"""
Base settings shared by all environments.
Configuration is environment-driven via django-environ.
"""
from datetime import timedelta
from pathlib import Path

import environ

BASE_DIR = Path(__file__).resolve().parent.parent.parent

env = environ.Env(
    DJANGO_DEBUG=(bool, False),
    ACCESS_TOKEN_LIFETIME_DAYS=(int, 7),
    DEFAULT_COMMISSION_PERCENT=(float, 10.0),
)
# Load the first .env we find: an explicit ENV_FILE, the project directory, or
# the account home directory (where cPanel users commonly keep it,
# e.g. /home/jopexco/.env). In Docker, vars come straight from the environment.
for _candidate in [
    env.str('ENV_FILE', default=''),
    str(BASE_DIR / '.env'),
    str(Path.home() / '.env'),
]:
    if _candidate and Path(_candidate).exists():
        environ.Env.read_env(_candidate)
        break

# Django's signing key also signs JWTs — reuse the app's JWT secret when set so
# you only manage one secret.
SECRET_KEY = env(
    'Hustlers_JWT_SECRET',
    default=env('DJANGO_SECRET_KEY', default='dev-insecure-key'),
)

# HUSTLERS_ENV=development implies DEBUG unless DJANGO_DEBUG is set explicitly.
_hustlers_env = env('HUSTLERS_ENV', default='')
DEBUG = env.bool('DJANGO_DEBUG', default=(_hustlers_env.lower() == 'development'))
ALLOWED_HOSTS = env.list('DJANGO_ALLOWED_HOSTS', default=['*'])

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',

    # Third-party
    'rest_framework',
    'corsheaders',
    'django_filters',

    # Local apps
    'apps.common',
    'apps.accounts',
    'apps.catalog',
    'apps.ledger',
    'apps.orders',
    'apps.payouts',
    'apps.earnings',
]

MIDDLEWARE = [
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.security.SecurityMiddleware',
    # Serves collected static files (incl. the admin) without a separate web
    # server — ideal for shared/Passenger hosting like cPanel.
    'whitenoise.middleware.WhiteNoiseMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

ROOT_URLCONF = 'config.urls'

TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
]

WSGI_APPLICATION = 'config.wsgi.application'
ASGI_APPLICATION = 'config.asgi.application'

# Database resolution order:
#   1. HUSTLERS_DB_* vars (your cPanel MySQL .env) → MySQL
#   2. DATABASE_URL (mysql://… or postgres://…)
#   3. discrete POSTGRES_* vars used by the Docker Compose stack
if env('HUSTLERS_DB_NAME', default=''):
    DATABASES = {
        'default': {
            'ENGINE': 'django.db.backends.mysql',
            'NAME': env('HUSTLERS_DB_NAME'),
            'USER': env('HUSTLERS_DB_USER', default=''),
            'PASSWORD': env('HUSTLERS_DB_PASSWORD', default=''),
            'HOST': env('HUSTLERS_DB_HOST', default='localhost'),
            'PORT': env('HUSTLERS_DB_PORT', default='3306'),
            'OPTIONS': {'charset': 'utf8mb4'},
        }
    }
else:
    _default_db_url = (
        f"postgres://{env('POSTGRES_USER', default='hustlehub')}:"
        f"{env('POSTGRES_PASSWORD', default='hustlehub')}@"
        f"{env('POSTGRES_HOST', default='localhost')}:"
        f"{env('POSTGRES_PORT', default='5432')}/"
        f"{env('POSTGRES_DB', default='hustlehub')}"
    )
    DATABASES = {'default': env.db('DATABASE_URL', default=_default_db_url)}
DATABASES['default'].setdefault('ATOMIC_REQUESTS', False)
DATABASES['default'].setdefault('CONN_MAX_AGE', 60)

AUTH_USER_MODEL = 'accounts.User'

AUTH_PASSWORD_VALIDATORS = [
    {'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
     'OPTIONS': {'min_length': 6}},
    {'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator'},
]

LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'Africa/Dar_es_Salaam'
USE_I18N = True
USE_TZ = True

STATIC_URL = 'static/'
STATIC_ROOT = BASE_DIR / 'staticfiles'
MEDIA_URL = '/uploads/'
MEDIA_ROOT = BASE_DIR / 'media'

STORAGES = {
    'default': {'BACKEND': 'django.core.files.storage.FileSystemStorage'},
    'staticfiles': {
        'BACKEND': 'whitenoise.storage.CompressedManifestStaticFilesStorage',
    },
}

DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'

# ── DRF ──────────────────────────────────────────────────────────────────────
REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_simplejwt.authentication.JWTAuthentication',
    ),
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    ),
    'DEFAULT_PAGINATION_CLASS': 'apps.common.pagination.HeaderPagination',
    'PAGE_SIZE': 50,
    'DEFAULT_FILTER_BACKENDS': (
        'django_filters.rest_framework.DjangoFilterBackend',
        'rest_framework.filters.SearchFilter',
        'rest_framework.filters.OrderingFilter',
    ),
    'EXCEPTION_HANDLER': 'apps.common.exceptions.api_exception_handler',
    'DEFAULT_THROTTLE_CLASSES': (
        'rest_framework.throttling.ScopedRateThrottle',
    ),
    'DEFAULT_THROTTLE_RATES': {
        'auth': '10/min',      # login / register brute-force guard
        'payouts': '20/hour',  # payout request abuse guard
    },
}

# Single long-lived token to match the existing clients (no refresh flow).
# Honour Hustlers_JWT_EXPIRE_HOURS if set, else fall back to days.
_jwt_hours = env.int('Hustlers_JWT_EXPIRE_HOURS', default=0)
_access_lifetime = (
    timedelta(hours=_jwt_hours) if _jwt_hours
    else timedelta(days=env('ACCESS_TOKEN_LIFETIME_DAYS'))
)
SIMPLE_JWT = {
    'ACCESS_TOKEN_LIFETIME': _access_lifetime,
    'AUTH_HEADER_TYPES': ('Bearer',),
    'USER_ID_FIELD': 'id',
    'USER_ID_CLAIM': 'user_id',
}

# ── CORS ─────────────────────────────────────────────────────────────────────
CORS_ALLOWED_ORIGINS = env.list('CORS_ALLOWED_ORIGINS', default=[])
CORS_ALLOW_ALL_ORIGINS = DEBUG and not CORS_ALLOWED_ORIGINS
# Needed for the Django admin login form when served over your domain (HTTPS).
CSRF_TRUSTED_ORIGINS = env.list('CSRF_TRUSTED_ORIGINS', default=[])

# ── Celery ───────────────────────────────────────────────────────────────────
REDIS_URL = env('REDIS_URL', default='redis://localhost:6379/0')
CELERY_BROKER_URL = REDIS_URL
CELERY_RESULT_BACKEND = REDIS_URL
CELERY_TASK_ALWAYS_EAGER = env.bool('CELERY_TASK_ALWAYS_EAGER', default=False)
CELERY_TASK_TIME_LIMIT = 300

# ── Domain config ────────────────────────────────────────────────────────────
DEFAULT_CURRENCY = env('DEFAULT_CURRENCY', default='TZS')
DEFAULT_COMMISSION_PERCENT = env('DEFAULT_COMMISSION_PERCENT')
PAYOUT_PROVIDER = env('PAYOUT_PROVIDER', default='stub')
PAYOUT_STUB_OUTCOME = env('PAYOUT_STUB_OUTCOME', default='success')