From 7868df1abc0744df1639bc8a38bc7a3d2b0c8dcd Mon Sep 17 00:00:00 2001
From: Adolfo Reyna <aeroreyna@gmail.com>
Date: Fri, 21 Feb 2025 22:58:18 -0500
Subject: [PATCH] Fix ratelimiter IP check

---
 index.js | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/index.js b/index.js
index 8e5c512..b6021c4 100644
--- a/index.js
+++ b/index.js
@@ -22,14 +22,20 @@ app.use(bodyParser.urlencoded({ extended: true }));
 const cookieParser = require('cookie-parser');
 app.use(cookieParser());
 // -- Rate limiting
-const { rateLimit } = require('express-rate-limit')
+const { rateLimit } = require('express-rate-limit');
 const limiter = rateLimit({
-	windowMs: 10 * 60 * 1000, // 15 minutes
-	limit: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes).
-	standardHeaders: 'draft-8', // draft-6: `RateLimit-*` headers; draft-7 & draft-8: combined `RateLimit` header
-	legacyHeaders: false, // Disable the `X-RateLimit-*` headers.
-	// store: ... , // Redis, Memcached, etc. See below.
-})
+    windowMs: 10 * 60 * 1000, // 15 minutes
+    limit: 500, // Limit each IP to 100 requests per `window` (here, per 15 minutes).
+    standardHeaders: 'draft-8', // draft-6: `RateLimit-*` headers; draft-7 & draft-8: combined `RateLimit` header
+    legacyHeaders: false, // Disable the `X-RateLimit-*` headers.
+    keyGenerator: (req) => {
+        const forwarded = req.headers["x-forwarded-for"]?.split(",")[0]; // Take the first IP in the list
+        const ip = forwarded || req.ip; // Fallback to req.ip
+        return ip.includes(":") ? ip.split(":")[0] : ip; // Remove port if present
+    }
+});
+app.set('trust proxy', true);
+app.use(limiter);
 
 // Authentication
 const { signup, login, logout, resetPassword } = require('./auth/authEmail.js');