from pydantic_settings import BaseSettings
from pydantic import field_validator
from typing import Optional, List, Union
import os
import secrets

class Settings(BaseSettings):
    """Configuration de l'application"""
    
    # API
    API_TITLE: str = "InnotexBoard - Debian Admin Panel"
    API_VERSION: str = "0.1.0"
    API_DESCRIPTION: str = "Interface d'administration légère pour Debian"
    
    # Sécurité
    DEBUG: bool = False
    
    # JWT - ATTENTION: Changer SECRET_KEY en production !
    SECRET_KEY: str = secrets.token_urlsafe(64)
    ALGORITHM: str = "HS256"
    ACCESS_TOKEN_EXPIRE_MINUTES: int = 60
    
    # Limite de tentatives de connexion
    MAX_LOGIN_ATTEMPTS: int = 5
    LOGIN_ATTEMPT_WINDOW: int = 900  # 15 minutes en secondes
    
    # CORS - Liste blanche stricte (chaîne qui sera parsée)
    ALLOWED_ORIGINS: Union[str, List[str]] = "http://localhost:3000,http://localhost:5173"
    
    @field_validator('ALLOWED_ORIGINS', mode='before')
    @classmethod
    def parse_origins(cls, v):
        if isinstance(v, str):
            return [origin.strip() for origin in v.split(',')]
        return v
    
    # Hôtes de confiance
    ALLOWED_HOSTS: Union[str, List[str]] = "localhost,127.0.0.1"
    
    @field_validator('ALLOWED_HOSTS', mode='before')
    @classmethod
    def parse_hosts(cls, v):
        if isinstance(v, str):
            return [host.strip() for host in v.split(',')]
        return v
    
    @field_validator('DEBUG', mode='before')
    @classmethod
    def parse_debug(cls, v):
        if isinstance(v, str):
            return v.lower() == 'true'
        return v
    
    # Docker
    DOCKER_SOCKET: str = "/var/run/docker.sock"
    
    # Frontend
    FRONTEND_URL: str = os.getenv("FRONTEND_URL", "http://localhost:3000")
    
    # Rate Limiting
    RATE_LIMIT_PER_MINUTE: int = int(os.getenv("RATE_LIMIT_PER_MINUTE", "200"))
    
    class Config:
        env_file = ".env"

settings = Settings()