Created RemoteAddr plugin (#1)

* Created RemoteAddr plugin

* Added CODEOWNERS

* Fix doublequote

* Make linter happy

* Fix package name

* Added note to Dockerfile

* Updates

* Updated package comment

* Update golangci-lint config

* Update golangci-lint config

* Update golangci-lint config

* Don't run double workflows

* Replaced icon

* Fix badge

* Fix badge

* More badges

* Updated comment

* Added note on package name

* Converted tests to table tests

* Skip explicit struct fields

.dockerignore

@@ -0,0 +1,10 @@
+.git
+.assets
+.github
+.gitignore
+.golangci.yml
+*_test.go
+README.md
+Makefile
+Dockerfile
+.dockerignore

.github/CODEOWNERS

@@ -0,0 +1,5 @@
+# SPDX-FileCopyrightText: 2024 Risk.Ident GmbH <[email protected]>
+#
+# SPDX-License-Identifier: CC0-1.0
+
+* @RiskIdent/platform

.github/workflows/go-cross.yml

@@ -1,5 +1,9 @@
 name: Go Matrix
-on: [push, pull_request]
+on:
+  push:
+    branches:
+      - main
+  pull_request:
 
 jobs:
 

.github/workflows/main.yml

@@ -13,8 +13,8 @@ jobs:
     runs-on: ubuntu-latest
     env:
       GO_VERSION: 1.19
-      GOLANGCI_LINT_VERSION: v1.50.0
-      YAEGI_VERSION: v0.14.2
+      GOLANGCI_LINT_VERSION: v1.59.0
+      YAEGI_VERSION: v0.16.1
       CGO_ENABLED: 0
     defaults:
       run:
@@ -24,20 +24,20 @@ jobs:
 
       # https://github.com/marketplace/actions/setup-go-environment
       - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ env.GO_VERSION }}
 
       # https://github.com/marketplace/actions/checkout
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: go/src/github.com/${{ github.repository }}
           fetch-depth: 0
 
       # https://github.com/marketplace/actions/cache
       - name: Cache Go modules
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ${{ github.workspace }}/go/pkg/mod
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}

.golangci.yml

@@ -1,15 +1,15 @@
 run:
   timeout: 3m
-  skip-files: []
-  skip-dirs: []
 
 linters-settings:
   govet:
     enable-all: true
     disable:
       - fieldalignment
-  golint:
-    min-confidence: 0
+  revive:
+    rules:
+      - name: var-naming
+        disabled: true
   gocyclo:
     min-complexity: 12
   goconst:
@@ -25,21 +25,21 @@ linters-settings:
       - FIXME
   gofumpt:
     extra-rules: true
+  depguard:
+    rules:
+      main:
+        allow:
+          - $gostd
+          - "github.com/RiskIdent/traefik-remoteaddr-plugin"
+  stylecheck:
+    checks:
+      - all
+      # Remove some checks:
+      - -ST1003 # should not use underscores in package names
 
 linters:
   enable-all: true
   disable:
-    - deadcode # deprecated
-    - exhaustivestruct # deprecated
-    - golint # deprecated
-    - ifshort # deprecated
-    - interfacer # deprecated
-    - maligned # deprecated
-    - nosnakecase # deprecated
-    - scopelint # deprecated
-    - scopelint # deprecated
-    - structcheck # deprecated
-    - varcheck # deprecated
     - sqlclosecheck # not relevant (SQL)
     - rowserrcheck # not relevant (SQL)
     - execinquery # not relevant (SQL)
@@ -53,18 +53,16 @@ linters:
     - wsl
     - exhaustive
     - exhaustruct
-    - goerr113
     - wrapcheck
-    - ifshort
     - noctx
     - lll
     - gomnd
     - forbidigo
     - varnamelen
+    - exhaustivestruct
 
 issues:
   exclude-use-default: false
-  max-per-linter: 0
   max-same-issues: 0
   exclude: []
   exclude-rules:

.traefik.yml

@@ -1,12 +1,11 @@
-displayName: Demo Plugin
+displayName: RemoteAddr (fix X-Forwarded-Port)
 type: middleware
 iconPath: .assets/icon.png
 
-import: github.com/traefik/plugindemo
+import: github.com/RiskIdent/traefik-remoteaddr-plugin
 
-summary: '[Demo] Add Request Header'
+summary: "Add request header for the client port, to make X-Forwarded-Port act like in nginx"
 
 testData:
-  Headers:
-    X-Demo: test
-    X-URL: '{{URL}}'
+  headers:
+    port: X-Forwarded-Port

Dockerfile

@@ -0,0 +1,9 @@
+# When using this Dockerfile, make sure to also add static Traefik config for
+# loading the local plugin. Such as via CLI:
+#   --experimental.localplugins.remoteaddr.modulename=github.com/RiskIdent/traefik-remoteaddr-plugin
+
+ARG TRAEFIK_VERSION=v3.0.0
+ARG BASE_IMAGE=docker.io/traefik:${TRAEFIK_VERSION}
+FROM ${BASE_IMAGE}
+
+COPY . plugins-local/src/github.com/RiskIdent/traefik-remoteaddr-plugin/

README.md

@@ -0,0 +1,158 @@
+# Traefik RemoteAddr plugin
+
+[![Main workflow](https://github.com/RiskIdent/traefik-remoteaddr-plugin/actions/workflows/main.yml/badge.svg)](https://github.com/RiskIdent/traefik-remoteaddr-plugin/actions/workflows/main.yml)
+[![Go matrix workflow](https://github.com/RiskIdent/traefik-remoteaddr-plugin/actions/workflows/go-cross.yml/badge.svg)](https://github.com/RiskIdent/traefik-remoteaddr-plugin/actions/workflows/go-cross.yml)
+
+## Usage
+
+This plugin is very simple: take the **client** IP and port and write them to some headers.
+This is done by using the Go field [`net/http.Request.RemoteAddr`](https://pkg.go.dev/net/http#Request)
+which is composed of `IP:port` of the client connection.
+
+To mimic nginx's behaviour of `X-Forwarded-Port`, where it sets that header to the client's port, then use the dynamic middleware config:
+
+```yaml
+middlewares:
+  my-middleware:
+    plugin:
+      remoteaddr:
+        headers:
+          port: X-Forwarded-Port
+```
+
+Alternatively, you could use the non-standard `X-Real-Port` to not override Traefik's behavior:
+
+```yaml
+middlewares:
+  my-middleware:
+    plugin:
+      remoteaddr:
+        headers:
+          port: X-Real-Port
+```
+
+### Configuration
+
+Traefik static configuration must define the module name (as is usual for Go packages).
+
+The following declaration (given here in YAML) defines a plugin:
+
+<details open><summary>File (YAML)</summary>
+
+```yaml
+# Static configuration
+
+experimental:
+  plugins:
+    remoteaddr:
+      moduleName: github.com/RiskIdent/traefik-remoteaddr-plugin
+      version: v0.1.0
+```
+
+</details>
+
+<details><summary>CLI</summary>
+
+```bash
+# Static configuration
+
+--experimental.plugins.remoteaddr.moduleName=github.com/RiskIdent/traefik-remoteaddr-plugin
+--experimental.plugins.remoteaddr.version=v0.1.0
+```
+
+</details>
+
+Here is an example of a file provider dynamic configuration (given here in YAML), where the interesting part is the `http.middlewares` section:
+
+<details open><summary>File (YAML)</summary>
+
+```yaml
+# Dynamic configuration
+
+http:
+  middlewares:
+    my-middleware:
+      plugin:
+        remoteaddr:
+          headers:
+            # if set, then set header "X-Real-Address" to the RemoteAddr (e.g "192.168.1.2:1234")
+            address: X-Real-Address
+            # if set, then set header "X-Real-Ip" to the IP of RemoteAddr (e.g "192.168.1.2")
+            ip: X-Real-Ip
+            # if set, then set header "X-Real-Port" to the port of RemoteAddr (e.g "1234")
+            port: X-Real-Port
+```
+
+</details>
+
+<details><summary>Kubernetes</summary>
+
+```yaml
+# Dynamic configuration
+
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: my-middleware
+spec:
+  plugin:
+    remoteaddr:
+      headers:
+        # if set, then set header "X-Real-Address" to the RemoteAddr (e.g "192.168.1.2:1234")
+        address: X-Real-Address
+        # if set, then set header "X-Real-Ip" to the IP of RemoteAddr (e.g "192.168.1.2")
+        ip: X-Real-Ip
+        # if set, then set header "X-Real-Port" to the port of RemoteAddr (e.g "1234")
+        port: X-Real-Port
+```
+
+</details>
+
+### Local Mode
+
+Traefik also offers a developer mode that can be used for temporary testing of plugins not hosted on GitHub.
+To use a plugin in local mode, the Traefik static configuration must define the module name (as is usual for Go packages) and a path to a [Go workspace](https://golang.org/doc/gopath_code.html#Workspaces), which can be the local GOPATH or any directory.
+
+The plugins must be placed in `./plugins-local` directory,
+which should be in the working directory of the process running the Traefik binary.
+The source code of the plugin should be organized as follows:
+
+```console
+$ tree ./plugins-local/
+./plugins-local/
+    └── src
+        └── github.com
+            └── RiskIdent
+                └── traefik-remoteaddr-plugin
+                    ├── plugin.go
+                    ├── plugin_test.go
+                    ├── go.mod
+                    ├── LICENSE
+                    ├── Makefile
+                    └── README.md
+```
+
+<details open><summary>File (YAML)</summary>
+
+```yaml
+# Static configuration
+
+experimental:
+  localPlugins:
+    remoteaddr:
+      moduleName: github.com/RiskIdent/traefik-remoteaddr-plugin
+```
+
+</details>
+
+<details><summary>CLI</summary>
+
+```bash
+# Static configuration
+
+--experimental.localPlugins.remoteaddr.moduleName=github.com/RiskIdent/traefik-remoteaddr-plugin
+```
+
+</details>
+
+(In the above example, the `traefik-remoteaddr-plugin` plugin will be loaded from the path `./plugins-local/src/github.com/RiskIdent/traefik-remoteaddr-plugin`.)