fix: Client IP resolving when proxy reusing TCP connection

[kuznetsss]

Proxy may reuse TCP connections to send HTTP requests from different clients. This PR fixes bug when Clio resolves client IP only once per connection.

[Copilot]

Pull request overview

Fixes incorrect client-IP resolution when a trusted proxy reuses the same backend TCP connection for requests originating from different clients.

Changes:

• Update ProxyIpResolver::resolveClientIp to return std::optional<std::string> (only returns a value when the request is trusted and contains a parseable Forwarded client IP).
• Track whether a connection has been identified as coming from a trusted proxy, and re-extract the client IP on subsequent requests.
• Add unit tests covering proxy connection reuse with same and different client IPs (sequential + parallel processing).

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
src/web/ng/impl/ConnectionHandler.cpp	Reworks per-request client IP resolution and adds “proxy connection” tracking.
src/web/ng/Connection.hpp	Adds isProxyConnection_ flag and accessors to connection metadata.
src/web/impl/HttpBase.hpp	Mirrors the “proxy connection” tracking logic for the legacy HTTP stack.
src/web/ProxyIpResolver.hpp	Changes resolver API to return std::optional<std::string> and updates docs.
src/web/ProxyIpResolver.cpp	Implements new std::optional semantics for trusted vs untrusted requests.
tests/unit/web/ng/impl/ConnectionHandlerTests.cpp	Adds tests for proxy TCP-connection reuse across requests.
tests/unit/web/ProxyIpResolverTests.cpp	Updates tests to match new optional-return resolver semantics.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov]

Codecov Report

❌ Patch coverage is 67.44186% with 14 lines in your changes missing coverage. Please review.
✅ Project coverage is 81.88%. Comparing base (e091175) to head (424adf2).
⚠️ Report is 1 commits behind head on develop.

Files with missing lines	Patch %	Lines
src/web/impl/HttpBase.hpp	21.42%	9 Missing and 2 partials ⚠️
src/web/ng/impl/ConnectionHandler.cpp	82.35%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #3043      +/-   ##
===========================================
+ Coverage    81.81%   81.88%   +0.06%     
===========================================
  Files          396      396              
  Lines        15827    17258    +1431     
  Branches      8403     8565     +162     
===========================================
+ Hits         12949    14131    +1182     
- Misses        1670     1830     +160     
- Partials      1208     1297      +89     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated no new comments.

Comments suppressed due to low confidence (1)

src/web/ProxyIpResolver.hpp:77

• extractClientIp now intentionally prefers the last for= occurrence (via rfind) to support multi-hop/append semantics, but the doc comment still reads like it extracts “the” for parameter per RFC 7239. Please update the comment to clarify that when multiple for= values are present, the last one is used (and why), so callers don’t assume the first/original client is returned.

     * @brief Extracts the client IP from the `Forwarded` HTTP header.
     *
     * The `Forwarded` header is expected to be in the format specified by RFC 7239.
     * This function looks for the `for` parameter.
     *

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[godexsoft]

👍