From 44db6195f63f92c015de312141a5da930d9279e2 Mon Sep 17 00:00:00 2001
From: Erik Silva <erik@stackbyte.cloud>
Date: Tue, 9 Dec 2025 02:04:10 -0300
Subject: [PATCH] fix: increase rate limit for dev (30 attempts/min)

---
 backend/internal/config/config.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/backend/internal/config/config.go b/backend/internal/config/config.go
index 262837f..a142904 100644
--- a/backend/internal/config/config.go
+++ b/backend/internal/config/config.go
@@ -53,6 +53,12 @@ func Load() *Config {
 		baseDomain = "aggios.app"
 	}
 
+	// Rate limit: more lenient in dev, strict in prod
+	maxAttempts := 30
+	if env == "production" {
+		maxAttempts = 5
+	}
+
 	return &Config{
 		Server: ServerConfig{
 			Port: getEnvOrDefault("SERVER_PORT", "8080"),
@@ -81,7 +87,7 @@ func Load() *Config {
 				"https://dash.aggios.app",
 				"https://www.aggios.app",
 			},
-			MaxAttemptsPerMin: 5,
+			MaxAttemptsPerMin: maxAttempts,
 			PasswordMinLength: 8,
 		},
 	}