"""API Gateway configuration — extends shared BaseConfig with JWT, CORS, and WebAuthn settings."""

from shared.config import BaseConfig


class ApiGatewayConfig(BaseConfig):
    """Configuration for the API Gateway service.

    All settings can be overridden via environment variables
    prefixed with ``TRADING_``.
    """

    # Dev mode — bypasses authentication (set TRADING_DEV_MODE=true)
    dev_mode: bool = False

    # JWT settings — TRADING_JWT_SECRET_KEY must be set in environment
    jwt_secret_key: str = "dev-secret-not-for-production"
    jwt_algorithm: str = "HS256"
    access_token_expire_minutes: int = 15
    refresh_token_expire_days: int = 7

    # Alpaca brokerage credentials (for portfolio sync)
    alpaca_api_key: str = ""
    alpaca_secret_key: str = ""
    paper_trading: bool = True
    snapshot_interval_seconds: int = 60

    # CORS settings
    cors_origins: list[str] = ["http://localhost:5173"]

    # WebAuthn (passkey) relying party settings
    rp_id: str = "localhost"
    rp_name: str = "Trading Bot"
    rp_origin: str = "http://localhost:5173"