version: v25.4.0

dsn: ${DSN}

serve:
    public:
        base_url: http://localhost:4433/
        cors:
            enabled: true
            allowed_origins:
                - http://backend:{{BACKEND_PORT}}
    admin:
        base_url: http://localhost:4434/

session:
    cookie:
        domain: hmac.kr
        same_site: Lax
        path: /

selfservice:
    default_browser_return_url: http://localhost:{{USERFRONT_PORT}}/
    allowed_return_urls:
        - http://backend:{{BACKEND_PORT}}
        - http://backend:{{BACKEND_PORT}}/
        - http://localhost:{{USERFRONT_PORT}}
        - https://app.brsw.kr
        - https://app.brsw.kr/
        - https://sss.hmac.kr
        - https://sss.hmac.kr/
        - https://sso.hmac.kr
        - https://sso.hmac.kr/
        - https://ssologin.hmac.kr
        - https://ssologin.hmac.kr/
        - https://sso-test.hmac.kr
        - https://sso-test.hmac.kr/
        - https://ssob.hmac.kr
        - https://ssob.hmac.kr/
        - https://ssob.hmac.kr/ko
        - https://ssob.hmac.kr/ko/
        - https://ssob.hmac.kr/en
        - https://ssob.hmac.kr/en/
        - https://ssob.hmac.kr/auth/callback
        - https://ssob.hmac.kr/ko/auth/callback
        - https://ssob.hmac.kr/en/auth/callback

    methods:
        password:
            enabled: true
        link:
            enabled: true
        code:
            enabled: true
            passwordless_enabled: true

    flows:
        error:
            ui_url: http://localhost:{{USERFRONT_PORT}}/error
        settings:
            ui_url: http://localhost:{{USERFRONT_PORT}}/error?error=settings_disabled
            privileged_session_max_age: 15m
        recovery:
            ui_url: http://localhost:{{USERFRONT_PORT}}/recovery
            use: code
        verification:
            ui_url: http://localhost:{{USERFRONT_PORT}}/verification
            use: code
        logout:
            after:
                default_browser_return_url: http://localhost:{{USERFRONT_PORT}}/login
        login:
            ui_url: http://localhost:{{USERFRONT_PORT}}/login
            lifespan: 10m
        registration:
            ui_url: http://localhost:{{USERFRONT_PORT}}/registration
            lifespan: 10m

log:
    level: debug
    format: text
    leak_sensitive_values: true

secrets:
    cookie:
        - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
    cipher:
        - 32-LONG-SECRET-NOT-SECURE-AT-ALL

ciphers:
    algorithm: xchacha20-poly1305

hashers:
    algorithm: bcrypt
    bcrypt:
        cost: 8

identity:
    default_schema_id: default
    schemas:
        - id: default
          url: file:///etc/config/kratos/identity.schema.json

courier:
    template_override_path: /etc/config/kratos/courier-templates
    delivery_strategy: http
    http:
        request_config:
            url: http://backend:{{BACKEND_PORT}}/api/v1/auth/webhooks/kratos-courier
            method: POST
            body: file:///etc/config/kratos/courier-http.jsonnet
            headers:
                Content-Type: application/json
    smtp:
        connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true