From e1f32cec131ba2bd8c07946d34c07b288ec27468 Mon Sep 17 00:00:00 2001
From: Patrick Britton <admin@pbritton.dev>
Date: Mon, 16 Feb 2026 22:44:17 -0600
Subject: [PATCH] fix: move ALTCHA challenge endpoint outside rate limiting
 middleware

- Separate ALTCHA challenge from rate-limited auth group
- Register ALTCHA challenge directly on v1 router
- This should resolve the route registration issue
---
 go-backend/cmd/api/main.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/go-backend/cmd/api/main.go b/go-backend/cmd/api/main.go
index a18ea7c..6b846b4 100644
--- a/go-backend/cmd/api/main.go
+++ b/go-backend/cmd/api/main.go
@@ -250,7 +250,6 @@ func main() {
 		}
 
 		auth := v1.Group("/auth")
-		auth.Use(middleware.RateLimit(0.5, 3))
 		{
 			auth.POST("/register", authHandler.Register)
 			auth.POST("/signup", authHandler.Register)
@@ -260,9 +259,11 @@ func main() {
 			auth.GET("/verify", authHandler.VerifyEmail)
 			auth.POST("/forgot-password", authHandler.ForgotPassword)
 			auth.POST("/reset-password", authHandler.ResetPassword)
-			auth.GET("/altcha-challenge", authHandler.GetAltchaChallenge)
 		}
 
+		// ALTCHA challenge endpoint (no rate limiting)
+		v1.GET("/auth/altcha-challenge", authHandler.GetAltchaChallenge)
+
 		authorized := v1.Group("")
 		authorized.Use(middleware.AuthMiddleware(cfg.JWTSecret, dbPool))
 		{