"""Application settings."""

from functools import lru_cache
from typing import Literal

from pydantic import Field
from pydantic_settings import BaseSettings, SettingsConfigDict


class Settings(BaseSettings):
    """Runtime configuration loaded from environment variables."""

    model_config = SettingsConfigDict(
        env_file=".env",
        env_prefix="GNEXUS_CREDS_",
        extra="ignore",
    )

    env: Literal["development", "test", "production"] = "development"
    app_name: str = "gnexus-creds"
    database_url: str = "postgresql+psycopg://gnexus_creds:gnexus_creds@localhost:5432/gnexus_creds"
    master_key: str = Field(default="change-me-to-a-32-byte-url-safe-key", min_length=16)
    session_secret: str = Field(default="change-me", min_length=8)
    session_cookie_name: str = "gnexus_creds_session"
    session_ttl_seconds: int = 60 * 60 * 24 * 14
    auth_base_url: str = Field(default="http://gnexus-auth.local", alias="GNEXUS_AUTH_BASE_URL")
    auth_client_id: str = Field(default="gnexus-creds", alias="GNEXUS_AUTH_CLIENT_ID")
    auth_client_secret: str = Field(default="change-me", alias="GNEXUS_AUTH_CLIENT_SECRET")
    auth_redirect_uri: str = Field(
        default="http://localhost:8000/auth/callback",
        alias="GNEXUS_AUTH_REDIRECT_URI",
    )
    auth_webhook_secret: str = Field(default="change-me", alias="GNEXUS_AUTH_WEBHOOK_SECRET")
    rate_limit_window_seconds: int = 60
    rate_limit_max_sensitive_requests: int = 120

    @property
    def is_production(self) -> bool:
        return self.env == "production"


@lru_cache
def get_settings() -> Settings:
    return Settings()