Merge d905a35c2108c13ac240ffb4e3b7c5f0c2343b46 into b2b489dbf4826c2c630717a77fd5e42774625410

chore(context): always trust xff headers from unix socket (#3359 )
Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2026-06-12 00:28:37 +08:00 · 2026-01-18 18:02:21 -08:00 · 2026-01-18 12:56:22 +08:00 · 2026-01-17 16:40:43 +08:00 · 2025-07-23 12:02:14 +02:00
6 changed files with 115 additions and 36 deletions
--- a/binding/form_mapping.go
+++ b/binding/form_mapping.go
@ -184,8 +184,15 @@ type BindUnmarshaler interface {
 // If the value implements the BindUnmarshaler interface, it will be used to set the value, we will return `true`
 // to skip the default value setting.
 func trySetCustom(val string, value reflect.Value) (isSet bool, err error) {
-	switch v := value.Addr().Interface().(type) {
+	if value.Kind() != reflect.Ptr {
+		value = value.Addr()
+	}
+	switch value.Interface().(type) {
 	case BindUnmarshaler:
+		if !value.Elem().IsValid() {
+			value.Set(reflect.New(value.Type().Elem()))
+		}
+		v := value.Interface().(BindUnmarshaler)
 		return true, v.UnmarshalParam(val)
 	}
 	return false, nil
@ -461,6 +468,13 @@ func setTimeField(val string, structField reflect.StructField, value reflect.Val

 func setArray(vals []string, value reflect.Value, field reflect.StructField) error {
 	for i, s := range vals {
+		if ok, err := trySetCustom(s, value.Index(i)); ok {
+			if err != nil {
+				return err
+			} else {
+				continue
+			}
+		}
 		err := setWithProperType(s, value.Index(i), field)
 		if err != nil {
 			return err
--- a/binding/form_mapping_test.go
+++ b/binding/form_mapping_test.go
@ -589,6 +589,54 @@ func TestMappingCustomPointerStructTypeWithURITag(t *testing.T) {
 	assert.Equal(t, "happiness", s.FileData.Name)
 }

+func TestMappingCustomStructTypeSliceWithFormTag(t *testing.T) {
+	var s struct {
+		FileData []customUnmarshalParamType `form:"data"`
+	}
+	err := mappingByPtr(&s, formSource{"data": {`file:/foo:happiness`, `http:/bar:sadness`}}, "form")
+	require.NoError(t, err)
+
+	assert.Equal(t, "file", s.FileData[0].Protocol)
+	assert.Equal(t, "/foo", s.FileData[0].Path)
+	assert.Equal(t, "happiness", s.FileData[0].Name)
+
+	assert.Equal(t, "http", s.FileData[1].Protocol)
+	assert.Equal(t, "/bar", s.FileData[1].Path)
+	assert.Equal(t, "sadness", s.FileData[1].Name)
+}
+
+func TestMappingCustomStructTypeSliceWithURITag(t *testing.T) {
+	var s struct {
+		FileData []customUnmarshalParamType `uri:"data"`
+	}
+	err := mappingByPtr(&s, formSource{"data": {`file:/foo:happiness`, `http:/bar:sadness`}}, "uri")
+	require.NoError(t, err)
+
+	assert.Equal(t, "file", s.FileData[0].Protocol)
+	assert.Equal(t, "/foo", s.FileData[0].Path)
+	assert.Equal(t, "happiness", s.FileData[0].Name)
+
+	assert.Equal(t, "http", s.FileData[1].Protocol)
+	assert.Equal(t, "/bar", s.FileData[1].Path)
+	assert.Equal(t, "sadness", s.FileData[1].Name)
+}
+
+func TestMappingCustomPointerStructTypeSliceWithFormTag(t *testing.T) {
+	var s struct {
+		FileData []*customUnmarshalParamType `form:"data"`
+	}
+	err := mappingByPtr(&s, formSource{"data": {`file:/foo:happiness`, `http:/bar:sadness`}}, "form")
+	require.NoError(t, err)
+
+	assert.Equal(t, "file", s.FileData[0].Protocol)
+	assert.Equal(t, "/foo", s.FileData[0].Path)
+	assert.Equal(t, "happiness", s.FileData[0].Name)
+
+	assert.Equal(t, "http", s.FileData[1].Protocol)
+	assert.Equal(t, "/bar", s.FileData[1].Path)
+	assert.Equal(t, "sadness", s.FileData[1].Name)
+}
+
 type customPath []string

 func (p *customPath) UnmarshalParam(param string) error {
--- a/context.go
+++ b/context.go
@ -978,14 +978,27 @@ func (c *Context) ClientIP() string {
 		}
 	}

-	// It also checks if the remoteIP is a trusted proxy or not.
-	// In order to perform this validation, it will see if the IP is contained within at least one of the CIDR blocks
-	// defined by Engine.SetTrustedProxies()
-	remoteIP := net.ParseIP(c.RemoteIP())
-	if remoteIP == nil {
-		return ""
+	var (
+		trusted  bool
+		remoteIP net.IP
+	)
+	// If gin is listening a unix socket, always trust it.
+	localAddr, ok := c.Request.Context().Value(http.LocalAddrContextKey).(net.Addr)
+	if ok && strings.HasPrefix(localAddr.Network(), "unix") {
+		trusted = true
+	}
+
+	// Fallback
+	if !trusted {
+		// It also checks if the remoteIP is a trusted proxy or not.
+		// In order to perform this validation, it will see if the IP is contained within at least one of the CIDR blocks
+		// defined by Engine.SetTrustedProxies()
+		remoteIP = net.ParseIP(c.RemoteIP())
+		if remoteIP == nil {
+			return ""
+		}
+		trusted = c.engine.isTrustedProxy(remoteIP)
 	}
-	trusted := c.engine.isTrustedProxy(remoteIP)

 	if trusted && c.engine.ForwardedByClientIP && c.engine.RemoteIPHeaders != nil {
 		for _, headerName := range c.engine.RemoteIPHeaders {
--- a/context_test.go
+++ b/context_test.go
@ -1915,6 +1915,16 @@ func TestContextClientIP(t *testing.T) {
 	c.engine.trustedCIDRs, _ = c.engine.prepareTrustedCIDRs()
 	resetContextForClientIPTests(c)

+	// unix address
+	addr := &net.UnixAddr{Net: "unix", Name: "@"}
+	c.Request = c.Request.WithContext(context.WithValue(c.Request.Context(), http.LocalAddrContextKey, addr))
+	c.Request.RemoteAddr = addr.String()
+	assert.Equal(t, "20.20.20.20", c.ClientIP())
+
+	// reset
+	c.Request = c.Request.WithContext(context.Background())
+	resetContextForClientIPTests(c)
+
 	// Legacy tests (validating that the defaults don't break the
 	// (insecure!) old behaviour)
 	assert.Equal(t, "20.20.20.20", c.ClientIP())
--- a/recovery.go
+++ b/recovery.go
@ -12,12 +12,12 @@ import (
 	"fmt"
 	"io"
 	"log"
-	"net"
 	"net/http"
 	"net/http/httputil"
 	"os"
 	"runtime"
 	"strings"
+	"syscall"
 	"time"

 	"github.com/gin-gonic/gin/internal/bytesconv"
@ -57,40 +57,33 @@ func CustomRecoveryWithWriter(out io.Writer, handle RecoveryFunc) HandlerFunc {
 	}
 	return func(c *Context) {
 		defer func() {
-			if err := recover(); err != nil {
+			if rec := recover(); rec != nil {
 				// Check for a broken connection, as it is not really a
 				// condition that warrants a panic stack trace.
-				var brokenPipe bool
-				if ne, ok := err.(*net.OpError); ok {
-					var se *os.SyscallError
-					if errors.As(ne, &se) {
-						seStr := strings.ToLower(se.Error())
-						if strings.Contains(seStr, "broken pipe") ||
-							strings.Contains(seStr, "connection reset by peer") {
-							brokenPipe = true
-						}
-					}
-				}
-				if e, ok := err.(error); ok && errors.Is(e, http.ErrAbortHandler) {
-					brokenPipe = true
+				var isBrokenPipe bool
+				err, ok := rec.(error)
+				if ok {
+					isBrokenPipe = errors.Is(err, syscall.EPIPE) ||
+						errors.Is(err, syscall.ECONNRESET) ||
+						errors.Is(err, http.ErrAbortHandler)
 				}
 				if logger != nil {
-					if brokenPipe {
-						logger.Printf("%s\n%s%s", err, secureRequestDump(c.Request), reset)
+					if isBrokenPipe {
+						logger.Printf("%s\n%s%s", rec, secureRequestDump(c.Request), reset)
 					} else if IsDebugging() {
 						logger.Printf("[Recovery] %s panic recovered:\n%s\n%s\n%s%s",
-							timeFormat(time.Now()), secureRequestDump(c.Request), err, stack(stackSkip), reset)
+							timeFormat(time.Now()), secureRequestDump(c.Request), rec, stack(stackSkip), reset)
 					} else {
 						logger.Printf("[Recovery] %s panic recovered:\n%s\n%s%s",
-							timeFormat(time.Now()), err, stack(stackSkip), reset)
+							timeFormat(time.Now()), rec, stack(stackSkip), reset)
 					}
 				}
-				if brokenPipe {
+				if isBrokenPipe {
 					// If the connection is dead, we can't write a status to it.
-					c.Error(err.(error)) //nolint: errcheck
+					c.Error(err) //nolint: errcheck
 					c.Abort()
 				} else {
-					handle(c, err)
+					handle(c, rec)
 				}
 			}
 		}()
--- a/recovery_test.go
+++ b/recovery_test.go
@ -98,13 +98,13 @@ func TestFunction(t *testing.T) {
 func TestPanicWithBrokenPipe(t *testing.T) {
 	const expectCode = 204

-	expectMsgs := map[syscall.Errno]string{
-		syscall.EPIPE:      "broken pipe",
-		syscall.ECONNRESET: "connection reset by peer",
+	expectErrnos := []syscall.Errno{
+		syscall.EPIPE,
+		syscall.ECONNRESET,
 	}

-	for errno, expectMsg := range expectMsgs {
-		t.Run(expectMsg, func(t *testing.T) {
+	for _, errno := range expectErrnos {
+		t.Run("Recovery from "+errno.Error(), func(t *testing.T) {
 			var buf strings.Builder

 			router := New()
@ -122,7 +122,8 @@ func TestPanicWithBrokenPipe(t *testing.T) {
 			w := PerformRequest(router, http.MethodGet, "/recovery")
 			// TEST
 			assert.Equal(t, expectCode, w.Code)
-			assert.Contains(t, strings.ToLower(buf.String()), expectMsg)
+			assert.Contains(t, strings.ToLower(buf.String()), errno.Error())
+			assert.NotContains(t, strings.ToLower(buf.String()), "[Recovery]")
 		})
 	}
 }
Author	SHA1	Message	Date
Michelle	f1a8cb5f04	Merge d905a35c2108c13ac240ffb4e3b7c5f0c2343b46 into b2b489dbf4826c2c630717a77fd5e42774625410	2026-01-18 18:02:21 -08:00
WeidiDeng	b2b489dbf4	chore(context): always trust xff headers from unix socket (#3359 ) Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2026-01-18 12:56:22 +08:00
OHZEKI Naoki	3ab698dc51	refactor(recovery): smart error comparison (#4142 ) * refactor(recovery): rename var in CustomRecoveryWithWriter * refactor(recovery): smart error comparison * test(recovery): Directly reference the syscall error string	2026-01-17 16:40:43 +08:00
Michelle Laurenti	d905a35c21	feat(form): support BindUnmarshaler slice elements gin-gonic#4312	2025-07-23 12:02:14 +02:00