ot_typo3/ot_admin/Classes/Middleware/OtBackendUserAuthenticator.php

<?php
namespace Opentalent\OtAdmin\Middleware;

use Opentalent\OtAdmin\Http\ApiController;
use TYPO3\CMS\Backend\Middleware\BackendUserAuthenticator;

/**
 * Overrides (XClass) the core BackendUserAuthenticator middleware to extend
 * the public routes to the /otadmin/* routes (only for authorized Ips)
 *
 * @internal
 */
class OtBackendUserAuthenticator extends BackendUserAuthenticator
{
    /**
     * Check if the user is required for the request
     * If we're trying to do a login or an ajax login, don't require a user
     *
     * @param string $routePath the Route path to check against, something like '
     * @return bool whether the request can proceed without a login required
     */
    protected function isLoggedInBackendUserRequired(string $routePath): bool
    {
        $isOtAdminRoute = (bool)preg_match('/\/otadmin\/.+/', $routePath);
        $ipAllowed = ApiController::isIpAllowed($_SERVER['REMOTE_ADDR']);
        if ($isOtAdminRoute && $ipAllowed) {
            return true;
        }
        return parent::isLoggedInBackendUserRequired($routePath);
    }
}