freealberta/map/app/middleware/rateLimiter.js

const rateLimit = require('express-rate-limit');
const config = require('../config');

// Helper to extract real IP with Cloudflare support
const keyGenerator = (req) => {
    return req.headers['cf-connecting-ip'] || 
           req.headers['x-forwarded-for']?.split(',')[0] || 
           req.ip;
};

// General API rate limiter
const apiLimiter = rateLimit({
    windowMs: 15 * 60 * 1000, // 15 minutes
    max: 100,
    keyGenerator,
    standardHeaders: true,
    legacyHeaders: false,
    message: 'Too many requests, please try again later.'
});

// Strict limiter for write operations
const strictLimiter = rateLimit({
    windowMs: 15 * 60 * 1000,
    max: 20,
    keyGenerator,
    message: 'Too many write operations, please try again later.'
});

// Auth-specific limiter
const authLimiter = rateLimit({
    windowMs: 15 * 60 * 1000,
    max: config.isProduction ? 10 : 50,
    keyGenerator,
    standardHeaders: true,
    legacyHeaders: false,
    message: 'Too many login attempts, please try again later.',
    skipSuccessfulRequests: true
});

module.exports = {
    apiLimiter,
    strictLimiter,
    authLimiter
};