2025-07-19 21:44:52 +02:00
|
|
|
# ================================================================
|
|
|
|
|
# AUTH SERVICE CONFIGURATION
|
|
|
|
|
# services/auth/app/core/config.py
|
|
|
|
|
# ================================================================
|
|
|
|
|
|
2025-07-17 13:09:24 +02:00
|
|
|
"""
|
|
|
|
|
Authentication service configuration
|
2025-07-19 21:44:52 +02:00
|
|
|
User management and JWT token handling
|
2025-07-17 13:09:24 +02:00
|
|
|
"""
|
|
|
|
|
|
2025-07-19 21:44:52 +02:00
|
|
|
from shared.config.base import BaseServiceSettings
|
2025-07-17 13:09:24 +02:00
|
|
|
import os
|
|
|
|
|
|
2025-07-19 21:44:52 +02:00
|
|
|
class AuthSettings(BaseServiceSettings):
|
|
|
|
|
"""Auth service specific settings"""
|
2025-07-17 13:09:24 +02:00
|
|
|
|
2025-07-19 21:44:52 +02:00
|
|
|
# Service Identity
|
2025-07-17 13:09:24 +02:00
|
|
|
APP_NAME: str = "Authentication Service"
|
2025-07-19 21:44:52 +02:00
|
|
|
SERVICE_NAME: str = "auth-service"
|
|
|
|
|
DESCRIPTION: str = "User authentication and authorization service"
|
2025-07-17 13:09:24 +02:00
|
|
|
|
2025-09-27 11:18:13 +02:00
|
|
|
# Database configuration (secure approach - build from components)
|
|
|
|
|
@property
|
|
|
|
|
def DATABASE_URL(self) -> str:
|
|
|
|
|
"""Build database URL from secure components"""
|
|
|
|
|
# Try complete URL first (for backward compatibility)
|
|
|
|
|
complete_url = os.getenv("AUTH_DATABASE_URL")
|
|
|
|
|
if complete_url:
|
|
|
|
|
return complete_url
|
|
|
|
|
|
|
|
|
|
# Build from components (secure approach)
|
|
|
|
|
user = os.getenv("AUTH_DB_USER", "auth_user")
|
|
|
|
|
password = os.getenv("AUTH_DB_PASSWORD", "auth_pass123")
|
|
|
|
|
host = os.getenv("AUTH_DB_HOST", "localhost")
|
|
|
|
|
port = os.getenv("AUTH_DB_PORT", "5432")
|
|
|
|
|
name = os.getenv("AUTH_DB_NAME", "auth_db")
|
|
|
|
|
|
|
|
|
|
return f"postgresql+asyncpg://{user}:{password}@{host}:{port}/{name}"
|
2025-07-17 13:09:24 +02:00
|
|
|
|
2025-07-19 21:44:52 +02:00
|
|
|
# Redis Database (dedicated for auth)
|
|
|
|
|
REDIS_DB: int = 0
|
2025-07-17 13:09:24 +02:00
|
|
|
|
2025-07-19 21:44:52 +02:00
|
|
|
# Enhanced Password Requirements for Spain
|
2025-07-17 13:09:24 +02:00
|
|
|
PASSWORD_MIN_LENGTH: int = 8
|
|
|
|
|
PASSWORD_REQUIRE_UPPERCASE: bool = True
|
|
|
|
|
PASSWORD_REQUIRE_LOWERCASE: bool = True
|
|
|
|
|
PASSWORD_REQUIRE_NUMBERS: bool = True
|
|
|
|
|
PASSWORD_REQUIRE_SYMBOLS: bool = False
|
|
|
|
|
|
2025-07-19 21:44:52 +02:00
|
|
|
# Spanish GDPR Compliance
|
|
|
|
|
GDPR_COMPLIANCE_ENABLED: bool = True
|
|
|
|
|
DATA_RETENTION_DAYS: int = int(os.getenv("AUTH_DATA_RETENTION_DAYS", "365"))
|
|
|
|
|
CONSENT_REQUIRED: bool = True
|
|
|
|
|
PRIVACY_POLICY_URL: str = os.getenv("PRIVACY_POLICY_URL", "/privacy")
|
|
|
|
|
|
|
|
|
|
# Account Security
|
|
|
|
|
ACCOUNT_LOCKOUT_ENABLED: bool = True
|
2025-07-17 13:09:24 +02:00
|
|
|
MAX_LOGIN_ATTEMPTS: int = 5
|
|
|
|
|
LOCKOUT_DURATION_MINUTES: int = 30
|
2025-07-19 21:44:52 +02:00
|
|
|
PASSWORD_HISTORY_COUNT: int = 5
|
2025-07-17 13:09:24 +02:00
|
|
|
|
2025-07-19 21:44:52 +02:00
|
|
|
# Session Management
|
|
|
|
|
SESSION_TIMEOUT_MINUTES: int = int(os.getenv("SESSION_TIMEOUT_MINUTES", "60"))
|
|
|
|
|
CONCURRENT_SESSIONS_LIMIT: int = int(os.getenv("CONCURRENT_SESSIONS_LIMIT", "3"))
|
2025-07-17 13:09:24 +02:00
|
|
|
|
2025-07-19 21:44:52 +02:00
|
|
|
# Email Verification
|
|
|
|
|
EMAIL_VERIFICATION_REQUIRED: bool = os.getenv("EMAIL_VERIFICATION_REQUIRED", "true").lower() == "true"
|
|
|
|
|
EMAIL_VERIFICATION_EXPIRE_HOURS: int = int(os.getenv("EMAIL_VERIFICATION_EXPIRE_HOURS", "24"))
|
2025-07-17 13:09:24 +02:00
|
|
|
|
2025-07-19 21:44:52 +02:00
|
|
|
settings = AuthSettings()
|
