diff --git a/server/middleware/ip-restriction.js b/server/middleware/ip-restriction.js index a051168..4cd879d 100644 --- a/server/middleware/ip-restriction.js +++ b/server/middleware/ip-restriction.js @@ -153,9 +153,14 @@ class IPRestrictionMiddleware { return next(); } + console.log('🔍 IP Restriction Check - Path:', req.path, 'Method:', req.method); + // Determine tenant const tenantId = await this.multiAuth.determineTenant(req); + console.log('🔍 IP Restriction - Determined tenant:', tenantId); + if (!tenantId) { + console.log('🔍 IP Restriction - No tenant found, skipping IP check'); // No tenant found, continue without IP checking return next(); } @@ -163,19 +168,34 @@ class IPRestrictionMiddleware { // Get tenant configuration const tenant = await Tenant.findOne({ where: { slug: tenantId } }); if (!tenant) { + console.log('🔍 IP Restriction - Tenant not found in database:', tenantId); return next(); } + console.log('🔍 IP Restriction - Tenant config:', { + slug: tenant.slug, + ip_restriction_enabled: tenant.ip_restriction_enabled, + ip_whitelist: tenant.ip_whitelist + }); + // Check if IP restrictions are enabled if (!tenant.ip_restriction_enabled) { + console.log('🔍 IP Restriction - Restrictions disabled for tenant'); return next(); } // Get client IP const clientIP = this.getClientIP(req); + console.log('🔍 IP Restriction - Client IP:', clientIP); + console.log('🔍 IP Restriction - Request headers:', { + 'x-forwarded-for': req.headers['x-forwarded-for'], + 'x-real-ip': req.headers['x-real-ip'], + 'remote-address': req.connection.remoteAddress + }); // Check if IP is allowed const isAllowed = this.isIPAllowed(clientIP, tenant.ip_whitelist); + console.log('🔍 IP Restriction - Is IP allowed:', isAllowed); if (!isAllowed) { console.log(`🚫 IP Access Denied: ${clientIP} attempted to access tenant "${tenantId}"`);