fix(ratelimit): block on 5th attempt not 6th

This commit is contained in:
2026-04-22 10:49:03 +02:00
parent e4cff38773
commit 621d4e1bf1

View File

@@ -76,8 +76,8 @@ func RateLimitAuth(next http.Handler) http.Handler {
v.lastSeen = time.Now()
}
// If more than 5 attempts within a minute, block
if exists && v.attempts > 5 {
// If 5 or more attempts within a minute, block
if exists && v.attempts >= 5 {
mu.Unlock()
if strings.HasPrefix(r.URL.Path, "/") {
http.Redirect(w, r, fmt.Sprintf("%s?error=rate_limited", r.URL.Path), http.StatusFound)