ip based rate limiting and max cap avoiding negatives.

2025-03-25 14:57:17 +00:00
parent 0b93fd75dd
commit 1ee4ceba0e
1 changed files with 13 additions and 0 deletions
--- a/handlers/results.go
+++ b/handlers/results.go
@@ -4,6 +4,7 @@ import (
 	"database/sql"
 	"html/template"
 	"log"
+	"net"
 	"net/http"
 	"regexp"
 	"sort"
@@ -14,6 +15,14 @@ import (

 func ResultsThunderball(db *sql.DB) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
+		ip, _, _ := net.SplitHostPort(r.RemoteAddr)
+		limiter := helpers.GetVisitorLimiter(ip)
+
+		if !limiter.Allow() {
+			http.Error(w, "Rate limit exceeded", http.StatusTooManyRequests)
+			return
+		}
+
 		const pageSize = 20
 		page := 1
 		offset := 0
@@ -54,6 +63,10 @@ func ResultsThunderball(db *sql.DB) http.HandlerFunc {
 		}

 		totalPages, totalResults := helpers.GetTotalPages(db, "results_thunderball", whereClause, args, pageSize)
+		if page < 1 || page > totalPages {
+			http.NotFound(w, r)
+			return
+		}

 		querySQL := `
 			SELECT id, draw_date, machine, ballset, ball1, ball2, ball3, ball4, ball5, thunderball