import os
from pathlib import Path

DEVELOPMENT_SECRET_KEY = "dev-secret-key-change-me"
UNSAFE_SECRET_KEYS = {
    "",
    "change-me",
    "dev-secret-key-change-me",
    "secret",
    "default",
}


def _get_bool_setting(name: str, default: bool) -> bool:
    """Parse conventional boolean environment values."""
    value = os.environ.get(name)
    if value is None:
        return default
    return value.strip().lower() in {"1", "true", "yes", "on"}


def _get_max_content_length() -> int:
    """Resolve the upload size limit from environment settings."""
    upload_limit_mb = os.environ.get("MAX_UPLOAD_SIZE_MB")
    if upload_limit_mb:
        return int(upload_limit_mb) * 1024 * 1024

    max_content_length = os.environ.get("MAX_CONTENT_LENGTH")
    if max_content_length:
        return int(max_content_length)

    return 100 * 1024 * 1024


def _get_app_env() -> str:
    """Resolve the effective application environment."""
    return (
        os.environ.get("APP_ENV")
        or os.environ.get("FLASK_ENV")
        or "production"
    ).strip().lower()


def _is_development_env() -> bool:
    """Return whether the app is explicitly running in development mode."""
    return _get_app_env() == "development"


def _get_secret_key() -> str:
    """Resolve the secret key with a development-only fallback."""
    secret_key = os.environ.get("SECRET_KEY", "").strip()
    if secret_key:
        return secret_key
    if _is_development_env():
        return DEVELOPMENT_SECRET_KEY
    return ""


def validate_secret_key(secret_key: str) -> None:
    """Fail fast when a production-like environment uses an unsafe secret key."""
    normalized = secret_key.strip()
    if _is_development_env():
        return
    if normalized.lower() in UNSAFE_SECRET_KEYS:
        raise RuntimeError(
            "SECRET_KEY is missing or unsafe for a production-like environment. "
            "Set SECRET_KEY to a long random value, or use APP_ENV=development only for local development."
        )


class Config:
    """Default configuration for local and container usage."""

    SECRET_KEY = _get_secret_key()
    # Default to 100 MiB so larger WAF exports can be processed without tuning.
    MAX_CONTENT_LENGTH = _get_max_content_length()
    PREVIEW_RECORD_LIMIT = int(os.environ.get("PREVIEW_RECORD_LIMIT", 5))
    OUTPUT_DIRECTORY = Path(
        os.environ.get("OUTPUT_DIRECTORY", Path("instance") / "outputs")
    )
    OUTPUT_RETENTION_HOURS = int(os.environ.get("OUTPUT_RETENTION_HOURS", 24))
    CLEANUP_ON_STARTUP = _get_bool_setting("CLEANUP_ON_STARTUP", True)
    CLEANUP_AFTER_DOWNLOAD = _get_bool_setting("CLEANUP_AFTER_DOWNLOAD", False)