<?php
namespace JVBase\rest;

use WP_REST_Request;

if (!defined('ABSPATH')) {
	exit;
}

/**
 * Handles rate limiting for REST requests
 */
class RateLimits
{
	protected string $cacheGroup = 'jvb_rate_limits';

	protected array $defaults = [
		'GET' => ['count' => 1000, 'window' => 3600],
		'POST' => ['count' => 100, 'window' => 3600],
		'PUT' => ['count' => 100, 'window' => 3600],
		'PATCH' => ['count' => 100, 'window' => 3600],
		'DELETE' => ['count' => 50, 'window' => 3600],
	];

	/**
	 * Check if request is within rate limits
	 *
	 * @param WP_REST_Request $request
	 * @param int|null $limit Optional custom limit (overrides defaults)
	 * @param int|null $window Optional custom window in seconds (overrides defaults)
	 * @return bool True if within limits, false if exceeded
	 */
	public function checkLimit(WP_REST_Request $request, ?int $limit = null, ?int $window = null): bool
	{
		$method = $request->get_method();
		$default = $this->defaults[$method] ?? $this->defaults['GET'];

		$limit = $limit ?? $default['count'];
		$window = $window ?? $default['window'];

		$key = $this->getCacheKey($request, $window);
		$current = (int) wp_cache_get($key, $this->cacheGroup);

		if ($current >= $limit) {
			return false;
		}

		// Increment or initialize
		if ($current === 0) {
			wp_cache_set($key, 1, $this->cacheGroup, $window);
		} else {
			wp_cache_incr($key, 1, $this->cacheGroup);
		}

		return true;
	}

	/**
	 * Get remaining requests for current window
	 */
	public function getRemaining(WP_REST_Request $request, ?int $limit = null, ?int $window = null): int
	{
		$method = $request->get_method();
		$default = $this->defaults[$method] ?? $this->defaults['GET'];

		$limit = $limit ?? $default['count'];
		$window = $window ?? $default['window'];

		$key = $this->getCacheKey($request, $window);
		$current = (int) wp_cache_get($key, $this->cacheGroup);

		return max(0, $limit - $current);
	}

	/**
	 * Reset rate limit for a request pattern
	 */
	public function reset(WP_REST_Request $request, ?int $window = null): void
	{
		$method = $request->get_method();
		$default = $this->defaults[$method] ?? $this->defaults['GET'];
		$window = $window ?? $default['window'];

		$key = $this->getCacheKey($request, $window);
		wp_cache_delete($key, $this->cacheGroup);
	}

	protected function getCacheKey(WP_REST_Request $request, int $window): string
	{
		$ip = $request->get_header('X-Forwarded-For') ?: ($_SERVER['REMOTE_ADDR'] ?? 'unknown');
		$userId = get_current_user_id();
		$method = $request->get_method();
		$route = $request->get_route();

		// Include window in key so different windows don't collide
		return "rate:{$ip}:{$userId}:{$method}:{$route}:{$window}";
	}
}