diff --git a/src/modules/admin-auth/admin-auth.controller.ts b/src/modules/admin-auth/admin-auth.controller.ts
index 630656c..122322d 100644
--- a/src/modules/admin-auth/admin-auth.controller.ts
+++ b/src/modules/admin-auth/admin-auth.controller.ts
@@ -23,7 +23,8 @@ export class AdminAuthController {
   @ApiResponse({ status: 401, description: '邮箱或密码错误' })
   @ApiResponse({ status: 403, description: '账号已禁用或锁定' })
   async login(@Body() dto: AdminLoginDto, @Req() req: Request) {
-    return this.adminAuthService.login(dto.email, dto.password, req.ip, req.headers['user-agent']);
+    const ip = (req.ip || '').replace('::ffff:', '');
+    return this.adminAuthService.login(dto.email, dto.password, ip, req.headers['user-agent']);
   }
 
   @AdminPublic()
@@ -33,7 +34,8 @@ export class AdminAuthController {
   @ApiResponse({ status: 200, description: '刷新成功' })
   @ApiResponse({ status: 401, description: '刷新令牌无效' })
   async refresh(@Body() dto: AdminRefreshDto, @Req() req: Request) {
-    return this.adminAuthService.refresh(dto.refreshToken, req.ip, req.headers['user-agent']);
+    const refreshIp = (req.ip || '').replace('::ffff:', '');
+    return this.adminAuthService.refresh(dto.refreshToken, refreshIp, req.headers['user-agent']);
   }
 
   @Post('logout')