From 1ee4ceba0e0d321ec3741923251ce17b95ad4a1b Mon Sep 17 00:00:00 2001
From: H3ALY <ross@healy.xyz>
Date: Tue, 25 Mar 2025 14:57:17 +0000
Subject: [PATCH] ip based rate limiting and max cap avoiding negatives.

---
 handlers/results.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/handlers/results.go b/handlers/results.go
index 91c4be1..18e565a 100644
--- a/handlers/results.go
+++ b/handlers/results.go
@@ -4,6 +4,7 @@ import (
 	"database/sql"
 	"html/template"
 	"log"
+	"net"
 	"net/http"
 	"regexp"
 	"sort"
@@ -14,6 +15,14 @@ import (
 
 func ResultsThunderball(db *sql.DB) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
+		ip, _, _ := net.SplitHostPort(r.RemoteAddr)
+		limiter := helpers.GetVisitorLimiter(ip)
+
+		if !limiter.Allow() {
+			http.Error(w, "Rate limit exceeded", http.StatusTooManyRequests)
+			return
+		}
+
 		const pageSize = 20
 		page := 1
 		offset := 0
@@ -54,6 +63,10 @@ func ResultsThunderball(db *sql.DB) http.HandlerFunc {
 		}
 
 		totalPages, totalResults := helpers.GetTotalPages(db, "results_thunderball", whereClause, args, pageSize)
+		if page < 1 || page > totalPages {
+			http.NotFound(w, r)
+			return
+		}
 
 		querySQL := `
 			SELECT id, draw_date, machine, ballset, ball1, ball2, ball3, ball4, ball5, thunderball