# ================================================================
# AUTH SERVICE CONFIGURATION
# services/auth/app/core/config.py
# ================================================================

"""
Authentication service configuration
User management and JWT token handling
"""

from shared.config.base import BaseServiceSettings
import os

class AuthSettings(BaseServiceSettings):
    """Auth service specific settings"""
    
    # Service Identity
    APP_NAME: str = "Authentication Service"
    SERVICE_NAME: str = "auth-service"
    DESCRIPTION: str = "User authentication and authorization service"
    
    # Database Configuration
    DATABASE_URL: str = os.getenv("AUTH_DATABASE_URL", 
                                  "postgresql+asyncpg://auth_user:auth_pass123@auth-db:5432/auth_db")
    
    # Redis Database (dedicated for auth)
    REDIS_DB: int = 0
    
    # Enhanced Password Requirements for Spain
    PASSWORD_MIN_LENGTH: int = 8
    PASSWORD_REQUIRE_UPPERCASE: bool = True
    PASSWORD_REQUIRE_LOWERCASE: bool = True
    PASSWORD_REQUIRE_NUMBERS: bool = True
    PASSWORD_REQUIRE_SYMBOLS: bool = False
    
    # Spanish GDPR Compliance
    GDPR_COMPLIANCE_ENABLED: bool = True
    DATA_RETENTION_DAYS: int = int(os.getenv("AUTH_DATA_RETENTION_DAYS", "365"))
    CONSENT_REQUIRED: bool = True
    PRIVACY_POLICY_URL: str = os.getenv("PRIVACY_POLICY_URL", "/privacy")
    
    # Account Security
    ACCOUNT_LOCKOUT_ENABLED: bool = True
    MAX_LOGIN_ATTEMPTS: int = 5
    LOCKOUT_DURATION_MINUTES: int = 30
    PASSWORD_HISTORY_COUNT: int = 5
    
    # Session Management
    SESSION_TIMEOUT_MINUTES: int = int(os.getenv("SESSION_TIMEOUT_MINUTES", "60"))
    CONCURRENT_SESSIONS_LIMIT: int = int(os.getenv("CONCURRENT_SESSIONS_LIMIT", "3"))
    
    # Email Verification
    EMAIL_VERIFICATION_REQUIRED: bool = os.getenv("EMAIL_VERIFICATION_REQUIRED", "true").lower() == "true"
    EMAIL_VERIFICATION_EXPIRE_HOURS: int = int(os.getenv("EMAIL_VERIFICATION_EXPIRE_HOURS", "24"))

settings = AuthSettings()