"""Security configuration for rate limiting and CSRF protection."""

from pydantic import BaseModel
from slowapi import Limiter
from slowapi.util import get_remote_address

from backend.app.core.config import settings

# Rate limiter configuration
# See: 01-RESEARCH.md Pattern 3: FastAPI Security Middleware Stack
limiter = Limiter(
    key_func=get_remote_address,
    default_limits=["100/minute"],
    # For production, use Redis: storage_uri="redis://localhost:6379"
    # For development, uses in-memory storage by default
)


class CsrfSettings(BaseModel):
    """CSRF protection settings for fastapi-csrf-protect."""

    secret_key: str = settings.csrf_secret_key
    cookie_samesite: str = "lax"
    cookie_secure: bool = True  # HTTPS only
    cookie_httponly: bool = True
    cookie_domain: str = settings.cookie_domain