fix: use full IP for userId to prevent quota collision (#400)

* fix: use full IP for userId to prevent quota collision - Remove .slice(0, 8) from base64 encoded IP - Each IP now has unique userId (no /16 collision) - Affects: quota tracking, Langfuse tracing * refactor: extract getUserIdFromRequest to shared utility - Create lib/user-id.ts with shared function - Fix misleading 'privacy' comment (base64 is not privacy) - Remove duplicate code from chat and log-feedback routes
2026-01-02 14:22:28 +08:00 · 2025-12-25 12:20:46 +09:00
parent d2e5afb298
commit ed069afdea
3 changed files with 18 additions and 14 deletions
--- a/lib/user-id.ts
+++ b/lib/user-id.ts
@@ -0,0 +1,12 @@
+/**
+ * Generate a userId from request for tracking purposes.
+ * Uses base64url encoding of IP for URL-safe identifier.
+ * Note: base64 is reversible - this is NOT privacy protection.
+ */
+export function getUserIdFromRequest(req: Request): string {
+    const forwardedFor = req.headers.get("x-forwarded-for")
+    const rawIp = forwardedFor?.split(",")[0]?.trim() || "anonymous"
+    return rawIp === "anonymous"
+        ? rawIp
+        : `user-${Buffer.from(rawIp).toString("base64url")}`
+}