fix: read X-Forwarded-For for client IP in security audit events

CHANGELOG.md

@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 The format is based on [Keep a Changelog](http://keepachangelog.com/).
 
+## Unreleased
+
+### Fixed
+
+- Security audit events (`AttachmentSizeExceeded`, `AttachmentUploadRejected`, `AttachmentDownloadRejected`) now log the real client IP on reverse-proxy deployments (e.g. BTP Cloud Foundry) by reading `X-Forwarded-For` with fallback to `socket.remoteAddress`.
+
 ## Version 3.11.0
 
 ### Added

lib/generic-handlers.js

@@ -147,7 +147,9 @@ async function validateAttachment(req) {
 
     if (scanEnabled) {
       if (status !== "Clean") {
-        const ipAddress = req.req?.socket?.remoteAddress
+        const ipAddress =
+          req.req?.headers?.["x-forwarded-for"] ||
+          req.req?.socket?.remoteAddress
         cds.spawn(async () => {
           try {
             const srv = await cds.connect.to("attachments")
@@ -272,7 +274,8 @@ async function validateAttachmentSize(req, validateContentLength = false) {
     const attachmentRef = await SELECT.one("filename")
       .from(req.target)
       .where({ up__ID: req.data.up__ID })
-    const ipAddress = req.req?.socket?.remoteAddress
+    const ipAddress =
+      req.req?.headers?.["x-forwarded-for"] || req.req?.socket?.remoteAddress
     cds.spawn(async () => {
       try {
         const AttachmentsSrv = await cds.connect.to("attachments")
@@ -330,7 +333,8 @@ function validateAttachmentMimeType(req) {
   const acceptableMediaTypes =
     req.target.elements.content["@Core.AcceptableMediaTypes"] || "*/*"
   if (!checkMimeTypeMatch(acceptableMediaTypes, mimeType)) {
-    const ipAddress = req.req?.socket?.remoteAddress
+    const ipAddress =
+      req.req?.headers?.["x-forwarded-for"] || req.req?.socket?.remoteAddress
     cds.spawn(async () => {
       try {
         const AttachmentsSrv = await cds.connect.to("attachments")