PROJECT-CONTORL/backend/app/core/config.py

from pydantic_settings import BaseSettings
from pydantic import field_validator
from typing import List
import os


class Settings(BaseSettings):
    # Database
    MYSQL_HOST: str = "localhost"
    MYSQL_PORT: int = 3306
    MYSQL_USER: str = "root"
    MYSQL_PASSWORD: str = ""
    MYSQL_DATABASE: str = "pjctrl"

    @property
    def DATABASE_URL(self) -> str:
        return f"mysql+pymysql://{self.MYSQL_USER}:{self.MYSQL_PASSWORD}@{self.MYSQL_HOST}:{self.MYSQL_PORT}/{self.MYSQL_DATABASE}"

    # Redis
    REDIS_HOST: str = "localhost"
    REDIS_PORT: int = 6379
    REDIS_DB: int = 0

    @property
    def REDIS_URL(self) -> str:
        return f"redis://{self.REDIS_HOST}:{self.REDIS_PORT}/{self.REDIS_DB}"

    # JWT - Must be set in environment, no default allowed
    JWT_SECRET_KEY: str = ""
    JWT_ALGORITHM: str = "HS256"
    JWT_EXPIRE_MINUTES: int = 10080  # 7 days

    @field_validator("JWT_SECRET_KEY")
    @classmethod
    def validate_jwt_secret_key(cls, v: str) -> str:
        """Validate that JWT_SECRET_KEY is set and not a placeholder."""
        if not v or v.strip() == "":
            raise ValueError(
                "JWT_SECRET_KEY must be set in environment variables. "
                "Please configure it in the .env file."
            )
        placeholder_values = [
            "your-secret-key-change-in-production",
            "change-me",
            "secret",
            "your-secret-key",
        ]
        if v.lower() in placeholder_values:
            raise ValueError(
                "JWT_SECRET_KEY appears to be a placeholder value. "
                "Please set a secure secret key in the .env file."
            )
        return v

    # External Auth API
    AUTH_API_URL: str = "https://pj-auth-api.vercel.app"

    # CORS
    CORS_ORIGINS: List[str] = ["http://localhost:3000", "http://localhost:5173"]

    # System Admin
    SYSTEM_ADMIN_EMAIL: str = "ymirliu@panjit.com.tw"

    # File Upload
    UPLOAD_DIR: str = "./uploads"
    MAX_FILE_SIZE_MB: int = 50

    @property
    def MAX_FILE_SIZE(self) -> int:
        return self.MAX_FILE_SIZE_MB * 1024 * 1024

    # Allowed file extensions (whitelist)
    ALLOWED_EXTENSIONS: List[str] = [
        # Documents
        "pdf", "doc", "docx", "xls", "xlsx", "ppt", "pptx", "txt", "csv",
        # Images
        "jpg", "jpeg", "png", "gif", "bmp", "svg", "webp",
        # Archives
        "zip", "rar", "7z", "tar", "gz",
        # Data
        "json", "xml", "yaml", "yml",
    ]

    # Blocked file extensions (dangerous)
    BLOCKED_EXTENSIONS: List[str] = [
        "exe", "bat", "cmd", "sh", "ps1", "dll", "msi", "com", "scr", "vbs", "js"
    ]

    class Config:
        env_file = ".env"
        case_sensitive = True


settings = Settings()