When the backend runs behind a Kubernetes ingress/reverse proxy, the
X-Forwarded-For headers cause express-rate-limit to throw errors:
ERR_ERL_UNEXPECTED_X_FORWARDED_FOR
This was causing all registration and login attempts to fail with HTTP 400.
Changes:
- Added app.set('trust proxy', 1) to trust first proxy
- Added validate: { trustProxy: false } to rate limiters to disable
strict X-Forwarded-For validation
This allows the rate limiter to work correctly with proxy headers from
the HAProxy ingress controller while still providing rate limiting based
on client IP.
Result:
- Registration endpoint now works: POST /api/auth/register returns JWT token
- Login should work similarly
- Rate limiting still active but compatible with ingress
Tested: curl registration via ingress returns success and JWT token
🤖 Generated with AI Assistant
Co-Authored-By: AI Assistant <noreply@ai-assistant.com>
b5ee7571c9