terraform {
  required_version = ">= 1.5"
  required_providers {
    aws = { source = "hashicorp/aws", version = "~> 5.0" }
  }
}

provider "aws" {
  region = var.aws_region
}

# ============================================================
# Variables
# ============================================================
variable "aws_region" {
  default = "ap-northeast-1"
}
variable "project" {
  default = "sp-transcribe"
}
variable "smtp_host" { type = string }
variable "smtp_port" {
  type    = number
  default = 587
}
variable "smtp_user" { type = string }
variable "smtp_pass" {
  type      = string
  sensitive = true
}
variable "smtp_from" { type = string }
variable "llm_api_url" { type = string }
variable "llm_api_key" {
  type      = string
  sensitive = true
}
variable "llm_model" {
  type    = string
  default = "gpt-4o-mini"
}

locals {
  prefix = var.project
}

# ============================================================
# S3 Bucket
# ============================================================
resource "aws_s3_bucket" "media" {
  bucket_prefix = "${local.prefix}-media-"
  force_destroy = true
}

resource "aws_s3_bucket_lifecycle_configuration" "media" {
  bucket = aws_s3_bucket.media.id
  rule {
    id     = "cleanup"
    status = "Enabled"
    filter {}
    expiration { days = 7 }
  }
}

# ============================================================
# DynamoDB
# ============================================================
resource "aws_dynamodb_table" "users" {
  name         = "${local.prefix}-users"
  billing_mode = "PAY_PER_REQUEST"
  hash_key     = "api_key"

  attribute {
    name = "api_key"
    type = "S"
  }
}

resource "aws_dynamodb_table" "jobs" {
  name         = "${local.prefix}-jobs"
  billing_mode = "PAY_PER_REQUEST"
  hash_key     = "job_id"

  attribute {
    name = "job_id"
    type = "S"
  }

  ttl {
    attribute_name = "ttl"
    enabled        = true
  }
}

# ============================================================
# SSM Parameters (secrets)
# ============================================================
resource "aws_ssm_parameter" "smtp_host" {
  name  = "/${local.prefix}/smtp/host"
  type  = "String"
  value = var.smtp_host
}
resource "aws_ssm_parameter" "smtp_port" {
  name  = "/${local.prefix}/smtp/port"
  type  = "String"
  value = tostring(var.smtp_port)
}
resource "aws_ssm_parameter" "smtp_user" {
  name  = "/${local.prefix}/smtp/user"
  type  = "String"
  value = var.smtp_user
}
resource "aws_ssm_parameter" "smtp_pass" {
  name  = "/${local.prefix}/smtp/pass"
  type  = "SecureString"
  value = var.smtp_pass
}
resource "aws_ssm_parameter" "smtp_from" {
  name  = "/${local.prefix}/smtp/from"
  type  = "String"
  value = var.smtp_from
}
resource "aws_ssm_parameter" "llm_api_url" {
  name  = "/${local.prefix}/llm/api_url"
  type  = "String"
  value = var.llm_api_url
}
resource "aws_ssm_parameter" "llm_api_key" {
  name  = "/${local.prefix}/llm/api_key"
  type  = "SecureString"
  value = var.llm_api_key
}
resource "aws_ssm_parameter" "llm_model" {
  name  = "/${local.prefix}/llm/model"
  type  = "String"
  value = var.llm_model
}