refactor: remove user IP validation from AuthRouter and UsersRouter, default client IP to 'unknown' in UsersService

adriangohjw · adriangohjw · commit b19d2fca23d3 · 2025-10-17T17:44:22.000+08:00
diff --git a/src/routes/v2/auth.js b/src/routes/v2/auth.js
@@ -1,5 +1,3 @@
-import { BaseIsomerError } from "@root/errors/BaseError"
-
 const autoBind = require("auto-bind")
 const express = require("express")
 
@@ -109,12 +107,6 @@ class AuthRouter {
       })
     const email = rawEmail.toLowerCase()
     const userIp = isSecure ? req.get("cf-connecting-ip") : req.ip
-    if (!userIp) {
-      throw new BaseIsomerError({
-        status: 500,
-        message: "No user IP found in the request",
-      })
-    }
     const userInfo = (
       await this.authService.verifyOtp({ email, otp, clientIp: userIp })
     ).value
diff --git a/src/routes/v2/authenticated/users.ts b/src/routes/v2/authenticated/users.ts
@@ -11,7 +11,6 @@ import { attachReadRouteHandlerWrapper } from "@middleware/routeHandler"
 
 import UserSessionData from "@classes/UserSessionData"
 
-import { BaseIsomerError } from "@root/errors/BaseError"
 import DatabaseError from "@root/errors/DatabaseError"
 import { isError, RequestHandler } from "@root/types"
 import { nameAnonymousMethods } from "@root/utils/apm-utils"
@@ -86,12 +85,6 @@ export class UsersRouter {
     const parsedEmail = email.toLowerCase()
 
     const userIp = isSecure ? req.get("cf-connecting-ip") : req.ip
-    if (!userIp) {
-      throw new BaseIsomerError({
-        status: 500,
-        message: "No user IP found in the request",
-      })
-    }
     return this.usersService
       .verifyEmailOtp(parsedEmail, otp, userIp)
       .andThen(() =>
@@ -152,12 +145,6 @@ export class UsersRouter {
     const userId = userSessionData.isomerUserId
 
     const userIp = isSecure ? req.get("cf-connecting-ip") : req.ip
-    if (!userIp) {
-      throw new BaseIsomerError({
-        status: 500,
-        message: "No user IP found in the request",
-      })
-    }
     return this.usersService
       .verifyMobileOtp(mobile, otp, userIp)
       .andThen(() =>
diff --git a/src/services/identity/UsersService.ts b/src/services/identity/UsersService.ts
@@ -273,12 +273,12 @@ class UsersService {
     otp,
     findConditions,
     findErrorMessage,
-    clientIp,
+    clientIp = "unknown", // default to 'unknown' bucket when IP missing to ensure users are not locked out
   }: {
     otp: string | undefined
     findConditions: { email: string } | { mobileNumber: string }
     findErrorMessage: string
-    clientIp: string
+    clientIp?: string
   }) {
     if (!otp) {
       return errAsync(new BadRequestError("Empty OTP provided"))
@@ -391,7 +391,7 @@ class UsersService {
     /* eslint-enable @typescript-eslint/no-non-null-assertion */
   }
 
-  verifyEmailOtp(email: string, otp: string | undefined, clientIp: string) {
+  verifyEmailOtp(email: string, otp: string | undefined, clientIp?: string) {
     const normalizedEmail = email.toLowerCase()
 
     return this.verifyOtp({
@@ -405,7 +405,7 @@ class UsersService {
   verifyMobileOtp(
     mobileNumber: string,
     otp: string | undefined,
-    clientIp: string
+    clientIp?: string
   ) {
     return this.verifyOtp({
       otp,
