Add admin config page and runtime-tunable upload/rate-limit settings

cmd/server/main.go

@@ -3,6 +3,7 @@ package main
 import (
 	"ResendIt/internal/api/middleware"
 	"ResendIt/internal/auth"
+	"ResendIt/internal/config"
 	"ResendIt/internal/db"
 	"ResendIt/internal/file"
 	"ResendIt/internal/user"
@@ -32,7 +33,7 @@ func main() {
 		panic(fmt.Errorf("failed to connect database: %w", err))
 	}
 
-	err = dbCon.AutoMigrate(&user.User{}, &file.FileRecord{})
+	err = dbCon.AutoMigrate(&user.User{}, &file.FileRecord{}, &config.ConfigEntry{})
 	if err != nil {
 		fmt.Printf("Error migrating database: %v\n", err)
 		return
@@ -69,22 +70,33 @@ func main() {
 	userService := user.NewService(userRepo)
 	userHandler := user.NewHandler(userService)
 
+	configRepo := config.NewRepository(dbCon)
+	configService := config.NewService(configRepo)
+
 	fileRepo := file.NewRepository(dbCon)
 	fileService := file.NewService(fileRepo, "./uploads")
-	fileHandler := file.NewHandler(fileService)
+	fileHandler := file.NewHandler(fileService, configService)
 
 	createAdminUser(userService)
 
 	apiRoute := r.Group("/api")
 	// General API rate limiting to reduce abuse/spam.
-	// ~60 req/min per IP with some burst room.
-	apiRoute.Use(middleware.RateLimitByIP(60, time.Minute, 30, 5*time.Minute))
+	apiRoute.Use(middleware.RateLimitByIPDynamic(
+		func() int {
+			return configService.GetIntDefault(config.KeyRateLimitApiPerMinute, config.DefaultRateLimitApiPerMinute)
+		},
+		time.Minute,
+		func() int {
+			return configService.GetIntDefault(config.KeyRateLimitApiBurst, config.DefaultRateLimitApiBurst)
+		},
+		5*time.Minute,
+	))
 
-	auth.RegisterRoutes(apiRoute, authHandler)
+	auth.RegisterRoutes(apiRoute, authHandler, configService)
 	user.RegisterRoutes(apiRoute, userHandler)
 	file.RegisterRoutes(apiRoute, fileHandler)
 
-	webHandler := web.NewHandler(fileService)
+	webHandler := web.NewHandler(fileService, configService)
 	web.RegisterRoutes(r, webHandler, userService)
 
 	port := os.Getenv("PORT")