Fix/validation-error

[Shivam107]

Solved the Express 'trust proxy' setting

Fixes: #60

Change In "index.ts" - added configurable TRUST_PROXY handling to app.set("trust proxy", …) so deployments can match proxy chain while defaulting to 1.

Result Rate limiting now sees real client IPs and the warning disappears without code edits per environment.

This image shows the trust proxy config is working.

console.log() - I added this just for testing purpose and now I had removed it

/debug-ip - I added this also just for testing purpose and now I had removed it

Summary by CodeRabbit

• Chores
  • Improved API proxy trust handling: app now reads TRUST_PROXY (boolean, numeric, or string) from the environment with an automatic default, altering runtime proxy-trust behavior to better support proxied/distributed deployments.

[vercel]

@Shivam107 is attempting to deploy a commit to the AJEET PRATAP SINGH's projects Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

Walkthrough

Parses the TRUST_PROXY environment variable (boolean, numeric, or string) and sets Express's "trust proxy" using the parsed value, defaulting to 1 when unspecified. No public API or exported signatures were changed.

Changes

Cohort / File(s)	Summary
Trust proxy configuration apps/api/src/index.ts	Parse TRUST_PROXY from env (supports boolean, numeric, string) and apply via app.set("trust proxy", ...); default fallback to 1. No exported signatures modified.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰
I parsed the proxy truth with care,
A header's whisper floats through air,
The app now knows which roads to trust,
No logs to sweep in dusty crust,
Hopping on—deployments fair.

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title Check	❓ Inconclusive	The PR title "Fix/validation-error" uses generic terminology that lacks specificity about the actual change. While the title does reference fixing a validation error, which is related to the changeset's purpose, it does not clearly convey what validation error is being addressed or what the solution entails. A developer scanning the repository history would not immediately understand that this PR adds configurable trust proxy handling to resolve an X-Forwarded-For header issue in Express. The title falls into the vague/generic category as it uses non-descriptive terms without meaningful information about the changeset.	Consider revising the title to be more specific and descriptive, such as "Add configurable trust proxy handling to fix X-Forwarded-For validation error" or "Configure Express trust proxy to resolve deployment validation warning". This would help teammates quickly understand the primary change without requiring them to read the full PR description.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues Check	✅ Passed	The changes in this PR directly address all primary objectives from linked issue #60. The addition of configurable TRUST_PROXY handling in apps/api/src/index.ts ensures that Express is properly configured to trust the proxy and correctly identify client IPs, which resolves the ValidationError related to the X-Forwarded-For header in deploy logs. The implementation supports environment-specific configuration via the TRUST_PROXY environment variable with a sensible default fallback of 1, eliminating the need for manual per-environment code changes and removing the deploy-time warning. The code changes align with the stated purpose of ensuring rate limiting receives real client IPs while allowing flexible deployment configuration.
Out of Scope Changes Check	✅ Passed	The changes in this PR are entirely within scope and directly related to the objectives specified in linked issue #60. Only apps/api/src/index.ts was modified to add the trust proxy configuration, and no exported/public entity signatures were altered. The PR author notes that temporary testing artifacts (console.log() statements and /debug-ip additions) were removed, indicating the final code contains only the necessary changes to address the issue. No unrelated modifications or technical debt improvements are present in the changeset.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 03bfdfb and a7df756.

📒 Files selected for processing (1)

• apps/api/src/index.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/api/src/index.ts

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Shivam107]

On the previous one the files of both PR's got merged , here i have a file that fixes the exact issue which is mentioned.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a10539e and 03bfdfb.

📒 Files selected for processing (1)

• apps/api/src/index.ts (1 hunks)

🔇 Additional comments (1)

apps/api/src/index.ts (1)

29-29: Good placement of trust proxy configuration.

The trust proxy setting is correctly applied early, before rate limiting and IP blocking middleware that depend on accurate client IP detection. This positioning ensures the X-Forwarded-For header is properly parsed throughout the request lifecycle, resolving the ValidationError from issue #60.

Note: The default of 1 assumes a single proxy hop (common in platforms like Railway, Heroku). Verify this matches your deployment architecture to prevent IP spoofing risks.