Merge 96f63d68d3086cd0883f77ac39c5cc73aedd530d into 9914178584e42458ff7d23891463a880f58c9d86

* Fix ClientIP calculation by concatenating all RemoteIPHeaders values

* test: used http.MethodGet instead constants and fix lints

* lint error fixed

* Refactor ClientIP X-Forwarded-For tests

---------

Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>

context.go

@@ -989,7 +989,8 @@ func (c *Context) ClientIP() string {
 
 	if trusted && c.engine.ForwardedByClientIP && c.engine.RemoteIPHeaders != nil {
 		for _, headerName := range c.engine.RemoteIPHeaders {
-			ip, valid := c.engine.validateHeader(c.requestHeader(headerName))
+			headerValue := strings.Join(c.Request.Header.Values(headerName), ",")
+			ip, valid := c.engine.validateHeader(headerValue)
 			if valid {
 				return ip
 			}

context_test.go

@@ -1143,6 +1143,37 @@ func TestContextRenderNoContentIndentedJSON(t *testing.T) {
 	assert.Equal(t, "application/json; charset=utf-8", w.Header().Get("Content-Type"))
 }
 
+func TestContextClientIPWithMultipleHeaders(t *testing.T) {
+	c, _ := CreateTestContext(httptest.NewRecorder())
+	c.Request, _ = http.NewRequest(http.MethodGet, "/test", nil)
+
+	// Multiple X-Forwarded-For headers
+	c.Request.Header.Add("X-Forwarded-For", "1.2.3.4, "+localhostIP)
+	c.Request.Header.Add("X-Forwarded-For", "5.6.7.8")
+	c.Request.RemoteAddr = localhostIP + ":1234"
+
+	c.engine.ForwardedByClientIP = true
+	c.engine.RemoteIPHeaders = []string{"X-Forwarded-For"}
+	_ = c.engine.SetTrustedProxies([]string{localhostIP})
+
+	// Should return 5.6.7.8 (last non-trusted IP)
+	assert.Equal(t, "5.6.7.8", c.ClientIP())
+}
+
+func TestContextClientIPWithSingleHeader(t *testing.T) {
+	c, _ := CreateTestContext(httptest.NewRecorder())
+	c.Request, _ = http.NewRequest(http.MethodGet, "/test", nil)
+	c.Request.Header.Set("X-Forwarded-For", "1.2.3.4, "+localhostIP)
+	c.Request.RemoteAddr = localhostIP + ":1234"
+
+	c.engine.ForwardedByClientIP = true
+	c.engine.RemoteIPHeaders = []string{"X-Forwarded-For"}
+	_ = c.engine.SetTrustedProxies([]string{localhostIP})
+
+	// Should return 1.2.3.4
+	assert.Equal(t, "1.2.3.4", c.ClientIP())
+}
+
 // Tests that the response is serialized as Secure JSON
 // and Content-Type is set to application/json
 func TestContextRenderSecureJSON(t *testing.T) {

gin.go

@@ -178,8 +178,10 @@ type Engine struct {
 	FuncMap          template.FuncMap
 	allNoRoute       HandlersChain
 	allNoMethod      HandlersChain
+	allAutoRedirect  HandlersChain
 	noRoute          HandlersChain
 	noMethod         HandlersChain
+	autoRedirect     HandlersChain
 	pool             sync.Pool
 	trees            methodTrees
 	maxParams        uint16
@@ -334,6 +336,13 @@ func (engine *Engine) NoMethod(handlers ...HandlerFunc) {
 	engine.rebuild405Handlers()
 }
 
+// AutoRedirect sets the handlers called when auto redirected
+// (RedirectTrailingSlash and RedirectFixedPath)
+func (engine *Engine) AutoRedirect(handlers ...HandlerFunc) {
+	engine.autoRedirect = handlers
+	engine.rebuildAutoRedirectHandlers()
+}
+
 // Use attaches a global middleware to the router. i.e. the middleware attached through Use() will be
 // included in the handlers chain for every single request. Even 404, 405, static files...
 // For example, this is the right place for a logger or error management middleware.
@@ -341,6 +350,7 @@ func (engine *Engine) Use(middleware ...HandlerFunc) IRoutes {
 	engine.RouterGroup.Use(middleware...)
 	engine.rebuild404Handlers()
 	engine.rebuild405Handlers()
+	engine.rebuildAutoRedirectHandlers()
 	return engine
 }
 
@@ -361,6 +371,10 @@ func (engine *Engine) rebuild405Handlers() {
 	engine.allNoMethod = engine.combineHandlers(engine.noMethod)
 }
 
+func (engine *Engine) rebuildAutoRedirectHandlers() {
+	engine.allAutoRedirect = engine.combineHandlers(engine.autoRedirect)
+}
+
 func (engine *Engine) addRoute(method, path string, handlers HandlersChain) {
 	assert1(path[0] == '/', "path must begin with '/'")
 	assert1(method != "", "HTTP method can not be empty")
@@ -724,6 +738,7 @@ func (engine *Engine) handleHTTPRequest(c *Context) {
 			return
 		}
 		if httpMethod != http.MethodConnect && rPath != "/" {
+			c.handlers = engine.allAutoRedirect
 			if value.tsr && engine.RedirectTrailingSlash {
 				redirectTrailingSlash(c)
 				return
@@ -819,13 +834,14 @@ func redirectFixedPath(c *Context, root *node, trailingSlash bool) bool {
 
 func redirectRequest(c *Context) {
 	req := c.Request
-	rPath := req.URL.Path
-	rURL := req.URL.String()
-
 	code := http.StatusMovedPermanently // Permanent redirect, request with GET method
 	if req.Method != http.MethodGet {
 		code = http.StatusTemporaryRedirect
 	}
+	c.Next()
+
+	rPath := req.URL.Path
+	rURL := req.URL.String()
 	debugPrint("redirecting request %d: %s --> %s", code, rPath, rURL)
 	http.Redirect(c.Writer, req, rURL, code)
 	c.writermem.WriteHeaderNow()

gin_test.go

@@ -601,6 +601,59 @@ func TestNoMethodWithGlobalHandlers(t *testing.T) {
 	compareFunc(t, router.allNoMethod[2], middleware0)
 }
 
+func TestAutoRedirectWithoutGlobalHandlers(t *testing.T) {
+	var middleware0 HandlerFunc = func(c *Context) {}
+	var middleware1 HandlerFunc = func(c *Context) {}
+
+	router := New()
+
+	router.AutoRedirect(middleware0)
+	assert.Nil(t, router.Handlers)
+	assert.Len(t, router.autoRedirect, 1)
+	assert.Len(t, router.allAutoRedirect, 1)
+	compareFunc(t, router.autoRedirect[0], middleware0)
+	compareFunc(t, router.allAutoRedirect[0], middleware0)
+
+	router.AutoRedirect(middleware1, middleware0)
+	assert.Len(t, router.autoRedirect, 2)
+	assert.Len(t, router.allAutoRedirect, 2)
+	compareFunc(t, router.autoRedirect[0], middleware1)
+	compareFunc(t, router.allAutoRedirect[0], middleware1)
+	compareFunc(t, router.autoRedirect[1], middleware0)
+	compareFunc(t, router.allAutoRedirect[1], middleware0)
+}
+
+func TestAutoRedirectWithGlobalHandlers(t *testing.T) {
+	var middleware0 HandlerFunc = func(c *Context) {}
+	var middleware1 HandlerFunc = func(c *Context) {}
+	var middleware2 HandlerFunc = func(c *Context) {}
+
+	router := New()
+	router.Use(middleware2)
+
+	router.AutoRedirect(middleware0)
+	assert.Len(t, router.allAutoRedirect, 2)
+	assert.Len(t, router.Handlers, 1)
+	assert.Len(t, router.autoRedirect, 1)
+
+	compareFunc(t, router.Handlers[0], middleware2)
+	compareFunc(t, router.autoRedirect[0], middleware0)
+	compareFunc(t, router.allAutoRedirect[0], middleware2)
+	compareFunc(t, router.allAutoRedirect[1], middleware0)
+
+	router.Use(middleware1)
+	assert.Len(t, router.allAutoRedirect, 3)
+	assert.Len(t, router.Handlers, 2)
+	assert.Len(t, router.autoRedirect, 1)
+
+	compareFunc(t, router.Handlers[0], middleware2)
+	compareFunc(t, router.Handlers[1], middleware1)
+	compareFunc(t, router.autoRedirect[0], middleware0)
+	compareFunc(t, router.allAutoRedirect[0], middleware2)
+	compareFunc(t, router.allAutoRedirect[1], middleware1)
+	compareFunc(t, router.allAutoRedirect[2], middleware0)
+}
+
 func compareFunc(t *testing.T, a, b any) {
 	sf1 := reflect.ValueOf(a)
 	sf2 := reflect.ValueOf(b)

routes_test.go

@@ -273,6 +273,27 @@ func TestRouteRedirectFixedPath(t *testing.T) {
 	assert.Equal(t, http.StatusTemporaryRedirect, w.Code)
 }
 
+func TestRouteRedirectWithHandler(t *testing.T) {
+	router := New()
+	router.RedirectTrailingSlash = true
+	router.GET("/path", func(c *Context) {})
+	passed := []bool{false, false}
+	router.Use(func(c *Context) {
+		passed[0] = true
+		c.Next()
+	})
+	router.AutoRedirect(func(c *Context) {
+		passed[1] = true
+		c.Next()
+	})
+
+	w := performRequest(router, http.MethodGet, "/path/")
+	assert.Equal(t, "/path", w.Header().Get("Location"))
+	assert.Equal(t, http.StatusMovedPermanently, w.Code)
+	assert.True(t, passed[0])
+	assert.True(t, passed[1])
+}
+
 // TestContextParamsGet tests that a parameter can be parsed from the URL.
 func TestRouteParamsByName(t *testing.T) {
 	name := ""