invy/.env.example

# Multi-Event Invitation Management System
# Environment Configuration
# ============================================
# IMPORTANT: Never commit secrets to git. Use this file locally only.
# For production, use secure secret management (environment variables, Kubernetes Secrets, etc.)

# ============================================
# DATABASE CONFIGURATION
# ============================================
# PostgreSQL database URL
# Format: postgresql://username:password@host:port/database_name
DATABASE_URL=postgresql://wedding_admin:Aa123456@localhost:5432/wedding_guests

# ============================================
# FRONTEND CONFIGURATION
# ============================================
# Frontend URL for CORS and redirects
# Used to allow requests from your frontend application
FRONTEND_URL=http://localhost:5173

# ============================================
# ADMIN LOGIN (Default Credentials)
# ============================================
# These are the default admin credentials for the system
# Username for admin login
ADMIN_USERNAME=admin

# Password for admin login (change in production!)
ADMIN_PASSWORD=wedding2025

# ============================================
# WHATSAPP CLOUD API CONFIGURATION
# ============================================
# Full setup guide: https://developers.facebook.com/docs/whatsapp/cloud-api
# Get these credentials from Meta's WhatsApp Business Platform

# 1. WHATSAPP_ACCESS_TOKEN
#    What is it: Your permanent access token for WhatsApp API
#    Where to get it:
#      1. Go to https://developers.facebook.com/
#      2. Select your WhatsApp Business Account app
#      3. Go to "System User" or "Settings" > "Apps & Sites"
#      4. Create/select a System User
#      5. Generate a permanent token with scopes:
#         - whatsapp_business_messaging
#         - whatsapp_business_management
#    How to get yours: Check your Meta Business Manager
WHATSAPP_ACCESS_TOKEN=YOUR_PERMANENT_ACCESS_TOKEN_HERE
# Example: EAAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

# 2. WHATSAPP_PHONE_NUMBER_ID
#    What is it: The ID of your WhatsApp Business phone number
#    Where to get it:
#      1. Go to https://developers.facebook.com/
#      2. Select your WhatsApp Business Account app
#      3. Go to "API Setup" or "Phone Numbers"
#      4. Find your phone number (registered WhatsApp SIM)
#      5. The ID will be shown there (usually 15+ digits)
#    Example format: 123456789012345
WHATSAPP_PHONE_NUMBER_ID=YOUR_PHONE_NUMBER_ID_HERE

# 3. WHATSAPP_API_VERSION
#    What is it: The API version to use (usually v20.0 or later)
#    Current version: v20.0
#    Update check: https://developers.facebook.com/docs/graph-api/changelog
WHATSAPP_API_VERSION=v20.0

# 4. WHATSAPP_TEMPLATE_NAME
#    What is it: The exact name of your approved message template in Meta
#    IMPORTANT: Must match exactly (case-sensitive) what you created in Meta
#    Where to get it:
#      1. Go to https://www.facebook.com/business/tools/meta-business-platform
#      2. Navigate to "Message Templates"
#      3. Look for your template (e.g., "wedding_invitation")
#      4. Copy the exact template name
#    Your template status must be "APPROVED" (not pending or rejected)
#    
#    Example template body (Hebrew wedding invitation):
#    היי {{1}} 🤍
#    זה קורה! 🎉
#    {{2}} ו-{{3}} מתחתנים ונשמח שתהיה/י איתנו ברגע המיוחד הזה ✨
#    📍 האולם: "{{4}}"
#    📅 התאריך: {{5}}
#    🕒 השעה: {{6}}
#    לאישור הגעה ופרטים נוספים:
#    {{7}}
#    מתרגשים ומצפים לראותך 💞
#
#    Template variables auto-filled by system:
#    {{1}} = Guest first name (or "חבר" if empty)
#    {{2}} = Partner 1 name (you provide: e.g., "David")
#    {{3}} = Partner 2 name (you provide: e.g., "Sarah")
#    {{4}} = Venue name (you provide: e.g., "Grand Hall")
#    {{5}} = Event date (auto-formatted to DD/MM)
#    {{6}} = Event time (you provide: HH:mm format)
#    {{7}} = RSVP link (you provide custom URL)
WHATSAPP_TEMPLATE_NAME=wedding_invitation

# 5. WHATSAPP_LANGUAGE_CODE
#    What is it: Language code for the template
#    Values for your template: Usually "he" for Hebrew
#    Other examples: "en" (English), "en_US" (US English)
#    Meta uses either ISO 639-1 (he) or Meta format (he_IL)
#    Check your template settings to see which format is used
WHATSAPP_LANGUAGE_CODE=he

# 6. WHATSAPP_VERIFY_TOKEN (Optional - only for webhooks)
#    What is it: Token for verifying webhook callbacks from Meta
#    Only needed if you want to receive message status updates
#    Create any secure string for this
#    Where to use:
#      1. Go to App Settings > Webhooks
#      2. Set this token as your "Verify Token"
#    Optional - can leave empty if not using webhooks
WHATSAPP_VERIFY_TOKEN=your_webhook_verify_token_optional

# ============================================
# GOOGLE OAUTH CONFIGURATION (OPTIONAL)
# ============================================
# Only needed if using Google Contacts import feature
# Get these from Google Cloud Console: https://console.cloud.google.com/

# Google OAuth Client ID
GOOGLE_CLIENT_ID=your_google_client_id_here.apps.googleusercontent.com

# Google OAuth Client Secret
GOOGLE_CLIENT_SECRET=your_google_client_secret_here

# Google OAuth Redirect URI (must match in Google Cloud Console)
GOOGLE_REDIRECT_URI=http://localhost:8000/auth/google/callback

# ============================================
# TESTING CONFIGURATION
# ============================================
# Email to use as test user when developing
TEST_USER_EMAIL=test@example.com

# ============================================
# APPLICATION CONFIGURATION
# ============================================
# Logging level: DEBUG, INFO, WARNING, ERROR, CRITICAL
LOG_LEVEL=INFO

# API port (default: 8000)
API_PORT=8000

# API host (default: 0.0.0.0 for all interfaces)
API_HOST=0.0.0.0

# Application environment: development, staging, production
ENVIRONMENT=development

# ============================================
# QUICK SETUP CHECKLIST
# ============================================
# Follow these steps to get your WhatsApp integration working:
#
# 1. Get WhatsApp Credentials:
#    [ ] Go to https://developers.facebook.com/
#    [ ] Set up WhatsApp Business Account
#    [ ] Register a WhatsApp phone number (get Phone Number ID)
#    [ ] Generate permanent access token
#    [ ] Copy your template name from Meta Business Manager
#
# 2. Create Message Template (if not already done):
#    [ ] In Meta Business Manager, go to Message Templates
#    [ ] Create new template with your content
#    [ ] Wait for Meta approval (usually 24 hours)
#    [ ] Verify status is "APPROVED"
#
# 3. Fill in this .env file:
#    [ ] WHATSAPP_ACCESS_TOKEN
#    [ ] WHATSAPP_PHONE_NUMBER_ID
#    [ ] WHATSAPP_TEMPLATE_NAME (must match Meta exactly)
#    [ ] WHATSAPP_LANGUAGE_CODE
#
# 4. Test the integration:
#    [ ] Start backend server
#    [ ] Create a test event
#    [ ] Add your phone number as a guest
#    [ ] Select guest and click "שלח בוואטסאפ"
#    [ ] Verify message arrives in WhatsApp
#
# ============================================
# PRODUCTION DEPLOYMENT NOTES
# ============================================
# Before deploying to production:
#
# 1. NEVER commit this file with real secrets to git
# 2. Move secrets to environment variables or secrets manager:
#    - Kubernetes Secrets (if using K8s)
#    - AWS Secrets Manager
#    - Google Secret Manager
#    - Azure Key Vault
#    - Environment variables in deployment
#
# 3. Use stronger credentials:
#    - Change ADMIN_PASSWORD to something secure
#    - Rotate access tokens regularly
#    - Use separate tokens per environment
#
# 4. Enable HTTPS:
#    - Update FRONTEND_URL to use https://
#    - Update GOOGLE_REDIRECT_URI to use https://
#    - Get SSL certificates
#
# 5. Database security:
#    - Use strong password for DATABASE_URL
#    - Enable SSL for database connections
#    - Regular backups
#    - Restrict network access
#
# 6. Monitoring:
#    - Set LOG_LEVEL=WARNING for production
#    - Monitor API rate limits from Meta
#    - Track WhatsApp message delivery
#    - Log all authentication events