change ip from x-forward-for

@@ -20,14 +20,17 @@ const limiter = (rule, policy, context) => {
 
 module.exports = (req, res, next) => {
     let remoteIp = req.get('X-Forwarded-For') || req.connection.remoteAddress;
-    logger.debug('request remote ip: ', remoteIp);
 
     if (remoteIp.indexOf(',') > 0) {
         let arr = remoteIp.split(',');
 
-        remoteIp = arr[0];
+        remoteIp = arr[arr.length - 1];
     }
 
+    remoteIp = _.trim(remoteIp);
+
+    logger.info('request remote ip: ', remoteIp);
+
     const excluded = _.includes(IP_WHITE_LIST, remoteIp);
     const enabled = !_.get(req.app.locals, 'wap.sys.noLimiter');
 

@@ -20,6 +20,10 @@ module.exports = (req, res, next) => {
         return next();
     }
 
+    if (res.statusCode == 403) {
+        return res.end();
+    }
+
     if (req.xhr) {
         return res.json({
             code: 400,

@@ -58,7 +58,10 @@ module.exports = (limiter, policy) => {
                 return Promise.resolve(true);
             }
 
-            if (result > MAX_QPS) {       // 判断 qps
+            if (result === 9999) {
+                res.statusCode = 403;
+                return Promise.resolve(policy);
+            } else if (result > MAX_QPS) {       // 判断 qps
                 cache.touch(key, ONE_DAY);
                 logger.debug('req limit', key);
 

@@ -22,7 +22,7 @@ $(function() {
             },
             success: function(ret) {
                 if (ret.code === 200) {
-                    window.location.href = decodeURIComponent(window.queryString.refer) || '//m.yohobuy.com';
+                    window.location.href = window.queryString.refer ? decodeURIComponent(window.queryString.refer) : '//m.yohobuy.com';
                 } else {
                     imgCheck.refresh();
                 }