LightningLotto/back_end/src/middleware/rateLimit.ts

import rateLimit from 'express-rate-limit';

/**
 * Rate limiter for buy endpoint
 * Max 10 calls per IP per minute
 */
export const buyRateLimiter = rateLimit({
  windowMs: 60 * 1000, // 1 minute
  max: 10,
  message: {
    version: '1.0',
    error: 'RATE_LIMIT',
    message: 'Too many purchase requests, please try again later',
    retry_after: 60,
  },
  standardHeaders: true,
  legacyHeaders: false,
  // Skip failed requests - don't count them against the limit
  skipFailedRequests: true,
  // Use IP from request, ignore X-Forwarded-For in development
  validate: { xForwardedForHeader: false },
});

/**
 * Rate limiter for ticket status endpoint
 * Max 60 calls per minute
 */
export const ticketStatusRateLimiter = rateLimit({
  windowMs: 60 * 1000, // 1 minute
  max: 60,
  message: {
    version: '1.0',
    error: 'RATE_LIMIT',
    message: 'Too many status requests, please try again later',
    retry_after: 60,
  },
  standardHeaders: true,
  legacyHeaders: false,
  skipFailedRequests: true,
  validate: { xForwardedForHeader: false },
});

/**
 * General rate limiter
 * Max 100 requests per minute
 */
export const generalRateLimiter = rateLimit({
  windowMs: 60 * 1000, // 1 minute
  max: 100,
  message: {
    version: '1.0',
    error: 'RATE_LIMIT',
    message: 'Too many requests, please try again later',
    retry_after: 60,
  },
  standardHeaders: true,
  legacyHeaders: false,
  skipFailedRequests: true,
  validate: { xForwardedForHeader: false },
});