export interface Config {
  port: number;
  host: string;
  jwtSecret: string;
  dbPath: string;
  uploadDir: string;
  logFile: string;
  maxFileSize: number;
  baseUrl: string;
  cookieSecure: boolean;
  trustProxy: boolean;
  lockoutThreshold: number;
  lockoutBaseSeconds: number;
  lockoutMaxSeconds: number;
  loginMinResponseMs: number;
  loginRateLimitMax: number;
  loginRateLimitWindowSeconds: number;
}

export function loadConfig(): Config {
  const jwtSecret = process.env.JWT_SECRET;
  if (!jwtSecret) {
    throw new Error('JWT_SECRET environment variable is required');
  }

  return {
    port: parseInt(process.env.PORT ?? '3000', 10),
    host: process.env.HOST ?? '0.0.0.0',
    jwtSecret,
    dbPath: process.env.DB_PATH ?? './data/nanodrop.db',
    uploadDir: process.env.UPLOAD_DIR ?? './data/uploads',
    logFile: process.env.LOG_FILE ?? './data/nanodrop.log',
    maxFileSize: parseInt(process.env.MAX_FILE_SIZE ?? '104857600', 10),
    baseUrl: process.env.BASE_URL ?? 'http://localhost:3000',
    cookieSecure: process.env.COOKIE_SECURE === 'true',
    trustProxy: process.env.TRUST_PROXY === 'true',
    lockoutThreshold: parseInt(process.env.LOCKOUT_THRESHOLD ?? '5', 10),
    lockoutBaseSeconds: parseInt(process.env.LOCKOUT_BASE_SECONDS ?? '30', 10),
    lockoutMaxSeconds: parseInt(process.env.LOCKOUT_MAX_SECONDS ?? '3600', 10),
    loginMinResponseMs: parseInt(process.env.LOGIN_MIN_RESPONSE_MS ?? '350', 10),
    loginRateLimitMax: parseInt(process.env.LOGIN_RATE_LIMIT_MAX ?? '10', 10),
    loginRateLimitWindowSeconds: parseInt(process.env.LOGIN_RATE_LIMIT_WINDOW_SECONDS ?? '60', 10),
  };
}