Fix: Remove insecure proxy fallback and prevent IP spoofing vulnerability

[ArshVermaGit]

This PR addresses the critical IP spoofing vulnerability reported in issue #855 by entirely removing the insecure fallback behavior inside backend/app.js where app.set("trust proxy", 1) was used when TRUST_PROXY=true without subnet definitions. To ensure the application cannot be deployed in a dangerously vulnerable state where malicious actors could inject arbitrary IP addresses into the X-Forwarded-For header and bypass rate limiting, the server will now log a fatal security error and strictly run process.exit(1) if proxy trusting is requested but explicit comma-separated subnet ranges are not provided via the TRUSTED_PROXIES environment variable.

Closes #855

Summary by CodeRabbit

• Bug Fixes
  • Improved security configuration validation to prevent insecure proxy trust defaults. The server now terminates with an error instead of silently running with potentially unsafe settings when proxy configuration is incomplete.

[vercel]

@ArshVermaGit is attempting to deploy a commit to the durdana3105's projects Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 8fa03f53-fc40-4ac0-9925-6b83b7f6f5a2

📥 Commits

Reviewing files that changed from the base of the PR and between a65ed99 and afffba5.

📒 Files selected for processing (1)

• backend/app.js

---

📝 Walkthrough

Walkthrough

In backend/app.js, the fallback branch for TRUST_PROXY=true without a TRUSTED_PROXIES value was changed from setting trust proxy to hop-count 1 with a warning log to emitting a fatal error log and immediately calling process.exit(1).

Changes

Proxy Trust Hardening

Layer / File(s)	Summary
Fail fast on missing TRUSTED_PROXIES backend/app.js	When TRUST_PROXY=true is set but TRUSTED_PROXIES is absent, the server now logs a fatal security error and exits via process.exit(1) instead of silently falling back to hop-count 1 proxy trust with a warning.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

Possibly related issues

• Insecure Proxy Fallback: IP Spoofing Vulnerability #855: This PR directly implements the fix described in that issue by terminating the process when TRUST_PROXY=true is configured without an explicit TRUSTED_PROXIES, eliminating the insecure hop-count fallback.

Poem

A bunny hops in, checks the proxy chain,
No trusted list? We won't proceed in vain!
process.exit(1) — a firm goodbye,
No sneaky IPs slipping through to spy.
Fail fast, fail safe, hop away! 🐇

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: removing an insecure proxy fallback and addressing an IP spoofing vulnerability, which aligns with the core objective of the pull request.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[ArshVermaGit]

issue resolved