Allow /stats from LAN/private IP ranges

backend/server.js

@@ -236,7 +236,44 @@ function getRequestIp(request) {
 
 function isLocalRequest(request) {
   const ip = getRequestIp(request);
-  return ip === '127.0.0.1' || ip === '::1' || ip === '';
+  if (!ip || ip === '127.0.0.1' || ip === '::1') {
+    return true;
+  }
+
+  if (ip.includes(':')) {
+    const normalized = ip.toLowerCase();
+    return (
+      normalized.startsWith('fc') ||
+      normalized.startsWith('fd') ||
+      normalized.startsWith('fe80')
+    );
+  }
+
+  const parts = ip.split('.');
+  if (parts.length !== 4) {
+    return false;
+  }
+
+  const octets = parts.map((part) => Number(part));
+  if (octets.some((octet) => !Number.isInteger(octet) || octet < 0 || octet > 255)) {
+    return false;
+  }
+
+  const [a, b] = octets;
+  if (a === 10) {
+    return true;
+  }
+  if (a === 172 && b >= 16 && b <= 31) {
+    return true;
+  }
+  if (a === 192 && b === 168) {
+    return true;
+  }
+  if (a === 169 && b === 254) {
+    return true;
+  }
+
+  return false;
 }
 
 function hashVisitorId(ip, userAgent) {