from slowapi import Limiter


def _get_real_ip(request) -> str:
    """Extract real client IP, respecting X-Forwarded-For from trusted proxies."""
    forwarded = request.headers.get("X-Forwarded-For")
    if forwarded:
        return forwarded.split(",")[0].strip()
    return request.client.host if request.client else "unknown"


# Redis DB 1 keeps rate-limit counters separate from Celery (DB 0)
limiter = Limiter(key_func=_get_real_ip, storage_uri="redis://redis:6379/1")