from django.db import models
from django.conf import settings


class WebAuthnCredential(models.Model):
    """Stores a registered WebAuthn (passkey/biometric) credential for a user."""
    user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE, related_name='webauthn_credentials')
    credential_id = models.TextField(unique=True)   # base64url-encoded
    public_key = models.BinaryField()               # COSE-encoded public key bytes
    sign_count = models.PositiveIntegerField(default=0)
    created_at = models.DateTimeField(auto_now_add=True)

    def __str__(self):
        return f"WebAuthnCredential(user={self.user.username})"


class WebAuthnChallenge(models.Model):
    """Temporary storage for a pending WebAuthn challenge (expires after use)."""
    user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE, related_name='webauthn_challenges')
    challenge = models.TextField()   # base64url-encoded random bytes
    created_at = models.DateTimeField(auto_now_add=True)

    class Meta:
        indexes = [models.Index(fields=['user', 'created_at'])]