version: v26.2.0

dsn: ${KRATOS_DSN}

serve:
    public:
        base_url: http://localhost:4433/
        cors:
            enabled: true
            allowed_origins:
                - http://backend:{{BACKEND_PORT}}
                - http://localhost:{{USERFRONT_PORT}}
    admin:
        base_url: http://localhost:4434/

session:
    cookie:
        domain: ${KRATOS_SESSION_COOKIE_DOMAIN}
        same_site: Lax
        path: /

selfservice:
    default_browser_return_url: http://localhost:{{USERFRONT_PORT}}/
    allowed_return_urls:
        - http://localhost:{{USERFRONT_PORT}}
        - http://localhost:{{USERFRONT_PORT}}/
        - http://localhost:{{USERFRONT_PORT}}/ko
        - http://localhost:{{USERFRONT_PORT}}/ko/
        - http://localhost:{{USERFRONT_PORT}}/en
        - http://localhost:{{USERFRONT_PORT}}/en/
        - http://localhost:{{USERFRONT_PORT}}/auth/callback
        - http://localhost:{{USERFRONT_PORT}}/ko/auth/callback
        - http://localhost:{{USERFRONT_PORT}}/en/auth/callback

    methods:
        password:
            enabled: true
        link:
            enabled: true
        code:
            enabled: true
            passwordless_enabled: true

    flows:
        error:
            ui_url: http://localhost:{{USERFRONT_PORT}}/error
        settings:
            ui_url: http://localhost:{{USERFRONT_PORT}}/error?error=settings_disabled
            privileged_session_max_age: 15m
        recovery:
            ui_url: http://localhost:{{USERFRONT_PORT}}/recovery
            use: code
        verification:
            ui_url: http://localhost:{{USERFRONT_PORT}}/verification
            use: code
        logout:
            after:
                default_browser_return_url: http://localhost:{{USERFRONT_PORT}}/login
        login:
            ui_url: http://localhost:{{USERFRONT_PORT}}/login
            lifespan: 10m
        registration:
            ui_url: http://localhost:{{USERFRONT_PORT}}/registration
            lifespan: 10m

log:
    level: debug
    format: text
    leak_sensitive_values: true

secrets:
    cookie:
        - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
    cipher:
        - 32-LONG-SECRET-NOT-SECURE-AT-ALL

ciphers:
    algorithm: xchacha20-poly1305

hashers:
    algorithm: bcrypt
    bcrypt:
        cost: 8

identity:
    default_schema_id: default
    schemas:
        - id: default
          url: file:///etc/config/kratos/identity.schema.json

courier:
    template_override_path: /etc/config/kratos/courier-templates
    delivery_strategy: http
    http:
        request_config:
            url: http://backend:{{BACKEND_PORT}}/api/v1/auth/webhooks/kratos-courier
            method: POST
            body: file:///etc/config/kratos/courier-http.jsonnet
            headers:
                Content-Type: application/json
    smtp:
        connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true