import rateLimit from "express-rate-limit"; /** Global rate limiter — 200 requests per minute per IP. */ export const globalLimiter = rateLimit({ windowMs: 60_000, max: 200, standardHeaders: true, legacyHeaders: false, keyGenerator: (req) => (req as any).clientIp || req.ip || "unknown", message: { error: "Too many requests. Please wait and try again." }, }); /** Strict limiter for form submissions — 5 per minute per IP (50 in dev/test). */ export const submitLimiter = rateLimit({ windowMs: 60_000, max: process.env.NODE_ENV === "production" ? 5 : 50, standardHeaders: true, legacyHeaders: false, keyGenerator: (req) => (req as any).clientIp || req.ip || "unknown", message: { error: "Too many submissions. Please wait a moment." }, });