import 'dotenv/config';
import path from 'node:path';

function required(name: string, fallback?: string): string {
  const value = process.env[name] ?? fallback;
  if (!value) throw new Error(`Missing required environment variable: ${name}`);
  return value;
}

export const config = {
  nodeEnv: process.env.NODE_ENV ?? 'development',
  port: Number(process.env.PORT ?? 8080),
  databaseUrl: required('DATABASE_URL', 'postgresql://colorjet:CHANGE_THIS_DB_PASSWORD@localhost:5432/colorjet_erp'),
  jwtAccessSecret: required('JWT_ACCESS_SECRET', 'development-access-secret-change-before-production-123456789'),
  jwtRefreshSecret: required('JWT_REFRESH_SECRET', 'development-refresh-secret-change-before-production-123456789'),
  bootstrapToken: required('BOOTSTRAP_TOKEN', 'development-bootstrap-token-change-before-production'),
  webOrigin: process.env.WEB_ORIGIN ?? 'http://localhost:5173',
  publicBaseUrl: process.env.PUBLIC_BASE_URL ?? 'http://localhost:8080',
  uploadDir: path.resolve(process.env.UPLOAD_DIR ?? './uploads'),
  maxUploadMb: Number(process.env.MAX_UPLOAD_MB ?? 10),
  accessTokenTtl: process.env.ACCESS_TOKEN_TTL ?? '15m',
  refreshTokenTtl: process.env.REFRESH_TOKEN_TTL ?? '7d'
};

if (config.nodeEnv === 'production') {
  for (const [name, value] of Object.entries({
    JWT_ACCESS_SECRET: config.jwtAccessSecret,
    JWT_REFRESH_SECRET: config.jwtRefreshSecret,
    BOOTSTRAP_TOKEN: config.bootstrapToken
  })) {
    if (value.includes('change-before-production') || value.includes('CHANGE_THIS') || value.length < 32) {
      throw new Error(`${name} must be a strong production secret.`);
    }
  }
}
