# k6 測試專用設定（搭配 make k6-up + make k6-gateway）
#
# 與 dev 差異：
#   - Email: SMTP → MailHog（localhost:1025）；OTP 由 k6 透過 MailHog HTTP API 撈
#   - SMS  : provider=mock，並由 mock_sender 寫到 Redis（key: dev:notification:last:sms:<phone>）
#   - Permission.Casbin.Enabled: true（rbac journey）
#   - Zitadel: 用環境變數帶 PAT / OAuth secret
#
# 啟動：
#   export ZITADEL_SERVICE_TOKEN=$(cat deploy/zitadel/machinekey/zitadel-admin-sa.token)
#   ./gateway -f etc/gateway.k6.yaml
#   （或直接 make k6-gateway）

Name: gateway
Host: 0.0.0.0
Port: 8888

Mongo:
  Schema: mongodb
  Host: 127.0.0.1
  Port: 27017
  Database: gateway_k6
  TLS: false
  MaxPoolSize: 30
  MinPoolSize: 5
  MaxConnIdleTime: 30m

Redis:
  Host: localhost:6379
  Type: node

Notification:
  DefaultLocale: zh-tw
  Email:
    Provider: smtp
    From: noreply@k6.local
    SMTP:
      Enable: true
      Sort: 1
      Host: localhost
      Port: 1025
      Username: ""
      Password: ""
    SES:
      Enable: false
  SMS:
    Provider: mock
    Mitake:
      Enable: false
  Async:
    QueueRedisKey: notification:queue:k6
    Worker: 1
    MaxRetry: 2
    BackoffSeconds: [1, 3]
  RatePerTenant:
    Email: 1000
    SMS: 1000

Member:
  OTP:
    Length: 6
    TTLSeconds: 300
    MaxAttempts: 10
    ResendCooldownSeconds: 1
    DailyVerifyLimit: 200
  TOTP:
    Issuer: CloudEP-k6
    Algorithm: SHA1
    Digits: 6
    PeriodSeconds: 30
    Window: 1
    BackupCodeCount: 10
    BackupCodeLength: 12
    EnrollTTLSeconds: 600
    ReplayTTLSeconds: 90
    SecretKEK: "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
  Registration:
    RequireInviteCode: true
    TrustSocialEmailVerified: true

Auth:
  AccessExpire: 900
  RefreshExpire: 604800
  ActiveKID: v1
  AccessSecret: "k6-access-secret-32-bytes-min!!!"
  RefreshSecret: "k6-refresh-secret-32-bytes-min!!"
  RegistrationSessionTTLSeconds: 600

Permission:
  Casbin:
    Enabled: true
    ModelPath: etc/rbac.conf
    PolicyAdapter: auto
  Cache:
    UserRolesTTLSeconds: 10
    RolePermsTTLSeconds: 10
    CatalogTTLSeconds: 60
  Reload:
    Channel: casbin:reload:k6
    DebounceMilliseconds: 50
    HeartbeatSeconds: 60

# ServiceUserToken / OAuthClientSecret 由環境變數注入：
#   ZITADEL_SERVICE_TOKEN, ZITADEL_OAUTH_CLIENT_SECRET, ZITADEL_GOOGLE_CLIENT_SECRET
Zitadel:
  Issuer: http://localhost:8080
  APIBase: http://localhost:8080
  ServiceUserToken: ""
  DefaultOrgID: ""
  OAuthClientID: ""
  OAuthClientSecret: ""
  GoogleClientID: ""
  GoogleClientSecret: ""
  GoogleIdPID: ""
  JWKSUrl: ""
  TimeoutSeconds: 15