# app/config.py
import os
from pydantic_settings import BaseSettings
from dotenv import load_dotenv

load_dotenv()

class Settings(BaseSettings):
    DATABASE_URL: str | None = None

    # --- JWT Settings ---
    # Generate a strong secret key using: openssl rand -hex 32
    SECRET_KEY: str = "a_very_insecure_default_secret_key_replace_me" # !! MUST BE CHANGED IN PRODUCTION !!
    ALGORITHM: str = "HS256"
    ACCESS_TOKEN_EXPIRE_MINUTES: int = 30 # Default token lifetime: 30 minutes

    class Config:
        env_file = ".env"
        env_file_encoding = 'utf-8'
        extra = "ignore"

settings = Settings()

# Validation for critical settings
if settings.DATABASE_URL is None:
    print("Warning: DATABASE_URL environment variable not set.")
    # raise ValueError("DATABASE_URL environment variable not set.")

# CRITICAL: Check if the default secret key is being used
if settings.SECRET_KEY == "a_very_insecure_default_secret_key_replace_me":
    print("*" * 80)
    print("WARNING: Using default insecure SECRET_KEY. Please generate a strong key and set it in the environment variables!")
    print("Use: openssl rand -hex 32")
    print("*" * 80)
    # Consider raising an error in a production environment check
    # if os.getenv("ENVIRONMENT") == "production":
    #     raise ValueError("Default SECRET_KEY is not allowed in production!")