Refactor getIpAddress function to prioritize original client IP. Update logic to always return the first IP from X-Forwarded-For header instead of the last, ensuring more accurate client identification.

goldflag · goldflag · commit f9b6d19d3d18 · 2025-07-01T09:50:21.000-07:00
diff --git a/server/src/tracker/utils.ts b/server/src/tracker/utils.ts
@@ -126,21 +126,22 @@ export function createBasePayload(
 
 // Helper function to get IP address
 const getIpAddress = (request: FastifyRequest): string => {
+  // Priority 1: Cloudflare header (already validated by CF)
   const cfConnectingIp = request.headers["cf-connecting-ip"];
   if (cfConnectingIp && typeof cfConnectingIp === "string") {
     return cfConnectingIp.trim();
   }
 
+  // Priority 2: X-Forwarded-For - just use the first IP
   const forwardedFor = request.headers["x-forwarded-for"];
   if (forwardedFor && typeof forwardedFor === "string") {
     const ips = forwardedFor
       .split(",")
       .map((ip) => ip.trim())
       .filter(Boolean);
     if (ips.length > 0) {
-      // Return rightmost IP - the last proxy before reaching our server
-      // This is the most trustworthy IP in the chain
-      return ips[ips.length - 1];
+      // Always use the first IP - the original client
+      return ips[0];
     }
   }
 
