diff --git a/src/app/api/admin/auth/route.ts b/src/app/api/admin/auth/route.ts
index 6f85e59..f4adb9c 100644
--- a/src/app/api/admin/auth/route.ts
+++ b/src/app/api/admin/auth/route.ts
@@ -20,10 +20,11 @@ export async function POST(request: Request) {
       return NextResponse.json({ error: "Username and password required" }, { status: 400 });
     }
 
+    const isSignup = action === "signup";
+
     // Rate limiting - enable via RATE_LIMIT_ENABLED env var
     if (process.env.RATE_LIMIT_ENABLED !== "false") {
       const ip = getClientIp(request);
-      const isSignup = action === "signup";
       const rateLimitResult = await rateLimit(
         getRateLimitKey(isSignup ? "admin-signup" : "admin-signin", ip),
         { max: isSignup ? 3 : 5, windowSec: isSignup ? 3600 : 900 }