# ================================================================
# AUTH SERVICE CONFIGURATION
# services/auth/app/core/config.py
# ================================================================

"""
Authentication service configuration
User management and JWT token handling
"""

from shared.config.base import BaseServiceSettings
import os

class AuthSettings(BaseServiceSettings):
    """Auth service specific settings"""

    # Service Identity
    APP_NAME: str = "Authentication Service"
    SERVICE_NAME: str = "auth-service"
    DESCRIPTION: str = "User authentication and authorization service"

    # Database configuration (secure approach - build from components)
    @property
    def DATABASE_URL(self) -> str:
        """Build database URL from secure components"""
        # Try complete URL first (for backward compatibility)
        complete_url = os.getenv("AUTH_DATABASE_URL")
        if complete_url:
            return complete_url

        # Build from components (secure approach)
        user = os.getenv("AUTH_DB_USER", "auth_user")
        password = os.getenv("AUTH_DB_PASSWORD", "auth_pass123")
        host = os.getenv("AUTH_DB_HOST", "localhost")
        port = os.getenv("AUTH_DB_PORT", "5432")
        name = os.getenv("AUTH_DB_NAME", "auth_db")

        return f"postgresql+asyncpg://{user}:{password}@{host}:{port}/{name}"
    
    # Redis Database (dedicated for auth)
    REDIS_DB: int = 0
    
    # Enhanced Password Requirements for Spain
    PASSWORD_MIN_LENGTH: int = 8
    PASSWORD_REQUIRE_UPPERCASE: bool = True
    PASSWORD_REQUIRE_LOWERCASE: bool = True
    PASSWORD_REQUIRE_NUMBERS: bool = True
    PASSWORD_REQUIRE_SYMBOLS: bool = False
    
    # Spanish GDPR Compliance
    GDPR_COMPLIANCE_ENABLED: bool = True
    DATA_RETENTION_DAYS: int = int(os.getenv("AUTH_DATA_RETENTION_DAYS", "365"))
    CONSENT_REQUIRED: bool = True
    PRIVACY_POLICY_URL: str = os.getenv("PRIVACY_POLICY_URL", "/privacy")
    
    # Account Security
    ACCOUNT_LOCKOUT_ENABLED: bool = True
    MAX_LOGIN_ATTEMPTS: int = 5
    LOCKOUT_DURATION_MINUTES: int = 30
    PASSWORD_HISTORY_COUNT: int = 5
    
    # Session Management
    SESSION_TIMEOUT_MINUTES: int = int(os.getenv("SESSION_TIMEOUT_MINUTES", "60"))
    CONCURRENT_SESSIONS_LIMIT: int = int(os.getenv("CONCURRENT_SESSIONS_LIMIT", "3"))
    
    # Email Verification
    EMAIL_VERIFICATION_REQUIRED: bool = os.getenv("EMAIL_VERIFICATION_REQUIRED", "true").lower() == "true"
    EMAIL_VERIFICATION_EXPIRE_HOURS: int = int(os.getenv("EMAIL_VERIFICATION_EXPIRE_HOURS", "24"))

settings = AuthSettings()