webupdate

backend/config/rateLimiter.js

@@ -14,16 +14,6 @@ const createRateLimiter = (config, limitType = "API") => {
     },
     standardHeaders: true,
     legacyHeaders: false,
-    // Use X-Forwarded-For header from nginx/proxy - properly handle IPv6
-    keyGenerator: (req, res) => {
-      const ip =
-        req.headers["x-forwarded-for"]?.split(",")[0]?.trim() ||
-        req.headers["x-real-ip"] ||
-        req.ip ||
-        req.connection.remoteAddress;
-      // Normalize IPv6 addresses to prevent bypass
-      return ip.includes(":") ? ip.replace(/:/g, "-") : ip;
-    },
     handler: (req, res) => {
       const clientIp =
         req.headers["x-forwarded-for"]?.split(",")[0]?.trim() || req.ip;