from dotenv import load_dotenv
import os

load_dotenv()

class Settings:
    # MongoDB
    MONGO_URI: str = os.getenv("MONGO_URI")
    DB_NAME: str = os.getenv("DB_NAME")

    # Redis
    CACHE_URI: str = os.getenv("CACHE_URI")
    CACHE_K: str = os.getenv("CACHE_K")

    # JWT (Unified across services)
    # Prefer JWT_* envs; fall back to legacy names to ensure compatibility
    JWT_SECRET_KEY: str = os.getenv("JWT_SECRET_KEY") or os.getenv("SECRET_KEY", "B00Kmyservice@7")
    JWT_ALGORITHM: str = os.getenv("JWT_ALGORITHM") or os.getenv("ALGORITHM", "HS256")
    JWT_ACCESS_TOKEN_EXPIRE_MINUTES: int = int(
        os.getenv("JWT_ACCESS_TOKEN_EXPIRE_MINUTES", os.getenv("ACCESS_TOKEN_EXPIRE_MINUTES", "43200"))
    )
    JWT_REFRESH_TOKEN_EXPIRE_DAYS: int = int(
        os.getenv("JWT_REFRESH_TOKEN_EXPIRE_DAYS", os.getenv("REFRESH_TOKEN_EXPIRE_DAYS", "7"))
    )
    JWT_TEMP_TOKEN_EXPIRE_MINUTES: int = int(
        os.getenv("JWT_TEMP_TOKEN_EXPIRE_MINUTES", os.getenv("TEMP_TOKEN_EXPIRE_MINUTES", "10"))
    )
    JWT_REMEMBER_ME_EXPIRE_DAYS: int = int(
        os.getenv("JWT_REMEMBER_ME_EXPIRE_DAYS", "30")  # 30 days for remember me
    )

    # Backward compatibility: keep legacy attributes pointing to unified values
    SECRET_KEY: str = JWT_SECRET_KEY
    ALGORITHM: str = JWT_ALGORITHM

    # Twilio SMS
    TWILIO_ACCOUNT_SID: str = os.getenv("TWILIO_ACCOUNT_SID")
    TWILIO_AUTH_TOKEN: str = os.getenv("TWILIO_AUTH_TOKEN")
    TWILIO_SMS_FROM: str = os.getenv("TWILIO_SMS_FROM")

    # SMTP Email
    SMTP_HOST: str = os.getenv("SMTP_HOST")
    SMTP_PORT: int = int(os.getenv("SMTP_PORT", "587"))
    SMTP_USER: str = os.getenv("SMTP_USER")
    SMTP_PASS: str = os.getenv("SMTP_PASS")
    SMTP_FROM: str = os.getenv("SMTP_FROM")

    # OAuth Providers
    GOOGLE_CLIENT_ID: str = os.getenv("GOOGLE_CLIENT_ID")
    APPLE_AUDIENCE: str = os.getenv("APPLE_AUDIENCE")
    FACEBOOK_APP_ID: str = os.getenv("FACEBOOK_APP_ID")
    FACEBOOK_APP_SECRET: str = os.getenv("FACEBOOK_APP_SECRET")

    # Local testing: bypass external OAuth verification when enabled
    OAUTH_TEST_MODE: bool = os.getenv("OAUTH_TEST_MODE", "false").lower() == "true"

    # Security Settings
    MAX_LOGIN_ATTEMPTS: int = int(os.getenv("MAX_LOGIN_ATTEMPTS", "5"))
    ACCOUNT_LOCK_DURATION: int = int(os.getenv("ACCOUNT_LOCK_DURATION", "900"))  # 15 minutes
    OTP_VALIDITY_MINUTES: int = int(os.getenv("OTP_VALIDITY_MINUTES", "5"))
    IP_RATE_LIMIT_MAX: int = int(os.getenv("IP_RATE_LIMIT_MAX", "10"))
    IP_RATE_LIMIT_WINDOW: int = int(os.getenv("IP_RATE_LIMIT_WINDOW", "3600"))  # 1 hour

    def __post_init__(self):
        if not self.MONGO_URI or not self.DB_NAME:
            raise ValueError("MongoDB URI or DB_NAME not configured.")
        if not self.CACHE_URI or not self.CACHE_K:
            raise ValueError("Redis URI or password (CACHE_K) not configured.")

settings = Settings()