astro_avtourist/frontend/src/pages/api/consultation.ts

import type { APIRoute } from 'astro';
import { pb } from '../../lib/pb';

const RATE_LIMIT_WINDOW = 60 * 1000;
const MAX_REQUESTS = 3;

const requestCounts = new Map<string, { count: number; timestamp: number }>();

function checkRateLimit(ip: string): boolean {
  const now = Date.now();
  const record = requestCounts.get(ip);
  
  if (!record || now - record.timestamp > RATE_LIMIT_WINDOW) {
    requestCounts.set(ip, { count: 1, timestamp: now });
    return true;
  }
  
  if (record.count >= MAX_REQUESTS) {
    return false;
  }
  
  record.count++;
  return true;
}

function validatePhone(phone: string): boolean {
  const cleaned = phone.replace(/\D/g, '');
  return cleaned.length >= 10 && cleaned.length <= 15;
}

export const POST: APIRoute = async ({ request }) => {
  const clientIP = request.headers.get('x-forwarded-for')?.split(',')[0] || 
                   request.headers.get('x-real-ip') || 
                   'unknown';
  
  if (!checkRateLimit(clientIP)) {
    return new Response(JSON.stringify({
      success: false,
      error: 'Слишком много запросов. Попробуйте позже.'
    }), { status: 429 });
  }

  try {
    const data = await request.json();

    const { name, phone, service, website } = data;

    if (website) {
      return new Response(JSON.stringify({
        success: false,
        error: 'Спам обнаружен'
      }), { status: 400 });
    }

    if (!name || !phone) {
      return new Response(JSON.stringify({
        success: false,
        error: 'Имя и телефон обязательны'
      }), { status: 400 });
    }

    if (name.length < 2 || name.length > 100) {
      return new Response(JSON.stringify({
        success: false,
        error: 'Некорректное имя'
      }), { status: 400 });
    }

    if (!validatePhone(phone)) {
      return new Response(JSON.stringify({
        success: false,
        error: 'Некорректный номер телефона'
      }), { status: 400 });
    }

    const record = await pb.collection('consultations').create({
      name: name.trim(),
      phone: phone.replace(/\D/g, ''),
      service: service || '',
      status: 'new',
      created_at: new Date().toISOString(),
    });

    return new Response(JSON.stringify({
      success: true,
      message: 'Заявка отправлена! Мы свяжемся с вами в течение 15 минут.',
      id: record.id
    }), { status: 201 });

  } catch (error: any) {
    console.error('Consultation error:', error);

    return new Response(JSON.stringify({
      success: false,
      error: error.message || 'Ошибка при отправке заявки'
    }), { status: 400 });
  }
};