From ac0710ef1ff0f28644f81366fefae8b8fffd5d49 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Haylee=20Sch=C3=A4fer?= <haylee@inventivetalent.org>
Date: Mon, 27 Jan 2025 16:07:22 +0100
Subject: [PATCH] fix it here too

---
 src/middleware/apikey.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/middleware/apikey.ts b/src/middleware/apikey.ts
index f21e23fb..1bc151af 100644
--- a/src/middleware/apikey.ts
+++ b/src/middleware/apikey.ts
@@ -59,7 +59,7 @@ export const verifyApiKey = async (req: MineSkinV2Request, res: Response) => {
             // Either a server IP or a client origin, not both
             if (key.allowedIps && key.allowedIps.length > 0) {
                 const ip = getIp(req);
-                if (!ip || key.allowedIps.includes(ip.trim())) {
+                if (!ip || !key.allowedIps.includes(ip.trim())) {
                     console.log(debug(`Client ${ ip } not allowed`));
                     throw new MineSkinError("invalid_api_key", "Client not allowed", {httpCode: 403});
                 }