"""
Security event model for tracking suspicious activity.
"""

from datetime import datetime

from sqlalchemy import DateTime, JSON, String, Text
from sqlalchemy.orm import Mapped, mapped_column

from app.core.database import Base


class SecurityEvent(Base):
    """Security events (brute-force, flooding, suspicious activity)."""

    __tablename__ = "security_events"

    id: Mapped[int] = mapped_column(primary_key=True)
    timestamp: Mapped[datetime] = mapped_column(DateTime(timezone=True), index=True)

    # Event type
    event_type: Mapped[str] = mapped_column(
        String(50), index=True, nullable=False
    )  # login_bruteforce, device_token_bruteforce, registration_flood, etc.

    # Severity
    severity: Mapped[str] = mapped_column(
        String(20), nullable=False
    )  # low, medium, high, critical

    # Source
    ip_address: Mapped[str | None] = mapped_column(String(45), index=True)
    user_agent: Mapped[str | None] = mapped_column(Text)
    endpoint: Mapped[str | None] = mapped_column(String(255))

    # Details
    description: Mapped[str] = mapped_column(Text, nullable=False)
    event_metadata: Mapped[dict | None] = mapped_column(JSON)  # Additional context

    # Resolution
    resolved: Mapped[bool] = mapped_column(default=False, index=True)
    resolved_at: Mapped[datetime | None] = mapped_column()
    resolved_by: Mapped[int | None] = mapped_column()  # user_id