"""
安全模块 (src/security)
统一导出所有安全组件

包含:
- auth: RBAC 角色权限 + JWT 认证
- middleware: 安全中间件（JWT 认证、CORS、限流、CSRF、安全 Headers）
- encryption: 数据加密（AES-256-GCM）+ 响应脱敏
- input_validator: 输入验证 + 注入防护
- audit: 操作审计日志
- config: 安全配置
"""

# 认证与权限
from .auth import (
    Role,
    ROLE_PERMISSIONS,
    hash_password,
    verify_password,
    create_access_token,
    create_refresh_token,
    decode_token,
    verify_access_token,
    verify_refresh_token,
    get_user_roles,
    check_permission,
    require_role,
    require_permission,
    extract_token_from_header,
    validate_password_strength,
)

# 中间件
from .middleware import (
    SecurityMiddleware,
    RateLimiter,
    get_rate_limiter,
    generate_csrf_token,
    validate_csrf_token,
    get_client_ip,
    cors_middleware,
)

# 加密
from .encryption import (
    FieldEncryptor,
    get_encryptor,
    encrypt_field,
    decrypt_field,
    encrypt_dict,
    decrypt_dict,
    encrypt_config_file,
    decrypt_config_file,
    mask_phone,
    mask_id_card,
    mask_email,
    mask_bank_card,
    mask_name,
    mask_ip,
    mask_response,
)

# 输入验证
from .input_validator import (
    detect_sql_injection,
    sanitize_sql_value,
    detect_xss,
    escape_html,
    sanitize_html,
    FileUploadValidator,
    file_validator,
    validate_file_upload,
    sanitize_string,
    sanitize_number,
    validate_email_format,
    validate_phone_format,
    validate_id_card_format,
)

# 审计
from .audit import (
    AuditAction,
    AuditResult,
    AuditSeverity,
    AuditEvent,
    AuditLogger,
    AuditStorage,
    AuditAlertManager,
    get_audit_logger,
)

# 配置
from .config import (
    security_config,
    SecurityConfig,
    JWTConfig,
    EncryptionConfig,
    RateLimitConfig,
    CORSConfig,
    PasswordPolicyConfig,
    AuditConfig,
)

__all__ = [
    # Auth
    "Role", "ROLE_PERMISSIONS",
    "hash_password", "verify_password",
    "create_access_token", "create_refresh_token",
    "decode_token", "verify_access_token", "verify_refresh_token",
    "get_user_roles", "check_permission",
    "require_role", "require_permission",
    "extract_token_from_header", "validate_password_strength",
    # Middleware
    "SecurityMiddleware", "RateLimiter", "get_rate_limiter",
    "generate_csrf_token", "validate_csrf_token",
    "get_client_ip", "cors_middleware",
    # Encryption
    "FieldEncryptor", "get_encryptor",
    "encrypt_field", "decrypt_field",
    "encrypt_dict", "decrypt_dict",
    "encrypt_config_file", "decrypt_config_file",
    "mask_phone", "mask_id_card", "mask_email",
    "mask_bank_card", "mask_name", "mask_ip", "mask_response",
    # Input Validator
    "detect_sql_injection", "sanitize_sql_value",
    "detect_xss", "escape_html", "sanitize_html",
    "FileUploadValidator", "file_validator", "validate_file_upload",
    "sanitize_string", "sanitize_number",
    "validate_email_format", "validate_phone_format", "validate_id_card_format",
    # Audit
    "AuditAction", "AuditResult", "AuditSeverity", "AuditEvent",
    "AuditLogger", "AuditStorage", "AuditAlertManager", "get_audit_logger",
    # Config
    "security_config", "SecurityConfig",
    "JWTConfig", "EncryptionConfig", "RateLimitConfig",
    "CORSConfig", "PasswordPolicyConfig", "AuditConfig",
]