"""
Rate limiting configuration using slowapi with Redis backend.

This module provides rate limiting functionality to protect against
brute force attacks and DoS attempts on sensitive endpoints.
"""

import os

from slowapi import Limiter
from slowapi.util import get_remote_address

from app.core.config import settings

# Use memory storage for testing, Redis for production
# This allows tests to run without a Redis connection
_testing = os.environ.get("TESTING", "").lower() in ("true", "1", "yes")
_storage_uri = "memory://" if _testing else settings.REDIS_URL

# Create limiter instance with appropriate storage
# Uses the client's remote address (IP) as the key for rate limiting
limiter = Limiter(
    key_func=get_remote_address,
    storage_uri=_storage_uri,
    strategy="fixed-window",  # Fixed window strategy for predictable rate limiting
)