ramadhan sjamsani
e54bdf2c6c
- Fastify public app now passes `trustProxy: true` so request.ip resolves to the real client IP from X-Forwarded-For when behind Cloud Run / a load balancer. Without this the per-IP rate limit was either useless or collapsed all users into one shared LB IP. - The `anonymity_enabled` config row + JS default + migration seed now default to `false`. The flag is dead code (no business logic ever consumed it) and the actual rule is simpler than the toggle implied: mitras always see the customer's chosen call_name; only phone+email are private. The whole feature is queued for rip-out as a separate cleanup pass. The per-IP OTP rate limit (10/hr) was also effectively disabled by upserting `app_config.otp_max_per_ip_per_hour = 1000000` — a runtime config change, not a code change. Per-phone (3/hr) + Fazpass cost remains the real abuse gate. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>