const { checkRateLimit } = require('./db');

const LIMITS = {
  ip:      { max: 20, window: 300  },   // 20 req / 5 min
  user:    { max: 5,  window: 600  },   // 5 failures / 10 min lock
  hwid:    { max: 10, window: 900  }    // 10 failures / 15 min lock
};

/**
 * Check all three rate limit dimensions.
 * Returns { allowed, retryAfter } — retryAfter is the longest among triggered limits.
 */
function checkLoginRateLimit(ip, username, hwidCombined) {
  let maxRetryAfter = 0;

  // IP-based
  const ipLimit = checkRateLimit(`ip:${ip}`, 'login', LIMITS.ip.max, LIMITS.ip.window);
  if (!ipLimit.allowed) {
    maxRetryAfter = Math.max(maxRetryAfter, ipLimit.retryAfter);
  }

  // Username-based (only for failed attempts — counted in login handler)
  const userLimit = checkRateLimit(`user:${username}`, 'login', LIMITS.user.max, LIMITS.user.window);
  if (!userLimit.allowed) {
    maxRetryAfter = Math.max(maxRetryAfter, userLimit.retryAfter);
  }

  // HWID-based
  if (hwidCombined) {
    const hwidLimit = checkRateLimit(`hwid:${hwidCombined}`, 'login', LIMITS.hwid.max, LIMITS.hwid.window);
    if (!hwidLimit.allowed) {
      maxRetryAfter = Math.max(maxRetryAfter, hwidLimit.retryAfter);
    }
  }

  return {
    allowed: maxRetryAfter === 0,
    retryAfter: maxRetryAfter
  };
}

module.exports = { checkLoginRateLimit };