"""
Production settings for LabGraph.

Inherits all base settings and adds:
  - DEBUG = False
  - Strict CORS (origins required from env, no default)
  - HSTS + secure cookies + SSL redirect
  - WhiteNoise compressed static files
  - JSON-formatted structured logging at WARNING level
"""

from .base import *  # noqa: F401, F403
from .base import env

DEBUG = False

# Production CORS must be explicitly set — no default
CORS_ALLOWED_ORIGINS = env.list("CORS_ALLOWED_ORIGINS")

# Security hardening
SECURE_HSTS_SECONDS = 31_536_000  # 1 year
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True
SECURE_SSL_REDIRECT = env.bool("SECURE_SSL_REDIRECT", default=True)
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_BROWSER_XSS_FILTER = True
SECURE_CONTENT_TYPE_NOSNIFF = True
X_FRAME_OPTIONS = "DENY"

# WhiteNoise: compress + fingerprint static files for long-lived caching
STATICFILES_STORAGE = "whitenoise.storage.CompressedManifestStaticFilesStorage"

LOGGING = {
    "version": 1,
    "disable_existing_loggers": False,
    "formatters": {
        "json": {
            "()": "logging.Formatter",
            "fmt": '{"time": "%(asctime)s", "level": "%(levelname)s", "name": "%(name)s", "message": "%(message)s"}',
        },
    },
    "handlers": {
        "console": {
            "class": "logging.StreamHandler",
            "formatter": "json",
        },
    },
    "root": {
        "handlers": ["console"],
        "level": "WARNING",
    },
    "loggers": {
        "django": {"handlers": ["console"], "level": "WARNING", "propagate": False},
        "celery": {"handlers": ["console"], "level": "WARNING", "propagate": False},
    },
}