# Configuration UnionFlow Server - PRODUCTION
# Ce fichier est utilisé avec le profil Quarkus "prod"

# Configuration HTTP
quarkus.http.port=8085
quarkus.http.host=0.0.0.0

# Configuration CORS - Production (strict)
quarkus.http.cors=true
quarkus.http.cors.origins=${CORS_ORIGINS:https://unionflow.lions.dev,https://security.lions.dev}
quarkus.http.cors.methods=GET,POST,PUT,DELETE,OPTIONS
quarkus.http.cors.headers=Content-Type,Authorization
quarkus.http.cors.allow-credentials=true

# Configuration Base de données PostgreSQL - Production
quarkus.datasource.db-kind=postgresql
quarkus.datasource.username=${DB_USERNAME:unionflow}
quarkus.datasource.password=${DB_PASSWORD}
quarkus.datasource.jdbc.url=${DB_URL:jdbc:postgresql://localhost:5432/unionflow}
quarkus.datasource.jdbc.min-size=5
quarkus.datasource.jdbc.max-size=20

# Configuration Hibernate - Production (IMPORTANT: update, pas drop-and-create)
quarkus.hibernate-orm.database.generation=update
quarkus.hibernate-orm.log.sql=false
quarkus.hibernate-orm.jdbc.timezone=UTC
quarkus.hibernate-orm.packages=dev.lions.unionflow.server.entity
quarkus.hibernate-orm.metrics.enabled=false

# Configuration Flyway - Production (ACTIVÉ)
quarkus.flyway.migrate-at-start=true
quarkus.flyway.baseline-on-migrate=true
quarkus.flyway.baseline-version=1.0.0

# Configuration Keycloak OIDC - Production
quarkus.oidc.auth-server-url=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.dev/realms/unionflow}
quarkus.oidc.client-id=unionflow-server
quarkus.oidc.credentials.secret=${KEYCLOAK_CLIENT_SECRET}
quarkus.oidc.tls.verification=required
quarkus.oidc.application-type=service

# Configuration Keycloak Policy Enforcer
quarkus.keycloak.policy-enforcer.enable=false
quarkus.keycloak.policy-enforcer.lazy-load-paths=true
quarkus.keycloak.policy-enforcer.enforcement-mode=PERMISSIVE

# Chemins publics (non protégés)
quarkus.http.auth.permission.public.paths=/health,/q/*,/favicon.ico
quarkus.http.auth.permission.public.policy=permit

# Configuration OpenAPI - Production (Swagger désactivé ou protégé)
quarkus.smallrye-openapi.info-title=UnionFlow Server API
quarkus.smallrye-openapi.info-version=1.0.0
quarkus.smallrye-openapi.info-description=API REST pour la gestion d'union avec authentification Keycloak
quarkus.smallrye-openapi.servers=https://api.lions.dev/unionflow

# Configuration Swagger UI - Production (DÉSACTIVÉ pour sécurité)
quarkus.swagger-ui.always-include=false

# Configuration santé
quarkus.smallrye-health.root-path=/health

# Configuration logging - Production
quarkus.log.console.enable=true
quarkus.log.console.level=INFO
quarkus.log.console.format=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{2.}] (%t) %s%e%n
quarkus.log.category."dev.lions.unionflow".level=INFO
quarkus.log.category."org.hibernate".level=WARN
quarkus.log.category."io.quarkus".level=INFO
quarkus.log.category."org.jboss.resteasy".level=WARN

# Configuration Wave Money - Production
wave.api.key=${WAVE_API_KEY:}
wave.api.secret=${WAVE_API_SECRET:}
wave.api.base.url=${WAVE_API_BASE_URL:https://api.wave.com/v1}
wave.environment=${WAVE_ENVIRONMENT:production}
wave.webhook.secret=${WAVE_WEBHOOK_SECRET:}