package ratelimit

import (
	"github.com/redis/go-redis/v9"
	"go.uber.org/zap"

	"codeberg.org/mapleopentech/monorepo/cloud/maplepress-backend/config"
)

// ProvideLoginRateLimiter creates a LoginRateLimiter for dependency injection
// CWE-307: Implements rate limiting and account lockout protection against brute force attacks
func ProvideLoginRateLimiter(client *redis.Client, cfg *config.Config, logger *zap.Logger) LoginRateLimiter {
	// Use configuration from environment variables
	loginConfig := LoginRateLimiterConfig{
		MaxAttemptsPerIP:            cfg.RateLimit.LoginMaxAttemptsPerIP,
		IPWindow:                    cfg.RateLimit.LoginIPWindow,
		MaxFailedAttemptsPerAccount: cfg.RateLimit.LoginMaxFailedAttemptsPerAccount,
		AccountLockoutDuration:      cfg.RateLimit.LoginAccountLockoutDuration,
		KeyPrefix:                   "login_rl",
	}

	return NewLoginRateLimiter(client, loginConfig, logger)
}