"""Authentication Pydantic models.

Request, response, and domain models used by the auth router and service.
"""

from pydantic import BaseModel, ConfigDict, Field


class LoginRequest(BaseModel):
    """Payload for ``POST /api/auth/login``."""

    model_config = ConfigDict(strict=True)

    password: str = Field(..., description="Master password to authenticate with.")


class LoginResponse(BaseModel):
    """Successful login response.

    The session token is also set as an ``HttpOnly`` cookie by the router.
    This model documents the JSON body for API-first consumers.
    """

    model_config = ConfigDict(strict=True)

    token: str = Field(..., description="Session token for use in subsequent requests.")
    expires_at: str = Field(..., description="ISO 8601 UTC expiry timestamp.")


class LogoutResponse(BaseModel):
    """Response body for ``POST /api/auth/logout``."""

    model_config = ConfigDict(strict=True)

    message: str = Field(default="Logged out successfully.")


class Session(BaseModel):
    """Internal domain model representing a persisted session record."""

    model_config = ConfigDict(strict=True)

    id: int = Field(..., description="Auto-incremented row ID.")
    token: str = Field(..., description="Opaque session token.")
    created_at: str = Field(..., description="ISO 8601 UTC creation timestamp.")
    expires_at: str = Field(..., description="ISO 8601 UTC expiry timestamp.")