From af30843f05cb18b41ed5dc3c195c7d6d5ccb65c9 Mon Sep 17 00:00:00 2001
From: southseact-3d <hetheringtonliam7@gmail.com>
Date: Fri, 13 Feb 2026 11:13:07 +0000
Subject: [PATCH] fix: add missing Map declarations (loginAttempts,
 adminLoginAttempts, apiRateLimit, csrfTokens)

Fixed ReferenceError: apiRateLimit is not defined that was causing
internal server errors on all pages. Added 4 missing Map variable
declarations that are used throughout the codebase for rate limiting
and CSRF protection.
---
 chat/server.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/chat/server.js b/chat/server.js
index b5c17bc..0b63fa7 100644
--- a/chat/server.js
+++ b/chat/server.js
@@ -1565,6 +1565,10 @@ let dodoProductCache = {
   byId: new Map(),
 };
 const userSessions = new Map(); // Track user sessions
+const loginAttempts = new Map(); // { email:ip: { count, windowStart, lockedUntil } }
+const adminLoginAttempts = new Map(); // { ip: { count, windowStart, lockedUntil } }
+const apiRateLimit = new Map(); // { userId: { requests, windowStart } }
+const csrfTokens = new Map(); // { token: { userId, expiresAt } }
 let usersDb = []; // In-memory user database cache
 let invoicesDb = []; // In-memory invoice database cache
 let mailTransport = null;