Summary

Added middleware to extract real client IP addresses from proxy headers, with support for Cloudflare's CF-Connecting-IP and common X-Real-IP headers.

Changes

• New middleware: server/src/middleware/ipMiddleware.js

  • Extracts real client IP from headers in priority order:
    1. CF-Connecting-IP (Cloudflare)
    2. X-Real-IP (Common proxy header)
    3. X-Forwarded-For (Standard proxy header)
    4. Connection remote address (fallback)
    5. Express default IP (final fallback)
  • Handles IPv6-mapped IPv4 addresses cleanup
  • Sets req.realIp on request object

• Updated main application (server/src/app.js):

  • Added Express proxy trust configuration
  • Integrated IP extraction middleware
  • Updated request logging to use real IP addresses

Benefits

• Proper IP detection behind proxies, CDNs, and load balancers
• More accurate rate limiting based on actual client IPs
• Better security logging and monitoring
• Cloudflare compatibility out of the box

Testing

The middleware automatically detects and uses the most reliable IP source available from the request headers and connection information.