utils/security.py

import time
import hmac
import hashlib
from fastapi import HTTPException

REQUEST_LOG = {}
WINDOW_SECONDS = 10
MAX_REQUESTS = 6


def rate_limit(ip):
    t = time.time()
    entries = REQUEST_LOG.get(ip, [])
    entries = [x for x in entries if t - x < WINDOW_SECONDS]

    if len(entries) >= MAX_REQUESTS:
        raise HTTPException(
            status_code=429,
            detail="Too many requests."
        )

    REQUEST_LOG[ip] = entries + [t]


def sign_payload(payload, secret):
    return hmac.new(
        secret.encode(),
        payload.encode(),
        hashlib.sha256
    ).hexdigest()