# app/config.py
import os
from pydantic_settings import BaseSettings
from dotenv import load_dotenv
import logging
import secrets

load_dotenv()
logger = logging.getLogger(__name__)

class Settings(BaseSettings):
    DATABASE_URL: str | None = None
    GEMINI_API_KEY: str | None = None

    # --- JWT Settings ---
    SECRET_KEY: str  # Must be set via environment variable
    ALGORITHM: str = "HS256"
    ACCESS_TOKEN_EXPIRE_MINUTES: int = 30  # Default token lifetime: 30 minutes

    class Config:
        env_file = ".env"
        env_file_encoding = 'utf-8'
        extra = "ignore"

settings = Settings()

# Validation for critical settings
if settings.DATABASE_URL is None:
    raise ValueError("DATABASE_URL environment variable must be set.")

# Enforce secure secret key
if not settings.SECRET_KEY:
    raise ValueError("SECRET_KEY environment variable must be set. Generate a secure key using: openssl rand -hex 32")

# Validate secret key strength
if len(settings.SECRET_KEY) < 32:
    raise ValueError("SECRET_KEY must be at least 32 characters long for security")

if settings.GEMINI_API_KEY is None:
    logger.error("CRITICAL: GEMINI_API_KEY environment variable not set. Gemini features will be unavailable.")
else:
    # Optional: Log partial key for confirmation (avoid logging full key)
    logger.info(f"GEMINI_API_KEY loaded (starts with: {settings.GEMINI_API_KEY[:4]}...).")