# ===========================================
# CLINICAS - Variables de Entorno
# ===========================================
# Copiar este archivo a .env y configurar valores
# Puertos según DEVENV-PORTS.md
# NOTA: Este sistema requiere cumplimiento NOM-024 y LFPDPPP

# -------------------------------------------
# BASE DE DATOS POSTGRESQL
# -------------------------------------------
DB_HOST=localhost
DB_PORT=5437
DB_NAME=clinicas_db
DB_USER=clinicas_user
DB_PASSWORD=clinicas_secret_2025

# URL de conexion completa
DATABASE_URL=postgresql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}

# -------------------------------------------
# SCHEMAS DE BASE DE DATOS
# -------------------------------------------
# Schemas heredados de erp-core
DB_SCHEMA_AUTH=auth
DB_SCHEMA_CORE=core
DB_SCHEMA_INVENTORY=inventory

# Schemas propios de clínicas
DB_SCHEMA_CLINICAL=clinical
DB_SCHEMA_PHARMACY=pharmacy
DB_SCHEMA_LABORATORY=laboratory
DB_SCHEMA_IMAGING=imaging
DB_SCHEMA_TELEMEDICINE=telemedicine

# -------------------------------------------
# APLICACION
# -------------------------------------------
APP_NAME=clinicas
APP_ENV=development
APP_PORT=3061
APP_URL=http://localhost:3061

# -------------------------------------------
# FRONTEND
# -------------------------------------------
FRONTEND_PORT=3060
FRONTEND_URL=http://localhost:3060

# -------------------------------------------
# AUTENTICACION JWT
# -------------------------------------------
JWT_SECRET=your_jwt_secret_here_change_in_production
JWT_EXPIRES_IN=8h
JWT_REFRESH_EXPIRES_IN=24h

# -------------------------------------------
# TWO-FACTOR AUTHENTICATION (OBLIGATORIO)
# -------------------------------------------
# Requerido para personal médico según LFPDPPP
TWO_FACTOR_ENABLED=true
TWO_FACTOR_METHOD=totp
TOTP_ISSUER=ERP-Clinicas
TOTP_WINDOW=1

# SMS 2FA (Twilio)
TWILIO_ACCOUNT_SID=
TWILIO_AUTH_TOKEN=
TWILIO_PHONE_FROM=

# -------------------------------------------
# ENCRIPTACION DE DATOS SENSIBLES (LFPDPPP)
# -------------------------------------------
# CRITICO: Cambiar en producción
ENCRYPTION_KEY=your_32_byte_encryption_key_here
ENCRYPTION_ALGORITHM=aes-256-gcm
ENCRYPTION_IV_LENGTH=16

# Campos encriptados automáticamente:
# - antecedentes_medicos
# - alergias
# - diagnosticos
# - notas_clinicas

# -------------------------------------------
# MULTI-TENANT
# -------------------------------------------
TENANT_ID_HEADER=X-Tenant-ID
TENANT_ID_PARAM=tenant_id

# -------------------------------------------
# ALMACENAMIENTO DE ARCHIVOS
# -------------------------------------------
STORAGE_TYPE=local
STORAGE_PATH=./uploads
# Para producción usar S3 con encriptación:
# STORAGE_TYPE=s3
# AWS_ACCESS_KEY_ID=
# AWS_SECRET_ACCESS_KEY=
# AWS_REGION=us-east-1
# AWS_S3_BUCKET=clinicas-files
# AWS_S3_ENCRYPTION=AES256

# -------------------------------------------
# NOTIFICACIONES
# -------------------------------------------
# Email (SMTP)
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USER=
SMTP_PASSWORD=
SMTP_FROM=noreply@clinicas-erp.com

# SMS para recordatorios de citas
SMS_PROVIDER=twilio
SMS_REMINDER_HOURS_BEFORE=24

# -------------------------------------------
# FACTURACION ELECTRONICA (SAT)
# -------------------------------------------
SAT_ENVIRONMENT=sandbox
SAT_RFC=
SAT_CER_PATH=./certs/csd.cer
SAT_KEY_PATH=./certs/csd.key
SAT_KEY_PASSWORD=

# -------------------------------------------
# LOGGING Y AUDITORIA
# -------------------------------------------
LOG_LEVEL=debug
LOG_FORMAT=json

# Auditoría de accesos (NOM-024)
AUDIT_ENABLED=true
AUDIT_RETENTION_YEARS=10
AUDIT_LOG_MEDICAL_RECORD_ACCESS=true
AUDIT_LOG_PRESCRIPTION_CREATED=true
AUDIT_LOG_PATIENT_DATA_MODIFIED=true

# -------------------------------------------
# REDIS (Cache y Colas)
# -------------------------------------------
REDIS_HOST=localhost
REDIS_PORT=6384
REDIS_PASSWORD=

# -------------------------------------------
# CORS
# -------------------------------------------
CORS_ORIGIN=http://localhost:3060,http://localhost:3061

# -------------------------------------------
# EXPEDIENTE CLINICO (NOM-024-SSA3-2012)
# -------------------------------------------
# Estructura SOAP obligatoria
NOM024_SOAP_REQUIRED=true
NOM024_CIE10_VALIDATION=true
NOM024_PRESCRIPTION_SIGNATURE_REQUIRED=true
NOM024_CONSENT_REQUIRED=true

# -------------------------------------------
# TELEMEDICINA (Opcional)
# -------------------------------------------
TELEMEDICINE_ENABLED=false
TELEMEDICINE_PROVIDER=jitsi
TELEMEDICINE_SERVER_URL=
TELEMEDICINE_RECORDING_ENABLED=false

# -------------------------------------------
# IMAGENOLOGIA DICOM (Opcional)
# -------------------------------------------
DICOM_ENABLED=false
DICOM_SERVER_HOST=
DICOM_SERVER_PORT=4242
DICOM_AE_TITLE=CLINICAS_ERP

# -------------------------------------------
# INTEROPERABILIDAD (HL7/FHIR)
# -------------------------------------------
HL7_ENABLED=false
HL7_ENDPOINT=
FHIR_ENABLED=false
FHIR_SERVER_URL=