import rateLimit from 'express-rate-limit'; const windowMs = process.env.RATE_LIMIT_WINDOW_MS ? parseInt(process.env.RATE_LIMIT_WINDOW_MS, 10) : 15 * 60 * 1000; const maxRequests = process.env.RATE_LIMIT_MAX_REQUESTS ? parseInt(process.env.RATE_LIMIT_MAX_REQUESTS, 10) : 5; // Public form submissions limiter (e.g., quotes/contact) export const publicFormLimiter = rateLimit({ windowMs, // Default: 15 minutes max: maxRequests, // Default: limit each IP to 5 requests per windowMs standardHeaders: true, legacyHeaders: false, message: { error: "Too many requests", details: "Please try again later after 15 minutes", } }); // Stricter limiter for Auth / Logins export const authLimiter = rateLimit({ windowMs: 15 * 60 * 1000, // 15 minutes max: 10, // Limit each IP to 10 login attempts per window standardHeaders: true, legacyHeaders: false, message: { error: "Too many login attempts", details: "Account temporarily locked for 15 minutes due to too many failed attempts" } });