from __future__ import annotations

from pathlib import Path
from typing import List

from pydantic_settings import BaseSettings, SettingsConfigDict

# Resolve .env from app root (so it works when cwd is not app root, e.g. under Passenger)
_APP_ROOT = Path(__file__).resolve().parent.parent
_ENV_FILE = _APP_ROOT / ".env"


class Settings(BaseSettings):
    model_config = SettingsConfigDict(
        env_file=str(_ENV_FILE) if _ENV_FILE.exists() else ".env",
        env_file_encoding="utf-8",
        extra="ignore",
    )

    # Server
    app_name: str = "POU Backend"
    environment: str = "development"
    host: str = "0.0.0.0"
    port: int = 8000

    # Database
    database_url: str = "postgresql+psycopg2://postgres:postgres@localhost:5432/pou_db"

    # JWT
    secret_key: str = "change-me"
    algorithm: str = "HS256"
    access_token_expire_minutes: int = 30
    refresh_token_expire_days: int = 7

    # CORS
    allowed_origins: str = "http://localhost:5173,http://localhost:5174,https://proconnect-edu.online,https://www.proconnect-edu.online"
    # Frontend base URL for links in emails (e.g. login page)
    frontend_base_url: str = "https://proconnect-edu.online"

    # Email (Resend)
    mail_mailer: str = "resend"
    resend_key: str = ""
    mail_host: str = "smtp.resend.com"
    mail_port: int = 465
    mail_username: str = "resend"
    mail_password: str = ""
    mail_encryption: str = "ssl"
    mail_from_address: str = "info@proconnect-edu.online"
    mail_from_name: str = "Proconnect Open University"

    # ImageKit (File Storage)
    imagekit_public_key: str = ""
    imagekit_private_key: str = ""
    imagekit_endpoint_url: str = "https://ik.imagekit.io/pouasset"

    # Google Workspace / Calendar / Meet
    # Provide the *JSON string* of the service account key (or load via your secret manager)
    google_enabled: bool = False
    google_service_account_json: str = ""
    # Optional: Workspace user to impersonate (Domain-Wide Delegation). Leave empty when using shared calendar.
    google_workspace_user: str = ""
    # Calendar ID: email of calendar owner (e.g. admissions@proconnect-edu.online) when using shared calendar.
    # Or "primary" when using Domain-Wide Delegation with google_workspace_user.
    google_calendar_id: str = "primary"

    # Dojah API (NIN Verification)
    dojah_app_id: str = ""
    dojah_pub_key: str = ""
    dojah_sek_key: str = ""
    dojah_token_id: str = ""
    dojah_token_name: str = ""

    # WAEC API (WAEC Verification)
    waec_api_url: str = "https://api.waec.org.ng/api/v1/verify"  # Update with correct endpoint
    waec_institution_name: str = ""
    waec_encryption_key: str = ""
    waec_security_token: str = ""
    waec_ip_address: str = ""
    waec_linked_email: str = ""

    # Redis (Optional - not required for email sending anymore)
    # redis_url: str = "redis://localhost:6379/0"

    @property
    def allowed_origins_list(self) -> List[str]:
        return [o.strip() for o in self.allowed_origins.split(",") if o.strip()]


settings = Settings()