Track sessions by gateway client IP

- Add _get_client_ip() to detect gateway/proxy requests
- Track sessions only when X-Forwarded-For, X-Real-IP, X-Client-IP, or Via headers present
- Each unique client IP behind a gateway = one session
- Direct connections are not tracked

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

.claude/settings.local.json

@@ -7,7 +7,8 @@
       "Bash(.\\\\.venv\\\\Scripts\\\\python -m uvicorn server:app --host 0.0.0.0 --port 8082)",
       "Bash(git add *)",
       "Bash(git commit -m ' *)",
-      "Bash(git push *)"
+      "Bash(git push *)",
+      "Bash(python -c \"import ast; ast.parse\\(open\\('api/services.py'\\).read\\(\\)\\); print\\('Syntax OK'\\)\")"
     ]
   },
   "enableAllProjectMcpServers": true,

api/routes.py

@@ -166,12 +166,13 @@ def _build_models_list_response(
 # =============================================================================
 @router.post("/v1/messages")
 async def create_message(
+    request: Request,
     request_data: MessagesRequest,
     service: ClaudeProxyService = Depends(get_proxy_service),
     _auth=Depends(require_api_key),
 ):
     """Create a message (always streaming)."""
-    return service.create_message(request_data)
+    return service.create_message(request, request_data)
 
 
 @router.api_route("/v1/messages", methods=["HEAD", "OPTIONS"])

api/services.py

@@ -7,7 +7,7 @@ import uuid
 from collections.abc import AsyncIterator, Callable
 from typing import Any
 
-from fastapi import HTTPException
+from fastapi import HTTPException, Request
 from fastapi.responses import StreamingResponse
 from loguru import logger
 
@@ -23,7 +23,7 @@ from providers.exceptions import (
     RateLimitError,
 )
 
-from .model_router import ModelRouter
+from .model_router import ModelRouter, ResolvedModel
 from .models.anthropic import MessagesRequest, TokenCountRequest
 from .models.responses import TokenCountResponse
 from .optimization_handlers import try_optimizations
@@ -88,8 +88,26 @@ def _require_non_empty_messages(messages: list[Any]) -> None:
         raise InvalidRequestError("messages cannot be empty")
 
 
+def _get_client_ip(request: Request) -> str | None:
+    """Extract client IP from gateway headers or return None for direct connections."""
+    # Check for proxy/gateway headers
+    forwarded = request.headers.get("X-Forwarded-For")
+    if forwarded:
+        return forwarded.split(",")[0].strip()
+    real_ip = request.headers.get("X-Real-IP")
+    if real_ip:
+        return real_ip
+    client_ip = request.headers.get("X-Client-IP")
+    if client_ip:
+        return client_ip
+    via = request.headers.get("Via")
+    if via:
+        return request.client.host  # Gateway/proxy IP
+    return None  # Direct connection
+
+
 class ClaudeProxyService:
-    """Coordinate request optimization, model routing, token count, and providers."""
+    """Coordinate request optimization, model routing, and providers."""
 
     def __init__(
         self,
@@ -104,32 +122,35 @@ class ClaudeProxyService:
         self._token_counter = token_counter
         self._session_tracker = SessionTracker.get_instance()
 
-    def _get_session_id(self, request_data: MessagesRequest) -> str:
-        """Extract or generate a session ID from the request."""
-        # Try to extract session ID from messages metadata or generate one
-        # This allows multiple Claude Code instances to share the proxy fairly
-        if hasattr(request_data, 'custom_id'):
-            return str(request_data.custom_id)
-        return f"session_{uuid.uuid4().hex[:12]}"
+    def _get_session_id(self, request: Request, request_data: MessagesRequest) -> str:
+        """Extract or generate a session ID for gateway clients only."""
+        # Check if request came through a gateway/proxy
+        ip = _get_client_ip(request)
+        if ip is None:
+            return "direct"  # Don't track direct connections
 
-    def create_message(self, request_data: MessagesRequest) -> object:
+        # Use gateway client IP as session identifier
+        return f"gateway_{ip}"
+
+    def create_message(self, request: Request, request_data: MessagesRequest) -> object:
         """Create a message response or streaming response with optional failover."""
-        from .web_tools.streaming import stream_web_server_tool_response
         try:
             _require_non_empty_messages(request_data.messages)
 
             candidates = self._model_router.resolve_candidates(request_data.model)
             if not candidates:
-                raise InvalidRequestError(f"No configured models available for '{request_data.model}'")
+                raise InvalidRequestError(
+                    f"No configured models available for '{request_data.model}'"
+                )
 
             # For 'auto' requests with multiple candidates, we wrap the stream in a failover loop.
             if len(candidates) > 1:
                 return anthropic_sse_streaming_response(
-                    self._stream_with_fallbacks(candidates, request_data)
+                    self._stream_with_fallbacks(request, candidates, request_data)
                 )
 
             # Standard path for single-model requests
-            return self._create_single_message(candidates[0], request_data)
+            return self._create_single_message(request, candidates[0], request_data)
 
         except ProviderError:
             raise
@@ -143,7 +164,7 @@ class ClaudeProxyService:
             ) from e
 
     def _create_single_message(
-        self, resolved: ResolvedModel, request_data: MessagesRequest
+        self, request: Request, resolved: ResolvedModel, request_data: MessagesRequest
     ) -> object:
         """Create a single message response from a resolved model."""
         routed_request = request_data.model_copy(deep=True)
@@ -160,6 +181,8 @@ class ClaudeProxyService:
         if self._settings.enable_web_server_tools and is_web_server_tool_request(
             routed_request
         ):
+            from .web_tools.streaming import stream_web_server_tool_response
+
             input_tokens = self._token_counter(
                 routed_request.messages, routed_request.system, routed_request.tools
             )
@@ -187,7 +210,7 @@ class ClaudeProxyService:
             thinking_enabled=resolved.thinking_enabled,
         )
 
-        session_id = self._get_session_id(request_data)
+        session_id = self._get_session_id(request, request_data)
         self._session_tracker.track_request_sync(session_id, resolved.provider_id)
 
         request_id = f"req_{uuid.uuid4().hex[:12]}"
@@ -211,7 +234,10 @@ class ClaudeProxyService:
         )
 
     async def _stream_with_fallbacks(
-        self, candidates: list[ResolvedModel], request_data: MessagesRequest
+        self,
+        request: Request,
+        candidates: list[ResolvedModel],
+        request_data: MessagesRequest,
     ) -> AsyncIterator[str]:
         """Iterate through candidates until one succeeds or all fail."""
         last_exc: Exception | None = None
@@ -227,6 +253,11 @@ class ClaudeProxyService:
                     thinking_enabled=resolved.thinking_enabled,
                 )
 
+                session_id = self._get_session_id(request, request_data)
+                self._session_tracker.track_request_sync(
+                    session_id, resolved.provider_id
+                )
+
                 request_id = f"req_{uuid.uuid4().hex[:12]}"
                 logger.info(
                     "API_REQUEST (auto fallback {}/{}): request_id={} provider={} model={}",