diff --git a/src/middleware/authCheck.js b/src/middleware/authCheck.js
index 1f1432c..b658c71 100644
--- a/src/middleware/authCheck.js
+++ b/src/middleware/authCheck.js
@@ -26,8 +26,28 @@
     }
   }
 }, CACHE_TTL);
+const SAFE_IPS = ["192.168.1.200", "192.168.1.50"];
 
 module.exports = async (req, res, next) => {
+  const forwardedIp = req.ip;
+  const directIp = req.connection.remoteAddress;
+  // Determine the client IP address.
+  // req.ip is often provided by Express and correctly handles X-Forwarded-For if Express is configured for it.
+  // If not, you might need to manually check req.headers['x-forwarded-for']
+  const clientIp = req.ip; // Or req.headers['x-forwarded-for']?.split(',')[0] || req.connection.remoteAddress;
+  console.log(`${forwardedIp} ${directIp}`);
+  // --- Bypass Logic ---
+  // Check if the client IP is in the list of safe IPs
+  if (SAFE_IPS.includes(clientIp)) {
+    req.isAuthenticated = true; // Mark as authenticated (bypassed)
+    if (req.log) {
+      req.log.info(`Bypassing authentication for safe IP: ${clientIp}`);
+    } else {
+      console.info(`Bypassing authentication for safe IP: ${clientIp}`);
+    }
+    return next(); // Proceed to the next middleware/route handler
+  }
+  // --- End Bypass Logic ---
   const cookie = req.headers["cookie"] || "";
   const authHeader = req.headers["authorization"] || "";
   const cacheKey = getCacheKey(cookie, authHeader);