upaas

History

clawbot ef0786c4b4 fix: extract real client IP from proxy headers (X-Real-IP / X-Forwarded-For) Behind a reverse proxy like Traefik, RemoteAddr always contains the proxy's IP. Add realIP() helper that checks X-Real-IP first, then the first entry of X-Forwarded-For, falling back to RemoteAddr. Update both LoginRateLimit and Logging middleware to use realIP(). Add comprehensive tests for the new function. Fixes #12		2026-02-15 21:14:12 -08:00
..
middleware.go	fix: extract real client IP from proxy headers (X-Real-IP / X-Forwarded-For)	2026-02-15 21:14:12 -08:00
ratelimit_test.go	fix: add eviction for stale IP rate limiter entries and Retry-After header	2026-02-15 21:01:11 -08:00
realip_test.go	fix: extract real client IP from proxy headers (X-Real-IP / X-Forwarded-For)	2026-02-15 21:14:12 -08:00