feat: Add client IP handling across various routes and update API calls to include IP headers

Author: Digital39999

app/root.tsx

@@ -43,13 +43,30 @@ export const meta: MetaFunction = () => {
 };
 
 export const loader = async ({ request }: LoaderFunctionArgs) => {
+	const url = new URL(request.url);
+
+	// Prevent infinite loop: if already on login/logout, don't check auth
+	if (url.pathname === '/login' || url.pathname === '/logout') {
+		return {
+			token: null,
+			user: null,
+			isMobile: isMobileDetect({ ua: request.headers.get('user-agent') || '' }),
+			allowedPlatforms: allowedLoginPlatforms,
+			nullHeader: [
+				{ t: 'board', r: 'routes/groups.$groupId.$categoryId.$boardId._index' },
+				{ t: 'calendar', r: 'routes/groups.$groupId.calendar._index' },
+			] as SidebarObject[],
+		};
+	}
+
 	let data: CachedResponse;
 
 	try {
 		data = await getCachedUser(request);
 		if (data?.data?.status === 401) throw new Error('Unauthorized.');
 	} catch {
-		return authenticator.logout(request, { redirectTo: '/' });
+		// Redirect to logout which will clear session and redirect to login
+		return authenticator.logout(request, { redirectTo: '/login' });
 	}
 
 	return {
@@ -64,6 +81,11 @@ export const loader = async ({ request }: LoaderFunctionArgs) => {
 	};
 };
 
+// Prevent root loader from revalidating on every navigation
+export function shouldRevalidate() {
+	return false;
+}
+
 export default function App() {
 	const { user, token, nullHeader, isMobile, allowedPlatforms } = useLoaderData<typeof loader>();
 

app/routes/_index.tsx

@@ -1,13 +1,16 @@
+import { getIpHeaders, makeResponse } from '~/utils/functions.server';
 import { LoaderFunctionArgs, redirect } from '@remix-run/node';
-import { makeResponse } from '~/utils/functions.server';
 import { authenticator } from '~/utils/auth.server';
 import { api } from '~/utils/web.server';
 
 export const loader = async ({ request }: LoaderFunctionArgs) => {
 	const token = await authenticator.isAuthenticated(request);
 	if (!token) return redirect('/login');
 
-	const DBGroups = await api?.groups.getGroups({ auth: token });
+	const ipHeaders = getIpHeaders(request);
+	if (!ipHeaders) throw makeResponse(null, 'Failed to get client IP.');
+
+	const DBGroups = await api?.groups.getGroups({ auth: token, headers: ipHeaders });
 	if (!DBGroups || 'error' in DBGroups) throw makeResponse(DBGroups, 'Failed to get groups.');
 
 	const defaultGroup = DBGroups.data.find((group) => group.isDefault);

app/routes/admin.rooms._index.tsx

@@ -1,5 +1,5 @@
 import { VStack, Box, Divider, Flex, Text, HStack, Avatar, AvatarGroup, Tooltip } from '@chakra-ui/react';
-import { makeResponse } from '~/utils/functions.server';
+import { getIpHeaders, makeResponse } from '~/utils/functions.server';
 import { LoaderFunctionArgs } from '@remix-run/node';
 import { IconLinkButton } from '~/components/Button';
 import { authenticator } from '~/utils/auth.server';
@@ -27,10 +27,13 @@ export const loader = async ({ request }: LoaderFunctionArgs) => {
 	const token = await authenticator.isAuthenticated(request);
 	if (!token) throw makeResponse(null, 'You are not authorized to view this page.');
 
-	const DBRooms = await api?.admin.getActiveRooms({ auth: token });
+	const ipHeaders = getIpHeaders(request);
+	if (!ipHeaders) throw makeResponse(null, 'Failed to get client IP.');
+
+	const DBRooms = await api?.admin.getActiveRooms({ auth: token, headers: ipHeaders });
 	if (!DBRooms || !('data' in DBRooms)) throw new Response(null, { status: 500, statusText: 'Failed to fetch rooms data.' });
 
-	const DBGroups = await api?.groups.getAllSorted({ auth: token });
+	const DBGroups = await api?.groups.getAllSorted({ auth: token, headers: ipHeaders });
 	if (!DBGroups || 'error' in DBGroups) throw makeResponse(DBGroups, 'Failed to get boards.');
 
 	const allBoards = DBGroups.data.flatMap((group) => group.categories.flatMap((category) => category.boards.map((board) => ({

app/routes/admin.users._index.tsx

@@ -1,7 +1,7 @@
 import { VStack, Box, Flex, Text, Avatar, IconButton, Modal, ModalOverlay, ModalContent, ModalHeader, ModalCloseButton, ModalBody, ModalFooter, Button, useColorMode, Badge, HStack, Divider, useToast, FormControl, FormLabel, Input, Tooltip } from '@chakra-ui/react';
 import { FaClipboard, FaEye, FaFolder, FaLock, FaPen, FaQuestionCircle, FaTools, FaTrash, FaUnlock, FaUserPlus, FaUsers } from 'react-icons/fa';
+import { getIpHeaders, makeResObject, makeResponse, securityUtils } from '~/utils/functions.server';
 import { getAll, GrantedEntry, PermUser, ResourceType } from '@excali-boards/boards-api-client';
-import { makeResObject, makeResponse, securityUtils } from '~/utils/functions.server';
 import { FetcherWithComponents, useFetcher, useLoaderData } from '@remix-run/react';
 import { firstToUpperCase, getGrantInfo, getRoleColor } from '~/other/utils';
 import { ActionFunctionArgs, LoaderFunctionArgs } from '@remix-run/node';
@@ -20,20 +20,23 @@ export const loader = async ({ request }: LoaderFunctionArgs) => {
 	if (!token) throw makeResponse(null, 'You are not authorized to view this page.');
 	if (!api) throw makeResponse(null, 'API client not initialized.');
 
-	const DBUsers = await getAll((page, limit) => api!.admin.getUsers({ auth: token, page, limit }));
+	const ipHeaders = getIpHeaders(request);
+	if (!ipHeaders) throw makeResponse(null, 'Failed to get client IP.');
+
+	const DBUsers = await getAll((page, limit) => api!.admin.getUsers({ auth: token, page, limit, headers: ipHeaders }));
 	if (!DBUsers || 'error' in DBUsers) throw makeResponse(DBUsers, 'Failed to get users.');
 
 	const userIds = DBUsers.data.data.map((user) => user.userId);
-	const allPermissions = await api?.permissions.viewAllPermissions({ auth: token, userIds });
-	if (!allPermissions || 'error' in allPermissions) throw makeResponse(allPermissions, 'Failed to get user permissions.');
+	const DBAllPermissions = await api?.permissions.viewAllPermissions({ auth: token, userIds, headers: ipHeaders });
+	if (!DBAllPermissions || 'error' in DBAllPermissions) throw makeResponse(DBAllPermissions, 'Failed to get user permissions.');
 
 	const findInviter = (invitedByUserId: string | null) => {
 		if (!invitedByUserId) return null;
 		return DBUsers.data.data.find((u) => u.userId === invitedByUserId) || null;
 	};
 
 	return {
-		userPermissions: allPermissions.data,
+		userPermissions: DBAllPermissions.data,
 		allUsers: DBUsers.data.data.map((user) => {
 			const inviter = findInviter(user.invitedBy);
 			return {
@@ -61,6 +64,9 @@ export const action = async ({ request }: ActionFunctionArgs) => {
 	const formData = await request.formData();
 	const type = formData.get('type') as string;
 
+	const ipHeaders = getIpHeaders(request);
+	if (!ipHeaders) return makeResObject(null, 'Failed to get client IP.');
+
 	switch (type) {
 		case 'revokePermission': {
 			const userId = formData.get('userId') as string;
@@ -72,7 +78,7 @@ export const action = async ({ request }: ActionFunctionArgs) => {
 			}
 
 			const result = await api?.permissions.revokePermissions({
-				auth: token,
+				auth: token, headers: ipHeaders,
 				body: { userId, resourceType: resourceType as ResourceType, resourceId },
 			});
 
@@ -85,7 +91,7 @@ export const action = async ({ request }: ActionFunctionArgs) => {
 			if (!userId || !newUsername) return { status: 400, error: 'Missing required fields.' };
 
 			const result = await api?.users.updateUser({
-				auth: token, userId,
+				auth: token, userId, headers: ipHeaders,
 				body: { displayName: newUsername },
 			});
 
@@ -95,7 +101,7 @@ export const action = async ({ request }: ActionFunctionArgs) => {
 			const userId = formData.get('userId') as string;
 			if (!userId) return { status: 400, error: 'Invalid user id.' };
 
-			const result = await api?.users.deleteAccount({ auth: token, userId });
+			const result = await api?.users.deleteAccount({ auth: token, userId, headers: ipHeaders });
 			return makeResObject(result, 'Failed to delete user.');
 		}
 		default: {

app/routes/all._index.tsx

@@ -1,7 +1,7 @@
 import { Flex, VStack, Accordion, AccordionItem, AccordionButton, AccordionPanel, Box, Text, Divider, AccordionIcon, Badge, useColorMode } from '@chakra-ui/react';
 import { formatBytes, formatRelativeTime, getCardDeletionTime } from '~/other/utils';
+import { getIpHeaders, makeResponse } from '~/utils/functions.server';
 import { Container } from '~/components/layout/Container';
-import { makeResponse } from '~/utils/functions.server';
 import { LoaderFunctionArgs } from '@remix-run/node';
 import { IconLinkButton } from '~/components/Button';
 import { authenticator } from '~/utils/auth.server';
@@ -17,7 +17,10 @@ export const loader = async ({ request }: LoaderFunctionArgs) => {
 	const token = await authenticator.isAuthenticated(request);
 	if (!token) throw makeResponse(null, 'You are not authorized to view this page.');
 
-	const DBResources = await api?.groups.getAllSorted({ auth: token });
+	const ipHeaders = getIpHeaders(request);
+	if (!ipHeaders) throw makeResponse(null, 'Failed to get client IP.');
+
+	const DBResources = await api?.groups.getAllSorted({ auth: token, headers: ipHeaders });
 	if (!DBResources || 'error' in DBResources) throw makeResponse(DBResources, 'Failed to get groups.');
 
 	return DBResources.data.map((group) => ({

app/routes/analytics.$groupId.$categoryId.$boardId._index.tsx

@@ -1,10 +1,10 @@
 import { VStack, Box, Divider, Text, Table, Thead, Tbody, Tr, Th, Td, Avatar, Flex, useColorMode, useBreakpointValue } from '@chakra-ui/react';
 import { formatRelativeTime, formatTime, time, validateParams } from '~/other/utils';
 import { PieChart, Pie, Cell, ResponsiveContainer, Tooltip } from 'recharts';
+import { getIpHeaders, makeResponse } from '~/utils/functions.server';
 import { CustomTooltip } from '~/components/analytics/CustomTooltip';
 import { StatGrid } from '~/components/analytics/StatGrid';
 import { Container } from '~/components/layout/Container';
-import { makeResponse } from '~/utils/functions.server';
 import { LoaderFunctionArgs } from '@remix-run/node';
 import { authenticator } from '~/utils/auth.server';
 import MenuBar from '~/components/layout/MenuBar';
@@ -19,17 +19,20 @@ export const loader = async ({ request, params }: LoaderFunctionArgs) => {
 	const token = await authenticator.isAuthenticated(request);
 	if (!token) throw makeResponse(null, 'You are not authorized to view this page.');
 
-	const DBBoard = await api?.boards.getBoard({ auth: token, boardId, categoryId, groupId });
+	const ipHeaders = getIpHeaders(request);
+	if (!ipHeaders) throw makeResponse(null, 'Failed to get client IP.');
+
+	const DBBoard = await api?.boards.getBoard({ auth: token, boardId, categoryId, groupId, headers: ipHeaders });
 	if (!DBBoard || 'error' in DBBoard) throw makeResponse(DBBoard, 'Failed to get board.');
 
-	const analytics = await api?.analytics.getBoardAnalytics({ auth: token, boardId, categoryId, groupId });
-	if (!analytics || 'error' in analytics) throw makeResponse(analytics, 'Failed to get board analytics.');
+	const DBAnalytics = await api?.analytics.getBoardAnalytics({ auth: token, boardId, categoryId, groupId, headers: ipHeaders });
+	if (!DBAnalytics || 'error' in DBAnalytics) throw makeResponse(DBAnalytics, 'Failed to get board analytics.');
 
 	return {
 		board: DBBoard.data.board,
 		category: DBBoard.data.category,
 		group: DBBoard.data.group,
-		analytics: analytics.data,
+		analytics: DBAnalytics.data,
 	};
 };
 

app/routes/analytics.$groupId.$categoryId._index.tsx

@@ -1,10 +1,10 @@
 import { VStack, Box, Divider, Text, Table, Thead, Tbody, Tr, Th, Td, Avatar, Flex, useColorMode, useBreakpointValue } from '@chakra-ui/react';
 import { formatRelativeTime, formatTime, validateParams } from '~/other/utils';
 import { PieChart, Pie, Cell, ResponsiveContainer, Tooltip } from 'recharts';
+import { getIpHeaders, makeResponse } from '~/utils/functions.server';
 import { CustomTooltip } from '~/components/analytics/CustomTooltip';
 import { StatGrid } from '~/components/analytics/StatGrid';
 import { Container } from '~/components/layout/Container';
-import { makeResponse } from '~/utils/functions.server';
 import { BoardMapType, MapType } from '~/other/types';
 import { LoaderFunctionArgs } from '@remix-run/node';
 import { authenticator } from '~/utils/auth.server';
@@ -20,19 +20,22 @@ export const loader = async ({ request, params }: LoaderFunctionArgs) => {
 	const token = await authenticator.isAuthenticated(request);
 	if (!token) throw makeResponse(null, 'You are not authorized to view this page.');
 
-	const DBGroup = await api?.groups.getGroup({ auth: token, groupId });
+	const ipHeaders = getIpHeaders(request);
+	if (!ipHeaders) throw makeResponse(null, 'Failed to get client IP.');
+
+	const DBGroup = await api?.groups.getGroup({ auth: token, groupId, headers: ipHeaders });
 	if (!DBGroup || 'error' in DBGroup) throw makeResponse(DBGroup, 'Failed to get group.');
 
-	const category = DBGroup.data.categories.find(c => c.id === categoryId);
+	const category = DBGroup.data.categories.find((c) => c.id === categoryId);
 	if (!category) throw makeResponse(null, 'Category not found.');
 
-	const analytics = await api?.analytics.getCategoryAnalytics({ auth: token, categoryId, groupId });
-	if (!analytics || 'error' in analytics) throw makeResponse(analytics, 'Failed to get category analytics.');
+	const DBAnalytics = await api?.analytics.getCategoryAnalytics({ auth: token, categoryId, groupId, headers: ipHeaders });
+	if (!DBAnalytics || 'error' in DBAnalytics) throw makeResponse(DBAnalytics, 'Failed to get category analytics.');
 
 	return {
 		group: DBGroup.data.group,
 		category,
-		analytics: analytics.data,
+		analytics: DBAnalytics.data,
 	};
 };
 

app/routes/analytics.$groupId._index.tsx

@@ -1,10 +1,10 @@
 import { VStack, Box, Divider, Text, Table, Thead, Tbody, Tr, Th, Td, Avatar, Flex, useColorMode, useBreakpointValue } from '@chakra-ui/react';
 import { formatRelativeTime, formatTime, time, validateParams } from '~/other/utils';
 import { PieChart, Pie, Cell, ResponsiveContainer, Tooltip } from 'recharts';
+import { getIpHeaders, makeResponse } from '~/utils/functions.server';
 import { CustomTooltip } from '~/components/analytics/CustomTooltip';
 import { StatGrid } from '~/components/analytics/StatGrid';
 import { Container } from '~/components/layout/Container';
-import { makeResponse } from '~/utils/functions.server';
 import { BoardMapType, MapType } from '~/other/types';
 import { LoaderFunctionArgs } from '@remix-run/node';
 import { authenticator } from '~/utils/auth.server';
@@ -20,15 +20,18 @@ export const loader = async ({ request, params }: LoaderFunctionArgs) => {
 	const token = await authenticator.isAuthenticated(request);
 	if (!token) throw makeResponse(null, 'You are not authorized to view this page.');
 
-	const DBGroup = await api?.groups.getGroup({ auth: token, groupId });
+	const ipHeaders = getIpHeaders(request);
+	if (!ipHeaders) throw makeResponse(null, 'Failed to get client IP.');
+
+	const DBGroup = await api?.groups.getGroup({ auth: token, groupId, headers: ipHeaders });
 	if (!DBGroup || 'error' in DBGroup) throw makeResponse(DBGroup, 'Failed to get group.');
 
-	const analytics = await api?.analytics.getGroupAnalytics({ auth: token, groupId });
-	if (!analytics || 'error' in analytics) throw makeResponse(analytics, 'Failed to get group analytics.');
+	const DBAnalytics = await api?.analytics.getGroupAnalytics({ auth: token, groupId, headers: ipHeaders });
+	if (!DBAnalytics || 'error' in DBAnalytics) throw makeResponse(DBAnalytics, 'Failed to get group analytics.');
 
 	return {
 		group: DBGroup.data.group,
-		analytics: analytics.data,
+		analytics: DBAnalytics.data,
 	};
 };
 

app/routes/analytics._index.tsx

@@ -1,9 +1,9 @@
 import { VStack, Box, Divider, Text, Table, Thead, Tbody, Tr, Th, Td, Flex, useColorMode, useBreakpointValue } from '@chakra-ui/react';
 import { PieChart, Pie, Cell, ResponsiveContainer, Tooltip } from 'recharts';
+import { getIpHeaders, makeResponse } from '~/utils/functions.server';
 import { CustomTooltip } from '~/components/analytics/CustomTooltip';
 import { StatGrid } from '~/components/analytics/StatGrid';
 import { Container } from '~/components/layout/Container';
-import { makeResponse } from '~/utils/functions.server';
 import { LoaderFunctionArgs } from '@remix-run/node';
 import { authenticator } from '~/utils/auth.server';
 import MenuBar from '~/components/layout/MenuBar';
@@ -16,10 +16,13 @@ export const loader = async ({ request }: LoaderFunctionArgs) => {
 	const token = await authenticator.isAuthenticated(request);
 	if (!token) throw makeResponse(null, 'You are not authorized to view this page.');
 
-	const analytics = await api?.analytics.getUserAnalytics({ auth: token });
-	if (!analytics || 'error' in analytics) throw makeResponse(analytics, 'Failed to get analytics.');
+	const ipHeaders = getIpHeaders(request);
+	if (!ipHeaders) throw makeResponse(null, 'Failed to get client IP.');
 
-	return { analytics: analytics.data };
+	const DBAnalytics = await api?.analytics.getUserAnalytics({ auth: token, headers: ipHeaders });
+	if (!DBAnalytics || 'error' in DBAnalytics) throw makeResponse(DBAnalytics, 'Failed to get analytics.');
+
+	return { analytics: DBAnalytics.data };
 };
 
 export default function UserAnalytics() {

app/routes/flashcards.$groupId.$categoryId.$boardId._index.tsx

@@ -2,8 +2,8 @@ import { Box, BoxProps, Button, Flex, HStack, IconButton, Slider, SliderFilledTr
 import { FaArrowLeft, FaArrowRight, FaBookOpen, FaCog, FaList, FaRandom } from 'react-icons/fa';
 import { ActionFunctionArgs, LinkDescriptor, LoaderFunctionArgs } from '@remix-run/node';
 import { useState, useMemo, useCallback, useRef, useEffect, useContext } from 'react';
+import { getIpHeaders, makeResObject, makeResponse } from '~/utils/functions.server';
 import { themeColor, themeColorLight, WebReturnType } from '~/other/types';
-import { makeResObject, makeResponse } from '~/utils/functions.server';
 import { IconLinkButton, LinkButton } from '~/components/Button';
 import { ConfettiContainer } from '~/components/other/Confetti';
 import { useFetcher, useLoaderData } from '@remix-run/react';
@@ -26,10 +26,13 @@ export const loader = async ({ request, params }: LoaderFunctionArgs) => {
 	const token = await authenticator.isAuthenticated(request);
 	if (!token) throw makeResponse(null, 'You are not authorized to view this page.');
 
-	const flashcardData = await api?.flashcards.getDeck({ auth: token, groupId, categoryId, boardId });
-	if (!flashcardData || 'error' in flashcardData) throw makeResponse(flashcardData, 'Failed to get flashcard deck.');
+	const ipHeaders = getIpHeaders(request);
+	if (!ipHeaders) throw makeResponse(null, 'Failed to get client IP.');
 
-	return { deck: flashcardData.data, groupId, categoryId, boardId };
+	const DBFlashcardData = await api?.flashcards.getDeck({ auth: token, groupId, categoryId, boardId, headers: ipHeaders });
+	if (!DBFlashcardData || 'error' in DBFlashcardData) throw makeResponse(DBFlashcardData, 'Failed to get flashcard deck.');
+
+	return { deck: DBFlashcardData.data, groupId, categoryId, boardId };
 };
 
 export const action = async ({ request, params }: ActionFunctionArgs) => {
@@ -38,6 +41,9 @@ export const action = async ({ request, params }: ActionFunctionArgs) => {
 	const token = await authenticator.isAuthenticated(request);
 	if (!token) throw makeResponse(null, 'You are not authorized to view this page.');
 
+	const ipHeaders = getIpHeaders(request);
+	if (!ipHeaders) return makeResObject(null, 'Failed to get client IP.');
+
 	const formData = await request.formData();
 	const type = formData.get('type') as string;
 
@@ -52,6 +58,7 @@ export const action = async ({ request, params }: ActionFunctionArgs) => {
 				categoryId,
 				boardId,
 				body: { currentIndex, completed },
+				headers: ipHeaders,
 			});
 
 			return makeResObject(result, 'Failed to update progress.');