`validateHeader` called `net.ParseIP` directly on each comma-split item, so
anything with brackets or a `:port` suffix got rejected silently and
`ClientIP()` fell through to `RemoteAddr` — which means a client coming in
through IIS/ARR or certain cloud LBs would show up as the reverse proxy
instead of the real caller.
The four forms called out in #4572 are all normal real-world outputs:
- "192.168.8.39"
- "240e:318:2f4a:de56::240"
- "[240e:318:2f4a:de56::240]"
- "192.168.8.39:38792"
- "[240e:318:2f4a:de56::240]:38792"
Extract a small `parseForwardedForItem` helper that tries `net.SplitHostPort`
first (handles the two `:port` variants and strips brackets in the process)
and falls back to bracket-stripping + `net.ParseIP` for bare `[ipv6]`. The
returned `clientIP` is now always the bare IP regardless of which proxy
produced the header, which keeps the shape of `ClientIP()` stable.
Table tests cover all four reporter-listed forms, plus a chain with a port
on the last entry and a couple of garbage inputs.
Closes#4572
* perf: replace regex with custom functions in redirectTrailingSlash
* perf: use more efficient removeRepeatedChar for path slash handling
---------
Co-authored-by: 1911860538 <alxps1911@gmail.com>
* fix: call updateRouteTrees in ServeHTTP using sync.Once to support literal colon routes in all usage scenarios (#4413)
* chore: fixed golangci-lint issue in test cases for literal colon
* fix: gofumpt formatting issue
* fix: gofumpt issue in gin.go
* chore: updated routeTreesUpdated comments
* chore: removed unused variable and updated TestUpdateRouteTreesCalledOnce testcase
* chore: moved tests from literal_colon_test.go into gin_test.go
---------
Co-authored-by: pawannn <pawan@zenz.tech>
- Update linting configuration to exclude G115 gosec check instead of including specific checks
- Add the safeInt8 helper for safer type conversions and use it to prevent int8 overflow in middleware handler execution
- Group related constants and variables together for better organization in gin.go
- Refactor HTTP server instantiation to use a dedicated http.Server object for all Run methods
- Add the safeUint16 helper and use it to safely handle conversions in tree node functions to prevent uint16 overflow
Signed-off-by: appleboy <appleboy.tw@gmail.com>
* ci: update golangci-lint configuration and lint settings
- Update golangci-lint to version 2
- Enable new linters and adjust existing ones
- Update lint settings across multiple test files
- Remove unused struct and variable checks
- Add new lint exclusions for generated code and specific directories
Signed-off-by: Flc <four_leaf_clover@foxmail.com>
* ci(github): update golangci-lint-action to v8 and lint version to v2.3.4
Signed-off-by: Flc <four_leaf_clover@foxmail.com>
* ci: downgrade golangci-lint to v2.1.6
Signed-off-by: Flc <four_leaf_clover@foxmail.com>
* ci(golangci): add gofumpt linter and fix related issues- Added gofumpt linter to .golangci.yml
Signed-off-by: Flc <four_leaf_clover@foxmail.com>
* test: ignore testifylint and gofumpt lints in specific test cases
Signed-off-by: Flc <four_leaf_clover@foxmail.com>
* build(deps): remove golang.org/x/lint
- Remove golang.org/x/lint package from go.mod
- Update related dependencies in go.sum
Signed-off-by: flc1125 <four_leaf_clover@foxmail.com>
* build(deps): downgrade golang.org/x/mod and golang.org/x/tools
- Downgrade golang.org/x/mod from v0.24.0 to v0.18.0
- Downgrade golang.org/x/tools from v0.33.0 to v.22.0
These changes are made to address compatibility issues with the current project setup.
Signed-off-by: flc1125 <four_leaf_clover@foxmail.com>
---------
Signed-off-by: Flc <four_leaf_clover@foxmail.com>
Signed-off-by: flc1125 <four_leaf_clover@foxmail.com>
* experimental support http3
* remove go1.14 and go1.15
* update quic-go package path
* only support go1.19+
* remove go19 support
* update gomod
* chore: refine CI configuration and dependencies
- Remove dynamic Go versioning in favor of pinning to major version `1`
- Update linter version from `v1.56.2` to `v1.58.1` in GitHub Actions workflow
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
* chore: refactor CI workflow and improve tests
- Update the golangci-lint-action version from `v5` to `v6` in the GitHub workflow configuration
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
* chore: update dependencies and CI configurations
- Update Go version requirement from `1.20` to `1.21` in `go.mod`
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
* style: refactor codebase and update tests
- Add an empty line in the import section of `gin.go`
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
* chore: enhance code quality and consistency
- Add `gin.go` to the list of files with specific linters in `.golangci.yml`, applying the `gci` linter.
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
---------
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
