library/api/src/app/plugins/rate-limit.ts

/**
 * @copyright 2026 NHCarrigan
 * @license Naomi's Public License
 * @author Naomi Carrigan
 */

import { FastifyPluginAsync } from "fastify";
import fastifyPlugin from "fastify-plugin";
import fastifyRateLimit from "@fastify/rate-limit";
import { AuditService } from "../services/audit.service";
import { AuditAction, AuditCategory } from "@library/shared-types";

const rateLimitPlugin: FastifyPluginAsync = async (app) => {
  await app.register(fastifyRateLimit, {
    max: 100,
    timeWindow: "1 minute",
    errorResponseBuilder: (request) => {
      // Log rate limit exceeded event
      AuditService.log({
        action: AuditAction.RATE_LIMIT_EXCEEDED,
        category: AuditCategory.SECURITY,
        details: `Rate limit exceeded for URL: ${request.url}`,
        success: false,
      }, request).catch(() => {
        // Ignore logging errors to avoid blocking the response
      });

      return {
        statusCode: 429,
        error: "Too Many Requests",
        message: "You have exceeded the rate limit. Please try again later.",
      };
    },
  });
};

export default fastifyPlugin(rateLimitPlugin);