# Security Configuration Template
# Copy this to .env and fill in your actual values

# Airtable Configuration
AIRTABLE_PAT=your_airtable_personal_access_token
AIRTABLE_BASE=your_airtable_base_id
AIRTABLE_SESSIONS_TABLE=Sessions
AIRTABLE_USERS_TABLE=Users
AIRTABLE_ITEMS_TABLE=Items
AIRTABLE_ITEM_ADDONS_TABLE=Item Addons
AIRTABLE_SUBMISSIONS_TABLE=Submissions

# Slack Configuration
SLACK_SIGNING_SECRET=your_slack_signing_secret
SLACK_CLIENT_ID=your_slack_client_id
SLACK_CLIENT_SECRET=your_slack_client_secret

# Application Configuration
APP_BASE_URL=https://your-domain.com
GAME_ID_SALT=your_secure_random_salt_string

# Security Configuration
ENVIRONMENT=development  # development, staging, production
MAX_REQUEST_SIZE=1048576  # 1MB
RATE_LIMIT_REQUESTS=100  # requests per minute per IP
SESSION_TTL_HOURS=24

# CORS Configuration
# For development: use "*" to allow all origins
# For production: use comma-separated list of allowed domains
ALLOWED_ORIGINS=*
# Production example:
# ALLOWED_ORIGINS=https://yourgame.com,https://anothergame.com