zen/core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases Activity

feat(auth): add proxy support and pass ip/user-agent to login

Browse Source 
- add ZEN_TRUST_PROXY env variable in .env.example for reverse proxy config
- replace getClientIp() with getIpFromHeaders() using next/headers for ip resolution
- forward ipAddress and userAgent to login action for session tracking
This commit is contained in:
Hyko
2026-04-24 21:34:35 -04:00
parent f6f2938e3b
commit f46116394c
2 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/features/auth/actions.js
+4 -3
View File
@@ -121,7 +121,8 @@ export async function loginAction(formData) {
const botCheck = validateAntiBotFields(formData);
if (!botCheck.valid) return { success: false, error: botCheck.error };
const ip = await getClientIp();
const h = await headers();
const ip = getIpFromHeaders(h);
const rl = enforceRateLimit(ip, 'login');
if (rl && !rl.allowed) {
return { success: false, error: `Trop de tentatives. Réessayez dans ${formatRetryAfter(rl.retryAfterMs)}.` };
@@ -129,8 +130,8 @@ export async function loginAction(formData) {
const email = formData.get('email');
const password = formData.get('password');
const result = await login({ email, password });
const userAgent = h.get('user-agent') || null;
const result = await login({ email, password }, { ipAddress: ip !== 'unknown' ? ip : null, userAgent });
// An HttpOnly cookie is the only safe transport for session tokens; setting it
// here keeps the token out of any JavaScript-readable response payload.