"""

AlienCore Backend - config.py

All settings are read from environment variables so the server can be

configured without touching source code. Edit the defaults below only

for local development.

Deployment checklist:

AC_SECRET — long random string (openssl rand -hex 32)

AC_SMTP_USER — Gmail address you'll send PINs from

AC_SMTP_PASS — Gmail App Password (not your regular password)

AC_PAYPAL_EMAIL — your PayPal account email ([email protected])

AC_PAYPAL_MODE — "live" for real payments, "sandbox" for testing

Run the server:

pip install flask

python -m backend.server

"""

import os

import sys

# ── Server ────────────────────────────────────────────────────────────────────

BACKEND_HOST = os.getenv("AC_HOST", "0.0.0.0")

BACKEND_PORT = int(os.getenv("AC_PORT", "8765"))

# Long random secret — used to protect the /paypal/refund-support admin endpoint

SECRET_KEY = os.getenv("AC_SECRET", "CHANGE_ME_IN_PRODUCTION")

_paypal_mode = os.getenv("AC_PAYPAL_MODE", "live")

if SECRET_KEY == "CHANGE_ME_IN_PRODUCTION":

if _paypal_mode == "live":

print("FATAL: AC_SECRET is not set. Generate one with: openssl rand -hex 32", file=sys.stderr)

sys.exit(1)

else:

print("WARNING: AC_SECRET is not set — using insecure default (sandbox mode only).", file=sys.stderr)

# ── Email sending (Brevo HTTPS API) ───────────────────────────────────────────

# Uses Brevo's transactional email API over HTTPS (port 443). We use HTTPS

# rather than SMTP because cloud providers routinely block outbound SMTP.

# Sign up at https://brevo.com (free — 300 emails/day), verify your sender

# address, then generate an API key under SMTP & API → API Keys.

BREVO_API_KEY = os.getenv("AC_BREVO_API_KEY", "")

FROM_EMAIL = os.getenv("AC_FROM_EMAIL", "[email protected]")

FROM_NAME = "AlienCore"

# ── PayPal ────────────────────────────────────────────────────────────────────

# Set to your PayPal business account email.

# In PayPal → Profile → Account Settings → Notifications → IPN:

# Enable IPN, set Notification URL to https://YOUR_SERVER/paypal/ipn

PAYPAL_EMAIL = os.getenv("AC_PAYPAL_EMAIL", "[email protected]")

PAYPAL_MODE = os.getenv("AC_PAYPAL_MODE", "live") # "live" | "sandbox"

# ── License signing (Ed25519) ─────────────────────────────────────────────────

# AC_LICENSE_PRIVATE_KEY_PATH points at a PEM-encoded Ed25519 private key file

# (generated by tools/generate_license_keypair.py). The contents are signed

# into every /auth/check and /auth/verify-pin response so the client can

# prove the license payload came from this server (no MITM-flipped has_pro).

#

# AC_LICENSE_PRIVATE_KEY may alternatively contain the PEM bytes directly,

# for environments that prefer env vars over filesystem (Docker secrets,

# systemd EnvironmentFile, etc). If both are set, _PATH wins.

LICENSE_PRIVATE_KEY_PATH = os.getenv("AC_LICENSE_PRIVATE_KEY_PATH", "")

LICENSE_PRIVATE_KEY_PEM = os.getenv("AC_LICENSE_PRIVATE_KEY", "")

# ── Database ──────────────────────────────────────────────────────────────────

DB_PATH = os.getenv("AC_DB_PATH", "aliencore.db")

# ── Expiry ────────────────────────────────────────────────────────────────────

PIN_EXPIRY_MINUTES = 10

TOKEN_EXPIRY_DAYS = 30

# Hard cap on how long a single login session can live. Each /auth/check

# extends the rolling expiry by TOKEN_EXPIRY_DAYS, but we never extend past

# `issued_at + SESSION_MAX_LIFETIME_DAYS`, so a stolen token can't be kept

# alive forever by an attacker calling /auth/check once a month.

SESSION_MAX_LIFETIME_DAYS = 90

# ── Brute-force protection ───────────────────────────────────────────────────

# /auth/send-pin: cooldown between successive PIN requests for the same email,

# and a per-IP daily cap to prevent the endpoint becoming an open spam relay.

PIN_RESEND_COOLDOWN_SEC = 60

PIN_PER_IP_DAILY_CAP = 30

# /auth/verify-pin: PIN row is invalidated after this many failed attempts so

# a 6-digit PIN can't be brute-forced before it expires.

PIN_MAX_ATTEMPTS = 5

# /auth/verify-pin: per-IP daily cap on failed verify attempts. Defends

# against botnet-scale brute force where each IP only contributes 5 attempts

# per email but many IPs combine to crack the 6-digit space. 50 = 10 PIN

# cycles × 5 attempts/cycle, generous headroom for a legit user mis-typing.

PIN_VERIFY_PER_IP_DAILY_CAP = 50

# ── Products (item_number must match what you set in PayPal button) ───────────

PRODUCTS = {

"AC_BASE": {"name": "AlienCore — Lifetime License", "amount": "19.99"},

"AC_PRO": {"name": "AlienCore Pro Add-on", "amount": "4.99"},

}