Fix ratelimiter IP check

index.js

@@ -22,14 +22,20 @@ app.use(bodyParser.urlencoded({ extended: true }));
 const cookieParser = require('cookie-parser');
 app.use(cookieParser());
 // -- Rate limiting
-const { rateLimit } = require('express-rate-limit')
+const { rateLimit } = require('express-rate-limit');
 const limiter = rateLimit({
     windowMs: 10 * 60 * 1000, // 15 minutes
-	limit: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes).
+    limit: 500, // Limit each IP to 100 requests per `window` (here, per 15 minutes).
     standardHeaders: 'draft-8', // draft-6: `RateLimit-*` headers; draft-7 & draft-8: combined `RateLimit` header
     legacyHeaders: false, // Disable the `X-RateLimit-*` headers.
-	// store: ... , // Redis, Memcached, etc. See below.
-})
+    keyGenerator: (req) => {
+        const forwarded = req.headers["x-forwarded-for"]?.split(",")[0]; // Take the first IP in the list
+        const ip = forwarded || req.ip; // Fallback to req.ip
+        return ip.includes(":") ? ip.split(":")[0] : ip; // Remove port if present
+    }
+});
+app.set('trust proxy', true);
+app.use(limiter);
 
 // Authentication
 const { signup, login, logout, resetPassword } = require('./auth/authEmail.js');