# [DEF:backend.src.core.auth.config:Module]
#
# @SEMANTICS: auth, config, settings, jwt, adfs
# @PURPOSE:   Centralized configuration for authentication and authorization.
# @LAYER:     Core
# @RELATION:  DEPENDS_ON -> pydantic
#
# @INVARIANT: All sensitive configuration must have defaults or be loaded from environment.

# [SECTION: IMPORTS]
from pydantic import Field
from pydantic_settings import BaseSettings
# [/SECTION]

# [DEF:AuthConfig:Class]
# @PURPOSE: Holds authentication-related settings.
# @PRE:     Environment variables may be provided via .env file.
# @POST:    Returns a configuration object with validated settings.
class AuthConfig(BaseSettings):
    # JWT Settings
    SECRET_KEY: str = Field(default="super-secret-key-change-in-production", env="AUTH_SECRET_KEY")
    ALGORITHM: str = "HS256"
    ACCESS_TOKEN_EXPIRE_MINUTES: int = 480
    REFRESH_TOKEN_EXPIRE_DAYS: int = 7

    # Database Settings
    AUTH_DATABASE_URL: str = Field(
        default="postgresql+psycopg2://postgres:postgres@localhost:5432/ss_tools",
        env="AUTH_DATABASE_URL",
    )

    # ADFS Settings
    ADFS_CLIENT_ID: str = Field(default="", env="ADFS_CLIENT_ID")
    ADFS_CLIENT_SECRET: str = Field(default="", env="ADFS_CLIENT_SECRET")
    ADFS_METADATA_URL: str = Field(default="", env="ADFS_METADATA_URL")
    
    class Config:
        env_file = ".env"
        extra = "ignore"
# [/DEF:AuthConfig:Class]

# [DEF:auth_config:Variable]
# @PURPOSE: Singleton instance of AuthConfig.
auth_config = AuthConfig()
# [/DEF:auth_config:Variable]

# [/DEF:backend.src.core.auth.config:Module]