from rest_framework import serializers

from .models import ApiCredential


def mask_secret(value):
    if not value:
        return ""

    if len(value) <= 4:
        return "****"

    return f"{value[:2]}{'*' * 6}{value[-2:]}"


class ApiCredentialSerializer(serializers.ModelSerializer):
    api_secret = serializers.CharField(write_only=True)
    login_token = serializers.CharField(allow_blank=True, required=False, write_only=True)
    password = serializers.CharField(write_only=True)
    masked_api_secret = serializers.SerializerMethodField()
    masked_login_token = serializers.SerializerMethodField()
    masked_password = serializers.SerializerMethodField()

    class Meta:
        model = ApiCredential
        fields = [
            "id",
            "account_name_en",
            "api_code",
            "api_secret",
            "masked_api_secret",
            "login_token",
            "masked_login_token",
            "user_id",
            "password",
            "masked_password",
            "is_active",
            "created_at",
            "updated_at",
        ]
        read_only_fields = ["id", "created_at", "updated_at"]

    def get_masked_api_secret(self, obj):
        return mask_secret(obj.api_secret)

    def get_masked_login_token(self, obj):
        return mask_secret(obj.login_token)

    def get_masked_password(self, obj):
        return mask_secret(obj.password)
