SLACK_WEBHOOK_URL=

# Email notifications
SMTP_SERVER=
SMTP_PORT=587
SMTP_USERNAME=
SMTP_PASSWORD=
SMTP_FROM=cve-monitor@example.com
SMTP_TO=admin@example.com

# Notification thresholds
NOTIFY_ON_CRITICAL=True
NOTIFY_ON_HIGH=False
NOTIFY_MIN_CVSS=9.0


# ============================================================
# BACKUP CONFIGURATION
# ============================================================
# Enable automatic database backups
ENABLE_BACKUPS=True

# Backup directory
BACKUP_DIR=./backups

# How many backup files to keep
BACKUP_RETENTION_DAYS=30

# Backup interval in hours
BACKUP_INTERVAL_HOURS=24


# ============================================================
# PROMETHEUS METRICS (Future Feature)
# ============================================================
ENABLE_METRICS=False
METRICS_PORT=9090


# ============================================================
# DEVELOPMENT SETTINGS
# ============================================================
# Enable Flask debug toolbar (development only)
FLASK_DEBUG_TOOLBAR=False

# Enable SQL query logging
SQL_DEBUG=False

# Disable security features for local development
# WARNING: Never use in production!
DEV_MODE=False


# ============================================================
# HEALTH CHECK
# ============================================================
# Health check endpoint timeout
HEALTH_CHECK_TIMEOUT=5


# ============================================================
# CORS SETTINGS (if using as API backend)
# ============================================================
ENABLE_CORS=False
CORS_ORIGINS=*


# Discord Bot Configuration
ENABLE_DISCORD_BOT=True
DISCORD_BOT_TOKEN=YOUR_BOT_TOKEN_HERE
DISCORD_CHANNEL_ID=1234567890123456789
DISCORD_CHECK_INTERVAL_MINUTES=60
DISCORD_NOTIFY_CRITICAL=True
DISCORD_NOTIFY_HIGH=True
DISCORD_MIN_CVSS=7.0


# ============================================================
# NOTES
# ============================================================
# 1. Boolean values: True/False (case-sensitive)
# 2. Empty values will use defaults from config.py
# 3. Paths can be absolute or relative to project root
# 4. For production, always set DEBUG=False
# 5. Get NVD API key to avoid rate limits
# 6. Use strong CSP in production
# 7. Enable HTTPS in production (handled by reverse proxy)