Normalise IP addresses across backend

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

backend/app/utils/client_ip.py

@@ -9,6 +9,8 @@ from __future__ import annotations
 import ipaddress
 from typing import TYPE_CHECKING
 
+from app.utils.ip_utils import normalise_ip
+
 if TYPE_CHECKING:
     from fastapi import Request
 
@@ -50,7 +52,7 @@ def get_client_ip(
 
     # If no trusted proxies are configured, use immediate IP directly
     if not trusted_proxies:
-        return immediate_ip
+        return normalise_ip(immediate_ip)
 
     # Check if the immediate connection is from a trusted proxy
     if not _is_trusted_proxy(immediate_ip, trusted_proxies):
@@ -64,15 +66,15 @@ def get_client_ip(
         # Take the first IP in the list
         client_ip = forwarded_for.split(",")[0].strip()
         if client_ip:
-            return client_ip
+            return normalise_ip(client_ip)
 
     # Fall back to X-Real-IP
     real_ip = request.headers.get("X-Real-IP", "").strip()
     if real_ip:
-        return real_ip
+        return normalise_ip(real_ip)
 
     # No forwarded headers found, use immediate connection
-    return immediate_ip
+    return normalise_ip(immediate_ip)
 
 
 def _is_trusted_proxy(ip: str, trusted_proxies: list[str]) -> bool: