fix(ratelimit): block on 5th attempt not 6th

This commit is contained in:
2026-04-22 10:49:03 +02:00
parent e4cff38773
commit 621d4e1bf1

View File

@@ -76,8 +76,8 @@ func RateLimitAuth(next http.Handler) http.Handler {
v.lastSeen = time.Now() v.lastSeen = time.Now()
} }
// If more than 5 attempts within a minute, block // If 5 or more attempts within a minute, block
if exists && v.attempts > 5 { if exists && v.attempts >= 5 {
mu.Unlock() mu.Unlock()
if strings.HasPrefix(r.URL.Path, "/") { if strings.HasPrefix(r.URL.Path, "/") {
http.Redirect(w, r, fmt.Sprintf("%s?error=rate_limited", r.URL.Path), http.StatusFound) http.Redirect(w, r, fmt.Sprintf("%s?error=rate_limited", r.URL.Path), http.StatusFound)