"""
Auth Service - Authentication layer for API Gateway

Provides plug-and-play authentication with:
- Google OAuth integration
- JWT token management
- Request middleware for auth validation
- URL-based route configuration

Usage:
    # In app.py startup
    from services.auth_service import register_auth_service
    
    register_auth_service(
        required_urls=["/api/*", "/admin/*"],
        public_urls=["/", "/health", "/auth/*"],
        jwt_secret=os.getenv("JWT_SECRET"),
        google_client_id=os.getenv("GOOGLE_CLIENT_ID")
    )
    
    # In routers
    from fastapi import Request
    
    @router.get("/protected")
    async def protected_route(request: Request):
        user = request.state.user  # Populated by AuthMiddleware
        return {"user_id": user.id}
"""

from services.auth_service.config import AuthServiceConfig
from services.auth_service.middleware import AuthMiddleware
from services.auth_service.google_provider import (
    GoogleAuthService,
    GoogleUserInfo,
    verify_google_token,
    GoogleAuthError,
    InvalidTokenError as GoogleInvalidTokenError,
)
from services.auth_service.jwt_provider import (
    JWTService,
    TokenPayload,
    create_access_token,
    verify_access_token,
    JWTError,
    TokenExpiredError,
    InvalidTokenError,
)


def register_auth_service(
    required_urls: list = None,
    optional_urls: list = None,
    public_urls: list = None,
    jwt_secret: str = None,
    jwt_algorithm: str = "HS256",
    jwt_expiry_hours: int = 24,
    google_client_id: str = None,
    admin_emails: list = None,
) -> None:
    """
    Register the auth service with application configuration.
    
    Args:
        required_urls: URLs that REQUIRE authentication
        optional_urls: URLs where authentication is optional
        public_urls: URLs that don't need authentication
        jwt_secret: Secret key for JWT signing
        jwt_algorithm: JWT algorithm (default: HS256)
        jwt_expiry_hours: Token expiry in hours (default: 24)
        google_client_id: Google OAuth Client ID
        admin_emails: List of admin email addresses
    """
    AuthServiceConfig.register(
        required_urls=required_urls or [],
        optional_urls=optional_urls or [],
        public_urls=public_urls or [],
        jwt_secret=jwt_secret,
        jwt_algorithm=jwt_algorithm,
        jwt_expiry_hours=jwt_expiry_hours,
        google_client_id=google_client_id,
        admin_emails=admin_emails or [],
    )


__all__ = [
    # Registration
    'register_auth_service',
    'AuthServiceConfig',
    'AuthMiddleware',
    
    # Google OAuth
    'GoogleAuthService',
    'GoogleUserInfo',
    'verify_google_token',
    'GoogleAuthError',
    'GoogleInvalidTokenError',
    
    # JWT
    'JWTService',
    'TokenPayload',
    'create_access_token',
    'verify_access_token',
    'JWTError',
    'TokenExpiredError',
    'InvalidTokenError',
]