diff --git a/src/common/modules/express/index.js b/src/common/modules/express/index.js index 8768a02..9adb2ac 100644 --- a/src/common/modules/express/index.js +++ b/src/common/modules/express/index.js @@ -100,8 +100,9 @@ module.exports = expressLoader = (app) => { // ip 블랙리스트 app.use(async (req, res, next) => { // TODO : PROD 체크 후 삭제 - const clientIp = req.headers['x-forwarded-for'] || req.connection.remoteAddress; - console.log('clientIp: ' + clientIp); + const clientIp = req.headers['x-forwarded-for'] + ? req.headers['x-forwarded-for'].split(',')[0].trim() + : req.connection.remoteAddress; try { const blockTime = await redisClient.get(clientIp); if (blockTime && blockTime > Date.now()) { diff --git a/src/common/utils/rateLimit.js b/src/common/utils/rateLimit.js index 719ceb6..fa76efc 100644 --- a/src/common/utils/rateLimit.js +++ b/src/common/utils/rateLimit.js @@ -7,7 +7,9 @@ exports.commonLimiter = rateLimit({ windowMs: 60 * 1000, // 1분 간격 max: 200, // windowMs동안 최대 호출 횟수 handler: async (req, res) => { - const clientIp = req.headers['x-forwarded-for'] || req.connection.remoteAddress; + const clientIp = req.headers['x-forwarded-for'] + ? req.headers['x-forwarded-for'].split(',')[0].trim() + : req.connection.remoteAddress; try { await redisClient.set(clientIp, Date.now() + BLOCK_DURATION); // 1시간 후 제거