refactor: improve IP handling in backend and frontend

Pdzly · Pdzly · commit 738628c124d3 · 2026-01-10T00:18:46.000+01:00
- Fixed logging to correctly display split IP in backend middleware.
- Added `isPrivateIP` utility in frontend for private IP detection.
- Updated frontend logic to filter out private IPs when determining public IPs.
diff --git a/backend/app/api/middlewares.py b/backend/app/api/middlewares.py
@@ -26,7 +26,7 @@ def get_ip_address(self, request: Request) -> ipaddress.IPv4Address | ipaddress.
             validated_ip = validate_ip_address(split_ip)
             if validated_ip is not None:
                 if validated_ip.is_private:
-                    logging.warning(f"Forwarded Private IP address: {ip}, maybe behind proxy/docker?")
+                    logging.warning(f"Forwarded Private IP address: {split_ip}, maybe behind proxy/docker?")
                 ip = validated_ip
             if validated_ip is None and request.client and request.client.host:
                 try:
diff --git a/frontend/src/lib/utils/ip.ts b/frontend/src/lib/utils/ip.ts
@@ -1,6 +1,32 @@
+function isPrivateIP(ip: string): boolean {
+    // IPv4 private ranges
+    const ipv4PrivateRanges = [
+        /^10\./,                                    // 10.0.0.0/8
+        /^172\.(1[6-9]|2[0-9]|3[0-1])\./,          // 172.16.0.0/12
+        /^192\.168\./,                              // 192.168.0.0/16
+        /^127\./,                                   // 127.0.0.0/8 (loopback)
+        /^169\.254\./,                              // 169.254.0.0/16 (link-local)
+    ];
+
+    // IPv6 private/special addresses
+    const ipv6PrivatePatterns = [
+        /^::1$/i,                                   // loopback
+        /^fc[0-9a-f]{2}:/i,                        // fc00::/7 (unique local)
+        /^fd[0-9a-f]{2}:/i,                        // fd00::/8 (unique local)
+        /^fe[89ab][0-9a-f]:/i,                     // fe80::/10 (link-local)
+    ];
+
+    return ipv4PrivateRanges.some(r => r.test(ip)) || ipv6PrivatePatterns.some(r => r.test(ip));
+}
+
+function getPublicIP(ip: string | null | undefined): string | null {
+    if (!ip) return null;
+    return isPrivateIP(ip) ? null : ip;
+}
+
 export function getUserIpAddress(request: Request, getClientAddress: () => string) {
-    return request.headers.get("cf-connecting-ip") ||
-        request.headers.get("x-real-ip") ||
-        request.headers.get("x-forwarded-for")?.split(",")[0].trim() ||
+    return getPublicIP(request.headers.get("cf-connecting-ip")) ||
+        getPublicIP(request.headers.get("x-real-ip")) ||
+        getPublicIP(request.headers.get("x-forwarded-for")?.split(",")[0].trim()) ||
         getClientAddress();
-}
+}
