from django.db import models
from django.conf import settings
from coresite.mixin import AbstractTimeStampModel


class UserTwoFactor(AbstractTimeStampModel):
    user = models.OneToOneField(
        settings.AUTH_USER_MODEL,
        on_delete=models.CASCADE,
        related_name="two_factor"
    )

    is_enabled = models.BooleanField(default=False)

    # TOTP secret (Base32)
    secret = models.CharField(max_length=32)

    confirmed_at = models.DateTimeField(null=True, blank=True)

    def __str__(self):
        return f"2FA for {self.user.email}"

class RecoveryCode(models.Model):
    user = models.ForeignKey(
        settings.AUTH_USER_MODEL,
        on_delete=models.CASCADE,
        related_name="recovery_codes"
    )
    code_hash = models.CharField(max_length=128)
    used = models.BooleanField(default=False)
    created_at = models.DateTimeField(auto_now_add=True)