From e840a9baf47f47bd533fca96ae341b0f4b1196cf Mon Sep 17 00:00:00 2001
From: Anhgelus Morhtuuzh <william@herges.fr>
Date: Fri, 2 Jan 2026 15:42:05 +0100
Subject: feat(backend): clean rate limit

---
 backend/router.go | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

(limited to 'backend/router.go')

diff --git a/backend/router.go b/backend/router.go
index 3928119..60223d3 100644
--- a/backend/router.go
+++ b/backend/router.go
@@ -98,25 +98,29 @@ func NewRouter(debug bool, cfg *Config, db *sql.DB, assets fs.FS) *chi.Mux {
 	// login
 	r.Use(func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			_, pass, ok := r.BasicAuth()
 			ctx := r.Context()
+			if isRateLimited(ctx) {
+				http.Error(w, "Too many requests", http.StatusTooManyRequests)
+				return
+			}
+			_, pass, ok := r.BasicAuth()
 			if ok {
-				if handleTimeout(ctx) {
-					http.Error(w, "Too many requests", http.StatusTooManyRequests)
-					return
-				}
 				cfg := ctx.Value(configKey).(*Config)
 				passHash := sha256.Sum256([]byte(pass))
 				rightPassHash := sha256.Sum256([]byte(cfg.AdminPassword))
 				ok = subtle.ConstantTimeCompare(passHash[:], rightPassHash[:]) == 1
 				if ok {
-					resetTimeout(ctx)
+					resetRateLimit(ctx)
+				} else if rateLimit(ctx) {
+					http.Error(w, "Too many requests", http.StatusTooManyRequests)
+					return
 				}
 			}
 			ctx = context.WithValue(ctx, loginKey, ok)
 			next.ServeHTTP(w, r.WithContext(ctx))
 		})
 	})
+	// stats
 	r.Use(func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			next.ServeHTTP(w, r)
-- 
cgit v1.2.3