From 73c7d006c774afd47cd0944ad1d117a6599bcf72 Mon Sep 17 00:00:00 2001
From: Ruslan <ruslan@ipcom.su>
Date: Thu, 14 May 2026 07:33:49 +0000
Subject: [PATCH] Fix _get_real_ip: use X-Real-IP from NPM instead of
 X-Forwarded-For

---
 app/main.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/main.py b/app/main.py
index 759e40e..f020ab8 100644
--- a/app/main.py
+++ b/app/main.py
@@ -67,10 +67,12 @@ logger = logging.getLogger("portal")
 templates = Jinja2Templates(directory="templates")
 
 def _get_real_ip(request) -> str:
-    """Return real client IP, accounting for NPM → app proxy chain."""
+    """Return real client IP. NPM sets X-Real-IP to the actual client IP."""
+    real_ip = request.headers.get("x-real-ip", "").strip()
+    if real_ip:
+        return real_ip
     forwarded_for = request.headers.get("x-forwarded-for", "")
     if forwarded_for:
-        # X-Forwarded-For: client, proxy1, proxy2 — take leftmost (real client)
         return forwarded_for.split(",")[0].strip()
     return request.client.host if request.client else "unknown"