refactor: align repo layout and logging safeguards

api/src/core/config/settings.py

@@ -0,0 +1,113 @@
+from __future__ import annotations
+
+from pathlib import Path
+from typing import ClassVar, Literal
+
+from pydantic import BaseModel, Field, computed_field
+from pydantic_settings import BaseSettings, SettingsConfigDict
+
+
+class RuntimeSettings(BaseModel):
+    environment: Literal["dev", "test", "prod"] = "dev"
+    debug: bool = True
+    log_level: str = "INFO"
+    log_json: bool = True
+    log_rotation: Literal["time", "size", "none"] = "time"
+    log_rotation_when: str = "midnight"
+    log_rotation_interval: int = 1
+    log_rotation_backup_count: int = 14
+    log_rotation_max_bytes: int = 10_000_000
+    log_dir: str = "logs"
+    log_error_dir: str = "logs/errors"
+    log_file_name: str = "app.log"
+    log_error_file_name: str = "error.log"
+    log_sensitive_fields: list[str] = Field(
+        default_factory=lambda: [
+            "password",
+            "secret",
+            "token",
+            "api_key",
+            "authorization",
+            "cookie",
+            "client_ip",
+            "user_id",
+        ]
+    )
+    sql_log_queries: bool = False
+
+
+class AppSettings(BaseModel):
+    host: str = "0.0.0.0"
+    port: int = Field(default=8000, ge=1, le=65535)
+    reload: bool = True
+
+
+class CorsSettings(BaseModel):
+    allow_origins: list[str] = Field(
+        default_factory=lambda: [
+            "http://localhost",
+            "http://localhost:3000",
+        ]
+    )
+    allow_credentials: bool = True
+    allow_methods: list[str] = Field(default_factory=lambda: ["*"])
+    allow_headers: list[str] = Field(default_factory=lambda: ["*"])
+
+
+class SupabaseSettings(BaseModel):
+    url: str = "http://localhost:8001"
+    anon_key: str = "CHANGE_ME"
+    service_role_key: str = "CHANGE_ME"
+    jwt_secret: str | None = None
+
+
+class InfraSupabaseSettings(BaseModel):
+    public_url: str = "http://localhost:8001"
+    anon_key: str = "CHANGE_ME"
+    service_role_key: str = "CHANGE_ME"
+
+
+class InfraJwtSettings(BaseModel):
+    secret: str = "CHANGE_ME"
+
+
+class InfraSettings(BaseModel):
+    api_external_url: str = "http://localhost:8001"
+    supabase: InfraSupabaseSettings = Field(default_factory=InfraSupabaseSettings)
+    jwt: InfraJwtSettings = Field(default_factory=InfraJwtSettings)
+
+
+def _resolve_env_file() -> str:
+    current = Path(__file__).resolve()
+    for parent in [current, *current.parents]:
+        candidate = parent / ".env"
+        if candidate.is_file():
+            return str(candidate)
+    return ".env"
+
+
+class Settings(BaseSettings):
+    runtime: RuntimeSettings = RuntimeSettings()
+    app: AppSettings = AppSettings()
+    cors: CorsSettings = CorsSettings()
+    infra: InfraSettings = Field(default_factory=InfraSettings)
+
+    @computed_field
+    def supabase(self) -> SupabaseSettings:
+        return SupabaseSettings(
+            url=self.infra.supabase.public_url or self.infra.api_external_url,
+            anon_key=self.infra.supabase.anon_key,
+            service_role_key=self.infra.supabase.service_role_key,
+            jwt_secret=self.infra.jwt.secret,
+        )
+
+    model_config: ClassVar[SettingsConfigDict] = SettingsConfigDict(
+        env_file=_resolve_env_file(),
+        env_prefix="SOCIAL_",
+        env_nested_delimiter="__",
+        case_sensitive=False,
+        extra="ignore",
+    )
+
+
+config = Settings()