安全性能优化

server/index.js

@@ -158,6 +158,8 @@ async function getSiteSettingsRow() {
 async function requireServerDetailsAccess(req, res, next) {
   try {
     const settings = await getSiteSettingsRow();
+    req.siteSettings = settings; // Store for later use (e.g. IP stripping)
+    
     const requiresLogin = settings.require_login_for_server_details !== undefined
       ? !!settings.require_login_for_server_details
       : true;
@@ -1216,6 +1218,13 @@ app.get('/api/metrics/server-details', requireServerDetailsAccess, async (req, r
 
     // Fetch detailed metrics
     const details = await prometheusService.getServerDetails(sourceUrl, instance, job);
+
+    // Dynamic field removal based on security settings: PHYSICAL DATA STRIPPING
+    if (!req.siteSettings || !req.siteSettings.show_server_ip) {
+      delete details.ipv4;
+      delete details.ipv6;
+    }
+
     res.json(details);
   } catch (err) {
     console.error(`Error fetching server details for ${instance}:`, err.message);