"""
Rate Limiter Middleware
Request rate limiting for API protection
"""
from fastapi import FastAPI, Request
from slowapi import Limiter, _rate_limit_exceeded_handler
from slowapi.util import get_remote_address
from slowapi.errors import RateLimitExceeded

from app.config import settings


def get_key_func(request: Request) -> str:
    """
    Get rate limit key based on user or IP.
    Authenticated users use user_id, others use IP.
    """
    # Try to get user from request state (set by auth middleware)
    if hasattr(request.state, "user") and request.state.user:
        return f"user:{request.state.user.id}"
    return get_remote_address(request)


# Create limiter instance
limiter = Limiter(key_func=get_key_func)


def setup_rate_limiting(app: FastAPI):
    """Setup rate limiting middleware"""
    app.state.limiter = limiter
    app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)


# Rate limit decorators for routes
def rate_limit(limit: str = None):
    """
    Rate limit decorator for routes.
    
    Usage:
        @router.get("/api/endpoint")
        @rate_limit("10/minute")
        async def endpoint():
            ...
    """
    if limit is None:
        limit = f"{settings.rate_limit_per_minute}/minute"
    return limiter.limit(limit)


# Predefined rate limits
RATE_LIMIT_LOW = "10/minute"      # Sensitive operations
RATE_LIMIT_MEDIUM = "30/minute"   # Standard API calls
RATE_LIMIT_HIGH = "100/minute"    # High-frequency endpoints
RATE_LIMIT_AUTH = "5/minute"      # Authentication attempts