safeLoad(); } $logLevelName = strtoupper((string) (getenv('LOG_LEVEL') ?: 'info')); $logLevel = match ($logLevelName) { 'DEBUG' => Level::Debug, 'NOTICE' => Level::Notice, 'WARNING' => Level::Warning, 'ERROR' => Level::Error, 'CRITICAL' => Level::Critical, 'ALERT' => Level::Alert, 'EMERGENCY' => Level::Emergency, default => Level::Info, }; $truthy = static fn (string $env, bool $default = false): bool => match (strtolower((string) (getenv($env) ?: ''))) { 'true', '1', 'yes', 'on' => true, 'false', '0', 'no', 'off' => false, '' => $default, default => $default, }; return [ 'app_env' => $appEnv, 'log_level' => $logLevel, 'public_url' => getenv('PUBLIC_URL') ?: 'http://localhost:8080', 'ui_secret' => getenv('UI_SECRET') ?: '', // BFF — talking to the api 'api_base_url' => getenv('API_BASE_URL') ?: '', 'ui_service_token' => getenv('UI_SERVICE_TOKEN') ?: '', 'api_timeout_seconds' => (float) (getenv('API_TIMEOUT_SECONDS') ?: 5), // OIDC — Microsoft Entra ID by default 'oidc_enabled' => $truthy('OIDC_ENABLED', true), 'oidc_issuer' => getenv('OIDC_ISSUER') ?: '', 'oidc_client_id' => getenv('OIDC_CLIENT_ID') ?: '', 'oidc_client_secret' => getenv('OIDC_CLIENT_SECRET') ?: '', 'oidc_redirect_uri' => getenv('OIDC_REDIRECT_URI') ?: '', // Local admin (UI-side credentials only) 'local_admin_enabled' => $truthy('LOCAL_ADMIN_ENABLED', true), 'local_admin_username' => getenv('LOCAL_ADMIN_USERNAME') ?: 'admin', 'local_admin_password_hash' => getenv('LOCAL_ADMIN_PASSWORD_HASH') ?: '', // Session: 8h inactivity, 24h absolute 'session_idle_seconds' => (int) (getenv('SESSION_IDLE_SECONDS') ?: 28800), 'session_absolute_seconds' => (int) (getenv('SESSION_ABSOLUTE_SECONDS') ?: 86400), ];