diff --git a/cmd/server/main.go b/cmd/server/main.go index f6a23d3..d74d31a 100644 --- a/cmd/server/main.go +++ b/cmd/server/main.go @@ -17,7 +17,6 @@ import ( "mal/internal/db" "mal/internal/server" "mal/internal/worker" - "mal/pkg/middleware" ) func main() { @@ -86,5 +85,4 @@ func gracefulShutdown(srv *http.Server, ctx context.Context) { if err := srv.Shutdown(shutdownCtx); err != nil { log.Printf("server shutdown failed: %v", err) } - middleware.StopCleanup() } diff --git a/internal/server/routes.go b/internal/server/routes.go index 83ac140..bf83fb3 100644 --- a/internal/server/routes.go +++ b/internal/server/routes.go @@ -5,6 +5,7 @@ import ( "net/http" "path/filepath" "strings" + "time" "mal/api/anime" "mal/api/auth" @@ -114,12 +115,22 @@ func NewRouter(cfg Config) http.Handler { mux.HandleFunc("/api/watch/episode/", playbackHandler.HandleEpisodeData) mux.HandleFunc("/api/watch/thumbnails/", playbackHandler.HandleEpisodeThumbnails) + authLimiter := pkgmiddleware.NewLimiter(pkgmiddleware.Config{ + MaxAttempts: 5, + Window: time.Minute, + }) + go func() { + for range time.Tick(time.Minute) { + authLimiter.Cleanup(time.Now()) + } + }() + // Auth Endpoints mux.HandleFunc("/login", func(w http.ResponseWriter, r *http.Request) { if r.Method == http.MethodGet { authHandler.HandleLoginPage(w, r) } else { - pkgmiddleware.RateLimitAuth(pkgmiddleware.VerifyOrigin(http.HandlerFunc(authHandler.HandleLogin))).ServeHTTP(w, r) + authLimiter.AuthMiddleware(pkgmiddleware.VerifyOrigin(http.HandlerFunc(authHandler.HandleLogin))).ServeHTTP(w, r) } }) mux.HandleFunc("/logout", authHandler.HandleLogout)