From 621d4e1bf18c9750aef0f2a3e32bcfbfc10b1b58 Mon Sep 17 00:00:00 2001 From: mkelvers Date: Wed, 22 Apr 2026 10:49:03 +0200 Subject: [PATCH] fix(ratelimit): block on 5th attempt not 6th --- pkg/middleware/ratelimit.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/middleware/ratelimit.go b/pkg/middleware/ratelimit.go index 7e4b706..24864ff 100644 --- a/pkg/middleware/ratelimit.go +++ b/pkg/middleware/ratelimit.go @@ -76,8 +76,8 @@ func RateLimitAuth(next http.Handler) http.Handler { v.lastSeen = time.Now() } - // If more than 5 attempts within a minute, block - if exists && v.attempts > 5 { + // If 5 or more attempts within a minute, block + if exists && v.attempts >= 5 { mu.Unlock() if strings.HasPrefix(r.URL.Path, "/") { http.Redirect(w, r, fmt.Sprintf("%s?error=rate_limited", r.URL.Path), http.StatusFound)