From f5bb1e36980501482368ad863e70f9383c8fd1e1 Mon Sep 17 00:00:00 2001
From: jjikky <kok5417@skuniv.ac.kr>
Date: Sat, 20 Jul 2024 21:31:20 +0900
Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20client=20ip=20=EA=B0=80?=
 =?UTF-8?q?=EC=A0=B8=EC=98=A4=EB=8A=94=20=EB=B0=A9=EB=B2=95=20=EB=B3=80?=
 =?UTF-8?q?=EA=B2=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/common/modules/express/index.js | 5 +++--
 src/common/utils/rateLimit.js       | 4 +++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/common/modules/express/index.js b/src/common/modules/express/index.js
index 8768a02..9adb2ac 100644
--- a/src/common/modules/express/index.js
+++ b/src/common/modules/express/index.js
@@ -100,8 +100,9 @@ module.exports = expressLoader = (app) => {
     // ip 블랙리스트
     app.use(async (req, res, next) => {
         // TODO : PROD 체크 후 삭제
-        const clientIp = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
-        console.log('clientIp: ' + clientIp);
+        const clientIp = req.headers['x-forwarded-for']
+            ? req.headers['x-forwarded-for'].split(',')[0].trim()
+            : req.connection.remoteAddress;
         try {
             const blockTime = await redisClient.get(clientIp);
             if (blockTime && blockTime > Date.now()) {
diff --git a/src/common/utils/rateLimit.js b/src/common/utils/rateLimit.js
index 719ceb6..fa76efc 100644
--- a/src/common/utils/rateLimit.js
+++ b/src/common/utils/rateLimit.js
@@ -7,7 +7,9 @@ exports.commonLimiter = rateLimit({
     windowMs: 60 * 1000, // 1분 간격
     max: 200, // windowMs동안 최대 호출 횟수
     handler: async (req, res) => {
-        const clientIp = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
+        const clientIp = req.headers['x-forwarded-for']
+            ? req.headers['x-forwarded-for'].split(',')[0].trim()
+            : req.connection.remoteAddress;
         try {
             await redisClient.set(clientIp, Date.now() + BLOCK_DURATION);
             // 1시간 후 제거