from django.conf import settings
from cryptography.fernet import Fernet, InvalidToken


class SecretManager:
    """
    Enterprise-grade secret handler:
    - Lazy decryption
    - Automatic caching
    - Supports encrypted OR plain values
    - Centralized logic
    """

    _cache = {}
    _fernet = None

    @classmethod
    def _get_fernet(cls):
        if cls._fernet is None:
            cls._fernet = Fernet(settings.MASTER_ENCRYPTION_KEY.encode())
        return cls._fernet

    @classmethod
    def encrypt(cls, value: str) -> str:
        return cls._get_fernet().encrypt(value.encode()).decode()

    @classmethod
    def decrypt(cls, value: str) -> str:
        return cls._get_fernet().decrypt(value.encode()).decode()

    @classmethod
    def get(cls, setting_name: str):
        if setting_name in cls._cache:
            return cls._cache[setting_name]

        raw_value = getattr(settings, setting_name)

        # Try decrypting — if fails, assume plain text
        try:
            decrypted = cls.decrypt(raw_value)
            cls._cache[setting_name] = decrypted
        except (InvalidToken, AttributeError):
            cls._cache[setting_name] = raw_value

        return cls._cache[setting_name]