package middleware

import (
	"net/http"
	"strings"
	"time"

	"github.com/go-chi/httprate"
)

// RateLimit returns a middleware that limits requests per minute by IP.
// Admin routes are skipped.
// GET /v1/invoices/{hash} is skipped: the SPA polls invoice status ~30/min while
// the default global limit is 30/min, which starves pricing and user lookups on the same IP.
func RateLimit(perMin int) func(http.Handler) http.Handler {
	if perMin <= 0 {
		return func(next http.Handler) http.Handler { return next }
	}
	limiter := httprate.LimitByIP(perMin, time.Minute)
	return func(next http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			if strings.HasPrefix(r.URL.Path, "/v1/admin/") {
				next.ServeHTTP(w, r)
				return
			}
			if r.Method == http.MethodGet && strings.HasPrefix(r.URL.Path, "/v1/invoices/") {
				next.ServeHTTP(w, r)
				return
			}
			limiter(next).ServeHTTP(w, r)
		})
	}
}