# Copyright (c) 2025 Patrick Motsch
# All rights reserved.
"""
Authentication and authorization modules for routes and services.
High-level security functionality that depends on FastAPI and interfaces.

Multi-Tenant Design:
- RequestContext: Per-request context with user, mandate, feature instance, roles
- getRequestContext: FastAPI dependency to extract context from X-Mandate-Id header
- requireSysAdmin: FastAPI dependency for system-level admin operations
"""

from .authentication import (
    getCurrentUser,
    limiter,
    SECRET_KEY,
    ALGORITHM,
    cookieAuth,
    RequestContext,
    getRequestContext,
    requireSysAdmin,
)
from .jwtService import (
    createAccessToken,
    createRefreshToken,
    setAccessTokenCookie,
    setRefreshTokenCookie,
    clearAccessTokenCookie,
    clearRefreshTokenCookie
)
from .tokenManager import TokenManager
from .tokenRefreshService import token_refresh_service, TokenRefreshService
from .tokenRefreshMiddleware import TokenRefreshMiddleware, ProactiveTokenRefreshMiddleware
from .csrf import CSRFMiddleware

__all__ = [
    # Authentication
    "getCurrentUser",
    "limiter",
    "SECRET_KEY",
    "ALGORITHM",
    "cookieAuth",
    # Multi-Tenant Context
    "RequestContext",
    "getRequestContext",
    "requireSysAdmin",
    # JWT Service
    "createAccessToken",
    "createRefreshToken",
    "setAccessTokenCookie",
    "setRefreshTokenCookie",
    "clearAccessTokenCookie",
    "clearRefreshTokenCookie",
    # Token Management
    "TokenManager",
    "token_refresh_service",
    "TokenRefreshService",
    "TokenRefreshMiddleware",
    "ProactiveTokenRefreshMiddleware",
    # CSRF
    "CSRFMiddleware",
]