version: v26.2.0

dsn: ${KRATOS_DSN}

serve:
    public:
        base_url: http://localhost:4433/
        cors:
            enabled: true
            allowed_origins:
                - http://localhost:5000
                - http://localhost:5173
                - http://localhost:5174
                - http://localhost:5175
                - http://backend:3000
                - http://baron_backend:3000
    admin:
        base_url: http://localhost:4434/

session:
    cookie:
        domain: hmac.kr
        same_site: Lax
        path: /

selfservice:
    default_browser_return_url: http://localhost:5000/
    allowed_return_urls:
        - http://localhost:5000
        - http://localhost:5000/
        - http://localhost:5000/ko
        - http://localhost:5000/ko/
        - http://localhost:5000/en
        - http://localhost:5000/en/
        - http://localhost:5000/auth/callback
        - http://localhost:5000/ko/auth/callback
        - http://localhost:5000/en/auth/callback
        - http://localhost:5173/auth/callback
        - http://localhost:5174/auth/callback
        - http://localhost:5175/auth/callback

    methods:
        password:
            enabled: true
        link:
            enabled: true
        code:
            enabled: true
            passwordless_enabled: true

    flows:
        error:
            ui_url: http://localhost:5000/error
        settings:
            ui_url: http://localhost:5000/error?error=settings_disabled
            privileged_session_max_age: 15m
        recovery:
            ui_url: http://localhost:5000/recovery
            use: code
        verification:
            ui_url: http://localhost:5000/verification
            use: code
        logout:
            after:
                default_browser_return_url: http://localhost:5000/login
        login:
            ui_url: http://localhost:5000/login
            lifespan: 10m
        registration:
            ui_url: http://localhost:5000/registration
            lifespan: 10m

log:
    level: debug
    format: text
    leak_sensitive_values: true

secrets:
    cookie:
        - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
    cipher:
        - 32-LONG-SECRET-NOT-SECURE-AT-ALL

ciphers:
    algorithm: xchacha20-poly1305

hashers:
    algorithm: bcrypt
    bcrypt:
        cost: 8

identity:
    default_schema_id: default
    schemas:
        - id: default
          url: file:///etc/config/kratos/identity.schema.json

courier:
    template_override_path: /etc/config/kratos/courier-templates
    delivery_strategy: http
    http:
        request_config:
            url: http://baron_backend:3000/api/v1/auth/webhooks/kratos-courier
            method: POST
            body: file:///etc/config/kratos/courier-http.jsonnet
            headers:
                Content-Type: application/json
    smtp:
        connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true