import { NextRequest, NextResponse } from "next/server";

/**
 * Rate limiter simple en mémoire.
 * Suffisant pour MVP / pré-prod.
 * (Redis recommandé en scale, mais hors scope ici)
 */

type Bucket = {
  count: number;
  resetAt: number;
};

const buckets = new Map<string, Bucket>();

const WINDOW_MS = 60_000; // 1 minute
const LIMITS = {
  sensitive: 5,   // POST jobs, payments, subscription
  read: 30,       // GET data
};

function getClientKey(req: NextRequest) {
  const ip =
    req.headers.get("x-forwarded-for") ||
    req.headers.get("x-real-ip") ||
    "unknown";

  return `${ip}`;
}

export function rateLimit(
  req: NextRequest,
  type: "sensitive" | "read"
): NextResponse | null {
  const key = `${type}:${getClientKey(req)}`;
  const now = Date.now();

  let bucket = buckets.get(key);

  if (!bucket || bucket.resetAt < now) {
    bucket = {
      count: 0,
      resetAt: now + WINDOW_MS,
    };
    buckets.set(key, bucket);
  }

  bucket.count += 1;

  const limit = LIMITS[type];

  if (bucket.count > limit) {
    return NextResponse.json(
      {
        error: "rate_limited",
        retry_after_seconds: Math.ceil(
          (bucket.resetAt - now) / 1000
        ),
      },
      { status: 429 }
    );
  }

  return null;
}