feat(api): ✨ handle getting request ip through proxy

routes/api/magiclink/index.ts

@@ -44,7 +44,7 @@ export const handler: SessionHandlers = {
 		// save token to session
 		ctx.state.session.flash<MagicLinkInfos>(`MAGIC_LINK__${token}`, {
 			email,
-			remoteId: remoteId(ctx),
+			remoteId: remoteId(request, ctx),
 			timestamp: Date.now(),
 		})
 
@@ -69,7 +69,7 @@ export const handler: SessionHandlers = {
 			)
 		}
 	},
-	async GET(_request, ctx) {
+	async GET(request, ctx) {
 		const token = ctx.url.searchParams.get('token')
 		const redirect = ctx.url.searchParams.get('redirect')
 
@@ -87,7 +87,7 @@ export const handler: SessionHandlers = {
 		}
 
 		// check remote id (same user/machine that has query the token)
-		if (entry.remoteId === remoteId(ctx)) {
+		if (entry.remoteId === remoteId(request, ctx)) {
 			const user = await getUserByMail(entry.email)
 			ctx.state.session.set('user', user)
 
@@ -109,8 +109,16 @@ export const handler: SessionHandlers = {
 }
 
 function remoteId(
+	{ headers }: { headers: Headers },
 	{ remoteAddr }: { remoteAddr: FreshContext['remoteAddr'] },
 ): string {
+	const forwardedAddress = headers.get('X-FORWARDED-FOR')
+	const forwardedProto = headers.get('X-FORWARDED-PROTO')
+
+	if (forwardedAddress && forwardedProto) {
+		return `${forwardedProto}://${forwardedAddress}`
+	}
+
 	return `(${remoteAddr.transport}):${remoteAddr.hostname}:${remoteAddr.port}`
 }