From 03565378014b78d41ba0bbc010a311ec726bf757 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Haylee=20Sch=C3=A4fer?= <haylee@inventivetalent.org>
Date: Mon, 27 Jan 2025 15:46:17 +0100
Subject: [PATCH] fix allowed IP check

---
 src/util/index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/util/index.ts b/src/util/index.ts
index 491b14e6..2ba480c2 100644
--- a/src/util/index.ts
+++ b/src/util/index.ts
@@ -194,7 +194,7 @@ export async function getAndValidateRequestApiKey(req: MineSkinRequest): Promise
         // Either a server IP or a client origin, not both
         if (key.allowedIps && key.allowedIps.length > 0) {
             const ip = getIp(req);
-            if (!ip || key.allowedIps.includes(ip.trim())) {
+            if (!ip || !key.allowedIps.includes(ip.trim())) {
                 console.log(debug(`Client ${ ip } not allowed`));
                 throw new MineSkinError("invalid_api_key", "Client not allowed", {httpCode: 403});
             }