version: "3.8"

services:
  bill-tracker:
    image: dream.scheller.ltd/null/billtracker:latest
    container_name: bill-tracker

    ports:
      - "3030:3000"

    environment:
      INIT_ADMIN_USER: admin
      INIT_ADMIN_PASS: changeme123
      # CSRF Cookie httpOnly setting (default: true)
      # Set CSRF_HTTP_ONLY=false to allow JavaScript access for SPA CSRF patterns
      CSRF_HTTP_ONLY: "false"
      # CSRF Cookie sameSite setting (default: strict)
      # Set CSRF_SAME_SITE=lax for SPA cross-site scenarios
      CSRF_SAME_SITE: "strict"
      # CSRF Cookie secure flag (default: true - HTTPS only)
      # Set CSRF_SECURE=false for HTTP development (NOT recommended for production)
      CSRF_SECURE: "true"
      # CSRF Cookie name (default: bt_csrf_token)
      # Use CSRF_COOKIE_NAME to customize for multi-app deployments
      CSRF_COOKIE_NAME: "bt_csrf_token"

    volumes:
      - /portainer/hosting/bill-tracker/data:/data

    restart: unless-stopped