import rateLimit from 'express-rate-limit';
import { config } from '../config';
import { createLogger } from '../utils/logger';
import { rateLimitCounter } from '../utils/metrics';

const logger = createLogger('RateLimit');

/**
 * Rate limiter for API endpoints
 */
export const apiLimiter = rateLimit({
  windowMs: config.rateLimit.windowMs,
  max: config.rateLimit.maxRequests,
  standardHeaders: true,
  legacyHeaders: false,
  handler: (req, res) => {
    rateLimitCounter.inc();
    logger.warn('Rate limit exceeded', {
      ip: req.ip,
      path: req.path,
    });
    res.status(429).json({
      error: 'Too many requests, please try again later.',
    });
  },
  skip: (req) => {
    // Skip rate limiting for health checks
    return req.path === '/health' || req.path === '/metrics';
  },
});

/**
 * Stricter rate limiter for authentication endpoints
 */
export const authLimiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 500, // generous limit for development — multi-backend price checks re-authenticate per endpoint
  standardHeaders: true,
  legacyHeaders: false,
  handler: (req, res) => {
    rateLimitCounter.inc();
    logger.warn('Auth rate limit exceeded', {
      ip: req.ip,
      path: req.path,
    });
    res.status(429).json({
      error: 'Too many authentication attempts, please try again later.',
    });
  },
});

/**
 * Rate limiter for session creation
 */
export const sessionLimiter = rateLimit({
  windowMs: 60 * 1000, // 1 minute
  max: 10, // 10 sessions per minute
  standardHeaders: true,
  legacyHeaders: false,
  handler: (req, res) => {
    rateLimitCounter.inc();
    logger.warn('Session creation rate limit exceeded', {
      ip: req.ip,
      user: (req as any).user?.email,
    });
    res.status(429).json({
      error: 'Too many sessions created, please try again later.',
    });
  },
  keyGenerator: (req) => {
    // Rate limit per user, not per IP
    return (req as any).user?.userId || req.ip || 'unknown';
  },
});