§
    ým·iK  ã                  ó  — U d Z ddlmZ ddlZddlmZ ddlmZmZ ddl	m
Z
 ddlmZ ddlmZ dd	lmZ dd
lmZ  ee¦  «        Zdej        ej        fdej        ej        fdgZded<   ej        ej        fZdd„Zdd„Z G d„ de¦  «        Z dS )u×  Fixed-window rate-limiting middleware backed by Redis.

Strategy
--------
For each (path_prefix, identifier) pair, we maintain a Redis key with a
fixed-window counter (æŒ‰æ—¶é—´çª—å£åˆ†æ¡¶è®¡æ•°).  The identifier is the JWT
``sub`` claim when available, otherwise the client IP address.

Limits (requests / window_seconds):
    POST /api/ai/v1/research   â†’  10 / 60   (LLM-heavy endpoint)
    GET  /api/ai/v1/search     â†’  60 / 60
    POST /api/ai/v1/ingest     â†’ 200 / 60   (machine-to-machine webhook)
    *  (default)               â†’ 200 / 60

Configuration can be overridden via environment variables:
    RATE_LIMIT_RESEARCH   = "10/60"
    RATE_LIMIT_SEARCH     = "60/60"
    RATE_LIMIT_DEFAULT    = "200/60"
    RATE_LIMIT_ENABLED    = "true"

åŸºäºŽ Redis å›ºå®šçª—å£çš„è¯·æ±‚é™æµä¸­é—´ä»¶ã€‚
æŒ‰ (è·¯å¾„å‰ç¼€, ç”¨æˆ·æ ‡è¯†) ç»´åº¦è®¡æ•°ï¼Œè¶…è¿‡é˜ˆå€¼è¿”å›ž 429ã€‚
é‡‡ç”¨ fail-open ç­–ç•¥ï¼šRedis ä¸å¯ç”¨æ—¶æ”¾è¡Œè¯·æ±‚ï¼Œé¿å…å› ç¼“å­˜æ•…éšœé˜»å¡žä¸šåŠ¡ã€‚
é    )ÚannotationsN)ÚCallable)ÚRequestÚResponse)ÚJSONResponse)ÚBaseHTTPMiddleware)ÚASGIApp)Úsettings)Ú
get_loggerz/api/ai/v1/researchz/api/ai/v1/search)z/api/ai/v1/ingestéÈ   é<   zlist[tuple[str, int, int]]Ú_LIMITSÚpathÚstrÚreturnútuple[int, int]c                ób   — t           D ]!\  }}}|                      |¦  «        r||fc S Œ"t          S ©N)r   Ú
startswithÚ_DEFAULT_LIMIT)r   ÚprefixÚmax_reqÚwindows       ú3D:\work\zm-rag\backend\app\middleware\rate_limit.pyÚ
_get_limitr   5   sG   € Ý#*ð #ð #Ñˆ˜Ø?Š?˜6Ñ"Ô"ð 	#Ø˜F?Ð"Ð"Ð"ð	#åÐó    Úrequestr   c                óv  — | j                              dd¦  «        }|                     d¦  «        r¨|dd…         }	 ddl}ddl}|                     d¦  «        }t          |¦  «        dk    r\|d	         d
t          |d	         ¦  «         dz  z  z   }|                     |                     |¦  «        ¦  «        }d|v rd|d         › S n# t          $ r Y nw xY w| j                              dd¦  «        }|r0d|                     d¦  «        d          
                    ¦   «         › S | j        }	d|	r|	j        nd› S )z4Extract per-client identifier: JWT sub or client IP.ÚAuthorizationÚ zBearer é   Nr   ú.é   é   Ú=é   Úsubzuser:zX-Forwarded-Forzip:Ú,Úunknown)ÚheadersÚgetr   Úbase64ÚjsonÚsplitÚlenÚloadsÚurlsafe_b64decodeÚ	ExceptionÚstripÚclientÚhost)
r   Úauth_headerÚtokenr,   Ú_jsonÚpartsÚpayload_b64ÚpayloadÚforwarded_forr4   s
             r   Ú_extract_identifierr=   <   si  € à”/×%Ò% o°rÑ:Ô:€KØ×Ò˜iÑ(Ô(ð Ø˜A˜B˜B”ˆð	à(Ð(Ð(Ð(Ð(Ð(Ð(Ð(Ø—K’K Ñ$Ô$ˆEÝ5‰zŒz˜QŠˆà# Aœh¨µ°U¸1´X±´°ÀÑ0BÑ)CÑCØŸ+š+ f×&>Ò&>¸{Ñ&KÔ&KÑLÔLØ˜GÐ#Ð#Ø3 7¨5¤>Ð3Ð3Ð3øøÝð 	ð 	ð 	ØˆDð	øøøð ”O×'Ò'Ð(9¸2Ñ>Ô>€MØð ;Ø:]×(Ò(¨Ñ-Ô-¨aÔ0×6Ò6Ñ8Ô8Ð:Ð:Ð:ØŒ^€FØ7 Ð5”¨IÐ7Ð7Ð7s   ¼BC	 Ã	
CÃCc                  ó,   ‡ — e Zd ZdZdˆ fd„Zdd„Zˆ xZS )ÚRateLimitMiddlewareu(  Fixed-window rate limiting via Redis atomic INCR + EXPIRE.

    Skips rate limiting if Redis is unavailable (fail-open).

    å›ºå®šçª—å£é™æµä¸­é—´ä»¶ï¼Œä½¿ç”¨ Redis INCR + EXPIRE åŽŸå­æ“ä½œå®žçŽ°è®¡æ•°ã€‚
    ä»…å¯¹ /api/ai/ è·¯å¾„ç”Ÿæ•ˆï¼ŒRedis æ•…éšœæ—¶è‡ªåŠ¨æ”¾è¡Œï¼ˆfail-openï¼‰ã€‚
    Úappr	   r   ÚNonec                óJ   •— t          ¦   «                              |¦  «         d S r   )ÚsuperÚ__init__)Úselfr@   Ú	__class__s     €r   rD   zRateLimitMiddleware.__init___   s!   ø€ Ý‰Œ×Ò˜ÑÔÐÐÐr   r   r   Ú	call_nextr   r   c              ƒ  óh  K  — t           j        s ||¦  «        ƒ d {V —†S |j        j        }|                     d¦  «        s ||¦  «        ƒ d {V —†S |dk    r ||¦  «        ƒ d {V —†S 	 |j        j        j        j        }t          |¦  «        \  }}t          |¦  «        }t          t          j        ¦   «         ¦  «        |z  }d|                     d¦  «        dk    r|                     d¦  «        d         nd› d|› d|› }	|                     |	¦  «        ƒ d {V —†}
|
dk    r|                     |	|d	z  ¦  «        ƒ d {V —† |
|k    rHt"                               d
|||
|¬¦  «         t'          dd|› d||dœdt)          |¦  «        i¬¦  «        S  ||¦  «        ƒ d {V —†}t)          |¦  «        |j        d<   t)          t-          d||
z
  ¦  «        ¦  «        |j        d<   |S # t.          $ rD}t"                               dt)          |¦  «        ¬¦  «          ||¦  «        ƒ d {V —†cY d }~S d }~ww xY w)Nz/api/ai/z/healthzrl:ú/r&   Úapiú:r$   é   Úrate_limit_exceeded)r   Ú
identifierÚcountÚlimiti­  u   è¯·æ±‚é¢‘çŽ‡è¶…å‡ºé™åˆ¶ï¼Œè¯· u    ç§’åŽé‡è¯•ã€‚)ÚdetailrP   Úwindow_secondszRetry-After)Ústatus_codeÚcontentr*   zX-RateLimit-Limitr   zX-RateLimit-RemainingÚrate_limit_redis_error)Úerror)r
   Úrate_limit_enabledÚurlr   r   r@   ÚstateÚredis_clientÚrawr   r=   ÚintÚtimerO   r.   ÚincrÚexpireÚloggerÚwarningr   r   r*   Úmaxr2   )rE   r   rG   r   Úredisr   r   rN   ÚbucketÚkeyÚcurrentÚresponseÚexcs                r   ÚdispatchzRateLimitMiddleware.dispatchb   sÙ  è è € ÝÔ*ð 	,Ø"˜ 7Ñ+Ô+Ð+Ð+Ð+Ð+Ð+Ð+Ð+ð Œ{ÔˆØŠ˜zÑ*Ô*ð 	,Ø"˜ 7Ñ+Ô+Ð+Ð+Ð+Ð+Ð+Ð+Ð+ð 9ÒÐØ"˜ 7Ñ+Ô+Ð+Ð+Ð+Ð+Ð+Ð+Ð+ð'	,Ø”KÔ%Ô2Ô6ˆEÝ(¨Ñ.Ô.‰OˆGVÝ,¨WÑ5Ô5ˆJõ œ™œÑ%Ô%¨Ñ/ˆFØe¨d¯jªj¸©o¬oÀÒ.BÐ.B˜Ÿ
š
 3™œ¨Ô*Ð*ÈÐeÐeÐPZÐeÐeÐ]cÐeÐeˆCà!ŸJšJ s™OœOÐ+Ð+Ð+Ð+Ð+Ð+ˆGØ˜!Š|ˆ|Ø—l’l 3¨°©
Ñ3Ô3Ð3Ð3Ð3Ð3Ð3Ð3Ð3à˜Ò Ð Ý—’Ø)ØØ)Ø!Ø!ð ñ ô ð õ $Ø #à"\ÀFÐ"\Ð"\Ð"\Ø!(Ø*0ðð ð
 +­C°©K¬KÐ8ðñ ô ð ð '˜Y wÑ/Ô/Ð/Ð/Ð/Ð/Ð/Ð/ˆHÝ47¸±L´LˆHÔÐ0Ñ1Ý8;½CÀÀ7ÈWÑCTÑ<UÔ<UÑ8VÔ8VˆHÔÐ4Ñ5ØˆOøåð 	,ð 	,ð 	,åNŠNÐ3½3¸s¹8¼8ˆNÑDÔDÐDØ"˜ 7Ñ+Ô+Ð+Ð+Ð+Ð+Ð+Ð+Ð+Ð+Ð+Ð+Ð+Ð+øøøøð	,øøøs&   Á*D&G# ÆAG# Ç#
H1Ç-9H,È&H1È,H1)r@   r	   r   rA   )r   r   rG   r   r   r   )Ú__name__Ú
__module__Ú__qualname__Ú__doc__rD   ri   Ú__classcell__)rF   s   @r   r?   r?   V   s[   ø€ € € € € ðð ðð ð ð ð ð ð4,ð 4,ð 4,ð 4,ð 4,ð 4,ð 4,ð 4,r   r?   )r   r   r   r   )r   r   r   r   )!rm   Ú
__future__r   r]   Útypingr   Úfastapir   r   Úfastapi.responsesr   Ústarlette.middleware.baser   Ústarlette.typesr	   Ú
app.configr
   Úapp.utils.loggerr   rj   r`   Úrate_limit_research_maxÚrate_limit_research_windowÚrate_limit_search_maxÚrate_limit_search_windowr   Ú__annotations__Úrate_limit_default_maxÚrate_limit_default_windowr   r   r=   r?   © r   r   ú<module>r      s}  ððð ð ð2 #Ð "Ð "Ð "Ð "Ð "à €€€Ø Ð Ð Ð Ð Ð à %Ð %Ð %Ð %Ð %Ð %Ð %Ð %Ø *Ð *Ð *Ð *Ð *Ð *Ø 8Ð 8Ð 8Ð 8Ð 8Ð 8Ø #Ð #Ð #Ð #Ð #Ð #à Ð Ð Ð Ð Ð Ø 'Ð 'Ð 'Ð 'Ð 'Ð 'à	ˆHÑ	Ô	€ð ˜HÔ<¸hÔ>aÐbØ˜(Ô8¸(Ô:[Ð\Ø"ð'€ð ð ð ñ ð
 Ô1°8Ô3UÐV€ðð ð ð ð8ð 8ð 8ð 8ð4@,ð @,ð @,ð @,ð @,Ð,ñ @,ô @,ð @,ð @,ð @,r   