세션 IP 표시와 로그아웃 처리 보강

backend/internal/handler/auth_handler.go

@@ -17,7 +17,6 @@ import (
 	"io"
 	"log/slog"
 	"math/rand"
-	"net"
 	"net/http"
 	"net/url"
 	"os"
@@ -4043,18 +4042,7 @@ func extractClientIPFromHeaders(c *fiber.Ctx) string {
 	if c == nil {
 		return ""
 	}
-	if forwarded := c.Get("X-Forwarded-For"); forwarded != "" {
-		parts := strings.Split(forwarded, ",")
-		if len(parts) > 0 {
-			if ip := strings.TrimSpace(parts[0]); ip != "" {
-				return ip
-			}
-		}
-	}
-	if realIP := strings.TrimSpace(c.Get("X-Real-IP")); realIP != "" {
-		return realIP
-	}
-	return c.IP()
+	return utils.ResolveClientIP(c.Get("X-Forwarded-For"), c.Get("X-Real-IP"), c.IP())
 }
 
 type authTimelineItem struct {
@@ -7034,18 +7022,7 @@ func resolveRequestClientIP(c *fiber.Ctx) string {
 	if c == nil {
 		return ""
 	}
-	if forwarded := c.Get("X-Forwarded-For"); forwarded != "" {
-		parts := strings.Split(forwarded, ",")
-		if len(parts) > 0 {
-			if ip := strings.TrimSpace(parts[0]); ip != "" {
-				return ip
-			}
-		}
-	}
-	if realIP := strings.TrimSpace(c.Get("X-Real-IP")); realIP != "" {
-		return realIP
-	}
-	return c.IP()
+	return utils.ResolveClientIP(c.Get("X-Forwarded-For"), c.Get("X-Real-IP"), c.IP())
 }
 
 func (h *AuthHandler) loadSessionAuditHints(ctx context.Context, userID string) map[string]sessionAuditHint {
@@ -7146,26 +7123,7 @@ func shouldReplaceSessionIP(existing string, candidate string) bool {
 }
 
 func isPrivateIPAddress(raw string) bool {
-	ip := net.ParseIP(strings.TrimSpace(raw))
-	if ip == nil {
-		return false
-	}
-	if ip.IsLoopback() || ip.IsLinkLocalMulticast() || ip.IsLinkLocalUnicast() {
-		return true
-	}
-	for _, cidr := range []string{
-		"10.0.0.0/8",
-		"172.16.0.0/12",
-		"192.168.0.0/16",
-		"100.64.0.0/10",
-		"fc00::/7",
-	} {
-		_, network, err := net.ParseCIDR(cidr)
-		if err == nil && network.Contains(ip) {
-			return true
-		}
-	}
-	return false
+	return utils.IsPrivateOrReservedIP(raw)
 }
 
 func deriveSessionClientInfo(log domain.AuditLog) (string, string) {