From 52e5d00da0348f35136eff6539bcc9aef9a0d157 Mon Sep 17 00:00:00 2001
From: Christian Fehmer <cfe@sexy-developer.com>
Date: Thu, 11 Jun 2026 21:32:43 +0200
Subject: [PATCH] fix: rate limit keyGenerator (@fehmer)

---
 backend/src/middlewares/rate-limit.ts | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/backend/src/middlewares/rate-limit.ts b/backend/src/middlewares/rate-limit.ts
index da5a5a8fa729..948c7b27d311 100644
--- a/backend/src/middlewares/rate-limit.ts
+++ b/backend/src/middlewares/rate-limit.ts
@@ -2,6 +2,7 @@ import MonkeyError from "../utils/error";
 import type { Response, NextFunction, Request } from "express";
 import { RateLimiterMemory } from "rate-limiter-flexible";
 import {
+  ipKeyGenerator,
   rateLimit,
   RateLimitRequestHandler,
   type Options,
@@ -40,12 +41,13 @@ export const customHandler = (
 };
 
 const getKey = (req: Request, _res: Response): string => {
-  return (
+  const ip =
     (req.headers["cf-connecting-ip"] as string) ||
     (req.headers["x-forwarded-for"] as string) ||
     (req.ip as string) ||
-    "255.255.255.255"
-  );
+    "255.255.255.255";
+  const key = ipKeyGenerator(ip);
+  return key;
 };
 
 const getKeyWithUid = (