From 70b18933cfc1a242b8bee30a36b211445020f46c Mon Sep 17 00:00:00 2001 From: "kalle (jag)" <2477952+applejag@users.noreply.github.com> Date: Mon, 10 Jun 2024 13:56:45 +0200 Subject: [PATCH] Created RemoteAddr plugin (#1) * Created RemoteAddr plugin * Added CODEOWNERS * Fix doublequote * Make linter happy * Fix package name * Added note to Dockerfile * Updates * Updated package comment * Update golangci-lint config * Update golangci-lint config * Update golangci-lint config * Don't run double workflows * Replaced icon * Fix badge * Fix badge * More badges * Updated comment * Added note on package name * Converted tests to table tests * Skip explicit struct fields --- .assets/icon.png | Bin 24497 -> 12979 bytes .dockerignore | 10 ++ .github/CODEOWNERS | 5 + .github/workflows/go-cross.yml | 6 +- .github/workflows/main.yml | 10 +- .golangci.yml | 34 ++--- .traefik.yml | 11 +- Dockerfile | 9 ++ README.md | 158 +++++++++++++++++++ demo.go | 66 -------- demo_test.go | 49 ------ go.mod | 2 +- plugin.go | 72 +++++++++ plugin_test.go | 94 ++++++++++++ readme.md | 270 --------------------------------- 15 files changed, 380 insertions(+), 416 deletions(-) create mode 100644 .dockerignore create mode 100644 .github/CODEOWNERS create mode 100644 Dockerfile create mode 100644 README.md delete mode 100644 demo.go delete mode 100644 demo_test.go create mode 100644 plugin.go create mode 100644 plugin_test.go delete mode 100644 readme.md diff --git a/.assets/icon.png b/.assets/icon.png index 1a3770b0f9830a8557e845264352ae17126f172d..b07f77995bec8237b685d5f59a545621b8b5100a 100644 GIT binary patch literal 12979 zcmV;kGEB{hP)XKzy?ge8^F98xDkh~C5 z9)T|}gC(5P@)viT#V?6l9qzXq@8?M#ZMHYmi~kTI0vlY!RmBz z35j{d<@se5*4X$c{YB}Ia8g2sEF4%ugvG`sXV zX-i5Cg|hsdVZ}I({!nu!BkeSxKRGEFr9T|~g>>!FXI^tT?0r3*?M-z(9j$JcljnH^ z!l3BNEiBD1tw=~p3F>hRM1L}ZO3aFcb4IB1iMl33f0#L=q(3TYhoe70BueGk13`a6 zRbJ@Ff^uu1x4XIaL}y!*+vz|c3_yfg;~>Hc$|`KhX+c{dN`EBuN9F@lB<)c2N9Y67 z#CQTg(n0F?`5?kt>Z&?g8=yQxAq)VEH7=*1xTt(pVoDmzf++occIi)eQMBhBB5bg) zr=`BSqov+yAIBjqc1eD5L1{%wTBc6V(ac$t{^phbd_HeiM|#r6(X{jzGJsTTh47LPQo{qiZ4EVT zjkS*PQ4GQ?G1+-V#pNp@!nm-F(~v`kIE?>YlC+D4Eb;nr=#L!%KRPl5)iOkz2BRrEH@~=IRpyeVMx#kIN%wsB%RYI4!sEYw`GhSgRSo_9 zY1_j`4}6Tc#20V8<>D)@L(t!c|J?q{U$!xTV#({?2OlpeTBZs8dA(jpbIlF4^)=N! zogHqsiv&!8)s)z{Ja`iomH9=*3ARK?L0ZwD@Exak?JxY=@V0G9DYkRYU$yD{v5`S2 zz?$o-pfC$Z7-Y!_x2qXKu%QMbEHh_mX~k-YGlR)A-Q>gsW|;g_x&pDvA|b}Tp2=wi zR_=f^#{hs3R9>$K-9q@m`+1;3+WCE6sCNfwuI6Mn1e4221g5~kNnCDTK{*6dVX-YK zS*O#f^Bu}7C$kN5%IFV$ZI)#c5|dYLJP*FcMuwr9-&AvAc(5N@xsnKLZK!Q+s52Oi zSvh$n6)SV{ij*yQE1*AA`&jw|jKYIP*@w{S?>*gES2GPJm(xKArWmUgf~jozio%kz zgv2Cn7EG#*Cp@ZTfd!QL*`%a*ye)C%hI3bL*gQTu+SXXpPH+c zHbR6MGBTEqjt)7UvVINq)*lfpu+|?vq)42fu-8Ka{Y~|d=1z8XoN_wwV47KQv&QBu z%_}X3U@A>YP6#Hao^fS{iB_YK{-} z^#i4r zABKsSkj8g?uv7RaNa9;BzEaGqKtf0be{HI(?mX2J9FVvKTVc_%=7#$E>JuHOTAhvn zm=Mbw!C^65VwONKm9Ho$DoIIA)9E?QR%ukwpYSIa3Hl?HwAQ%ziZvVH>-86&Jbq|* zY;2;@XojOEIhtm(6~3V13C*AJ@nM(KNk)G&x7Xj>{g)>n6*l2J|Br>GFvQJOL9w= zEr&W&YFdVl<1~!X(}ezn0*H$w{gEy+aU2IVD)`drI5^y~v9|bxM9-urj3onxr`a3> zUvEDDbZSQCvdT3DrR7#@98m;>jLsu^{^U>vq*XoA1@H0k(dPPE!0YnzmIao%X8(>r z6$F#XY{|@C5(Jappr`SHsb4yy6I4QEaf>KKJuu2%s8PY!Z9n-%XIpdaiKC}G+b1U{ z!x08e{qBxa-JR|Kdgt#cX&GfJR+p4lLe*71-b)r$Kwe)8589NbN|^`Oojkm$(7d>l`excXEK=&9tz%K(Xz^Gzw&?7(4WIT_Sl1W3MXgdmP_va)sw;w=s2+`g)C{ekH8m1 zmBnJ+u=(P?o-ViB&G6wY>4krSuU+r%gzV$-PI`Tlsp**y{N`EV9orI?bBA&xWFjou4R)Hgz*`@wU!WZB0-zH8qTm z3=@LMU^J$rrbDq*R9gPz?;h&tXq3>?7CJ;dyg7Lv7?JOgBeVYG6bq&FC*$csOIi_4 z8O^4`l4bA(wfnC2w(4Vt;CxFagG@L3$p`=3^U=FdP?fD%wS3juq@>RVjf_HhGUGyhxoFlt7231O8 z^h7AZCMZh?Ik6=HNhhyx24Ro&!L6Ko~RD>JgP z;mJ^YGn-@edIMCe`+9otVAAVt5KKj7MPYn5TbqQRK%kh+fiN$> zkN10hP~8fwmV~Xo1tP772KRp)@VRGZ=8=R{a1cz1$pu9vkm<6PEVabM0CwhnYpOnl zyo>-+c1~Wv*(P|qfEik9+*DX<;;=!RU%B~qmGt-C&R2yYb+PfbhaP`XNe9GEsJSaO z)}GwF7L~0Cw&wMEdb>KSjvZ;JIcXmsBX9?Vf{Ei25|f}fEGjF{%FeOI z#!31oAAk6#Ljpr5{CMa$PZyU}EC%{R#OP_Vy#+Tv8CnQF#rc#`5h|gaBTLv&S1 zf(m$dXZys2n;cV+5R+2UR3oq(5OJobpu~hBQQ-L{CQ>8f1-# z{f|9e?Txk7Esb@9eZ7;D6I4cdT=k)kcvu|Rjyf|n^zE6#S4wm!$T?SihnDzJ1dd+0bWHZDFlzp$vJJUcfpE+Juf zXy6C8e9>SqTCEB21r5V+giWp9jD31&|FOddpw3=cvTW75jZ5V0G|+u{`y9JoU9Ff+s?RZQ63lqPDj%EwjYLq86qWQ;eP_yE}1_qd#&~O|6X>p=6o{lcZ@T;bhY3 zpnj8?odcEV@v)I-pL|3;nD7%1*rept^Deq{%Y~PW3=P&+9fyki>7H(HfMmsj)9rHA zRiCV{sWKRixp{?aH=cuY$7y0bsg2RoWP1xPLi8u>fGsH{BRe--M`r<)N1Tr3Se7G1 zA)GD0-v=errB`3SeC67yJj_5Bs*fMeoVf&GIAeFd%8NjVc`!`NxANZ+N#F7YM$3+W#x~L58LfyGn-tHI6u!2 z`V+PWw!OH6-q4VdhB!$JhZxSmsg}mp#`>PFc9(-Rbq)%rvC%+wq0?#icml4@hyUear1eVtJguD?2M+r&_KV)(4T#LEC8kk2&PjG`#1@h z0Lz+8=Cq8gyrR;j1x3lJX}YO|mcXRzSfoj%(JtzeJc!a20VA`uJwzD93Ve-^kJVS7 zJaS-f$EnuINeP6(4_liW+nSqRf9W}>FRt0Jsbb}7n=NqxWAv2o?j#r}PDA>G0P1XO zYHh6RYHxGe$4T-qA()ItQ)+r<08E9&$th`^UN6@XJgQXJ(2`hyA&#b!Y&X z*PU~&V|=Wkw&sOrpYZ$m@T6P_IEb*emZnp!%{%`3az<7*)buM?t+OR1QqkW+Zf*!d z1U;vc{#;H+XInGWnY!9r;Mn+*rB7!&N&49s@>EiFMMRLG zp@`9wv!<=FajQ3Mdg-}sEzNa^bR&o`kH^#A)(T%c{`v|;*t(6ISFKy0U`t&5^d}ro z4ttHiz5FyZVS?XXvb1p1*2_9t1Cpt;Z5m8IJeXJ(q6e}YluS8!MJZ_+Mw5|B(#qpX z9sLnxOa~kJ{*V4kc-r7V-{X(`Ov;LsQN|c%>xEZbarO1HdpdetPUrC8P)lQjODa?! z8kilY+Td&Z>#w9|WI}|k-LT1)n7C-^PdJ{^fque4K6ZFFw3w!q&6t?@;r@ZDBZqum zABkkr8;nUQ5KJXY3rir)83X&OsoO;zi#lq#c1$XH!Gnq5XRr>uMzt=JN)2&xWs^Z@!k2mJSiNar2f0n{BbtpKwwTfquNh z;ppw^h_S@S<|YPL`*}a_^Lx=?N=#0HNSXpuy2)auU1nl%0q=8WoOU&|01j1TIUWSd z;9-rMEtZN^YgVjU<94~48tV@2+tW~2<8(MAWmr#F=Z@E3d29RY$tkI;*KdR}EG<1l zxZNY8#qLhB^e3f1NRFpC(9h+x_jN<9sUFhY_~;1iiOFao@S7VFl9HDe6z3I|LY>JJ zNKny!8(DdWwKg@hWGw_#hL(~AP`RZu_z+f9u7;EH@^s~O;8gznJtkkB7#Phwnan`ZYqXhlm?B4Sp!Iw#bh#-Ew3nBzQW@P zI3o`3+g*L~xP4p#VNk*C>plIC?Qi^Z3Sq0)ZP>7ROJ-&km@5rCfAlAO$G!B_?6S%cny z4pE0Eh`xedJDS-*6gX5MJ-T_4mZ2 zWN1j9d)@^Z5MeBsH~JHfC#n$U^m&|~i%&?*$uG(+C{EAHo?3rkBf88)==}UF)X)mI z{=5)j%}odQ@2NU|Y)qZ_kNOkB$cFHlPp|pI}?HX5EH! z&dn<*n65oTXFSOZD!K6t0xOU@7aO0Dm7AXj!IYg7$ioEeeEZq(b9VNZkVLtrr2yge zdb--%5A550?8u?vp&>NF;^O01u3mf2maTaOg>c5Tr9a`v;HqoB7;j6;EhtLQ&W*8J z!@m`+p>?KYX!(8quFejq=^r_GU}$I%Q5gh6YU8DS&`ct0C{ z&K9zU7S;#G%oqKUEO&xH(Jxolu!H;e4)*s$Wozw*O$CL;2>MfLJb`Ea`gWB5 z&I0-)%+TU_W^kb2>+vQfCmW1LZRt-qZXC^=Y3FCd&smiIA`+s`0wyITHA3_!95*fk zxv)q-8`-j*f*3tgX-DFwVix-@>Y9hBYeIj*=C~;Ror$}sM>IxH6W<{hrN6VD{%B+L zv@o7#_j!-fUzGkdS~{BxO$I6r4Wbx5twYqcTBV87pQcM^b3Zus^hfKa(mCz<&pwC? zFbO%vR&5zN?`mpkhjLRfww=$J>yFCBbin`Z7kt6F{z8PC%6xcN%=>@E1Ym{sas1{x zecAcs^v8~k#5{TzJ}^gE=<3|dyqAAT4gG<(CiZ_GK=mpy1>Ex}S`p{wpZ);vH}-Wg zGzT|6B7-XB^v8`1=udYbF3LK_(1Hq{!1c6Kbp&`Osg}-w-^X^JqPm2CbVy~49y94; zI$KfKaJ#Uglv^PBqdzpKKay)=>5sY-bo8etvR)=m z|R>Rb9!?6)45%S*|J;H z_vnv}pD0=}*QD2DXsMOttzcuu`r{#8^Li#rD&)Ub7Z-Ry)r*j?Tn<6l}V95A-K zl@-(hVcjlY*(%gsg^!tD&(<6fPO86T1>g)Qb)vNnIPG%-H`LE8UxQFan1m#(BF@bN z{iW>M9$&RTcww(KzVWU4C>UOTRe$Il+E4APAn6S&H9WQW4 zKbd=?Y{||?UZOIdbZ@_^|Mi{1`}98c8b4KtN{&6)KR?Da)y#dNq=NbBHkAwB+`P~q zM#UryQ4c2+3i<;`4OfbxfwUJD#g_Q}IpoBEls?4B1U;aa&af4&Xv(lF@F(y<4xL zT4owN?+c@=&I_K$>-6*)S~zrt^&sKze>U{A2gkz~n>g_8`-IJSvhuKU6+P#Gp`bqm zvKWHOE)*GB0EepDW9*LSL(aJP8gTu$=1z@?qg(K1B#PW{So(`ORc9C-oU>DAwr`|} zvTfQ%ev^oN>tB>fprH5gm#f+tVr7LSy!LI^5=dTNnQRhl3Lc?+IUZ6M0fLQ7UK zI>ekf81iR`s-klB^d}Sm90C0Sl=PmL7(Kb!R8*8zZk0yb)rh$l+7NY|x(MX^O1MfR zZz>@fA80^-!k?THLt{Z=^oX=9l(J3~qldNArR7ZoH>9M_&>~z#K$s9p>5mCX|01#e zaHxuWh8B>Waw;7dm!TDY36jM{+8DhMNr4w9bTN9;4PaGuN;j1x{e@KjlH_mU08A#P zPU}_EpLydFHK#wFV@&57mwB*eqDMR_nIVfjI=!%QcEZg;)j=RYeAWbSYSx^Od&*6Z zj?u%aHomm%kU#4<-RTaQjijY5c0SJLPtOjX=1)!+jT@hs%%?Azdm9_iPDkd*(OO(XsqMgwA-`?k=YAq$*_&?hjBsFo1Bt#wC z7fqa>=n!>`7glv)GsR11TA&Ib*C42yl-8aE|{dhJhf z`9(>Um~`n(11xBXEG#u~izh>ixFb@cltl3*$k3v4Q>owImMTL_EtqGU<0B&lMdQgW zApKE2`h*!;;p=0R8Cq1%PxYuG%FxmTTtd^7*H8k=NFq+-8d{1nv>Yood1fs*5bh(I zN~TDB?GM6FN3Z&t9~v_9*tEX?hA;L*jL|2Y#@Qm_l8ZLe*ReeJnD9eBKGF5H+r=7$ zycC3O=nw8lo1%_Bngh^$%D-Pk0jj*)4ztJioN#h zAT5iLi5-%7lDr^#(KVA>E~nbv$@IW&tRPMm+9kv0RYwOiPd3TZ=0il~{s9@mq<4rw8`fU8^|vd{aOl%R|h zClNXj^d~GDO}M>0wB;8b^)_9B-i?l4TMz}EMeL?6?!oEN*0pT19k%JdXO`}blL#(IB!i;|D zOv+m$t-O-cAE5^%cvl?7vYpah)LEYwOcmCid16?W*BcpaWAt<^Z!oDcaa9~{d;kCv zSxH1eRCqpIf5(d(1-m040*q6aq1p6*j_S{0C}Q)8{6IQ&mHYOxmTq z`g`l~y>rWU*7)}Oo}$}D9rt`pRBY^h_!Tv~sI$WZ2|xKd+NefZm4tZ%^5KGteTU4y zUm_$paMf4XzkERIPobedRIUdDM2|W*KlDfbco1g$geXAr&QGdsWD(9YMy6;qpkOFs zEsN54;t3SLkeU&aJ_Q>I~uTPI6Ba7a{sXJ0@w1h{$KlXyTa ztc+xUcxbtK+eKYkY7x*MZCs_gUDV|lLKLYem;%Ji+}GR2BAwA93tVwHW4#QH;bMXUWe2zXGM{xsZ0opjEW%Un)0=*tJ@m>$`Ov*XDrN`4`0W3@5JLGxbbYc|B7%LV1g+Ece+X<#i8Da|%&sd&1 z))Iqe4-V`6^cyYGF=e#$7i^qm{T3?-ZBQbAZJvvWz)QziXP0rw{F8bEuQx=rhE|{~ zx7EsMm!K>;o~+42RDlue>k?d_ixv?%Q;LX?`wmIzk9<-98T|=P5mBsO(vl~`Ve&`rQUIdMwI>*IsJw2^RABmlo=YxIa3y+H%|qKHOSCX zyNfz)i2D4{pU{8GMd^=j7j@Mk>Z*#_DyBaY;|VM62n3ZtVnyjMN`GYZCy5TZC3%ie zP(|r4N`F}T69bE!{!|$n$T?FPqo=+Aag_el)1Qb6=biqvj?q&-XEa4bwBFuA)h_B9 z_zp>=9VPvRNvsIdU(D_|45z9?LoTp|r$iwk;uD-V{E)ZW$mx&m>oDwiLOvLW;jQuB zuimAS{=lDq!PrOU8ZKA?F26}mluAlF|J%>;jmHsVBD*2Hd_xD;s z-K`QW$;=X)kQDcwpW`G}!Sm}I~g2S z;27nTk(xn#5;gs~9E^Q9WPc974;8aE}ND zdnnm92as1>CfBj%Ax00!{It$b0+j`!N;8_p=mA1#QN`#X%oM^&k%A3&D_4!}Q!aA! zhu-uu67(m7SXq@vh4m-Dp$`qJWS%7CEfX3~p)Fu21ZZ!>%cOrrAVggbRoc=YVZC^j z)*qp%DdZ*M3@vFLjV4F|uj=6*b4?@`PSVDI_yTZ_2XESwp6^&iQBtV_yqb_oaZNO$uih#A#Q(-N#%Y(E zGm;Q>?t<%d$)_J=@~WC@^1cpNyapMkca0|XX=q1eH0A+Q2p`N41b{EA4>-`uye3jllxTJ!IGRs<~CAO+p>4GgnEZHT%Q z(M8ftCL^)1^e1aTkY{MAUcgb{_2w5KMh~NE%}0zL(f)^#2Nr>(mD`+_I73S-?=jW> z91E18#Y>x_^BbclAqtoXFR@8kh1d?D=L{R7uIW;jJVQyT&I^*ECHq9oV}=%kG?(Uw z3ISTu@;Yv&*!b*Q+88~a;}}5;3Sl+1J~MZRfd&C;Hho?`xTHfufACkmK@t5a*qdKV z`s2M5j9~FJ@Xu^VX3u6rg2q@@e1hM{dnPER!|M^X0CYNWzdzV_l-l_@?;+~?kKZu- zEo8S(_kAz$iRr<{bjNn-|8&19>?Wk}552*t3wQS1aWy|YXXvnNE--xWmyxEw;jgR| z_QQPD*DW{QK^3At{F56!jVH*5N|%zE^oMr|sBqC|XyG+t&C1a-D#M-S+@p~VQI`;s z^B35|_Ol5`^0lFfQp(X7{Unoe0Q6a%9jWYVvBtr}9 zrV<_ehRb+cs^kKhDCBAG=i7gt`R?=wW$T%Oaz=5Co;raSU&=*#ONvy?6f5;M&n6jb%%~vx86_UG& z@{)5l+{fR2UC1T$Mlb~|Wifj4QcxBBc|QHb{q_sOOC-N?f+};wd#b_l^5eo!Y!AMm zFRmoVRd}EuFj>UFIx`ZK8APsv>=x}jO_0KjABf!JPqMBQ8Tv!q;lk3N*g?8z>5m`- zhFXW!WX{MJL?e@+j9HUd6u^pT5fL>pdN|z$7pF?TO2g2UBg8xeay+Pk^@lc678R;y z-3_YgPumzh37ksk?t*GZ3`NOJbhtAfRmfe`Wq6Q2NP%G77A>TLR2XskGrjg0SG9Z2 zUbEU6<(C0#Q^F49Jo8wWEb_te{l0ae_+A^9Ak4|W_6_W2XI6O zWVL(10D4i1a6b{$(4q_Nr=!0!3sp?$KJQu=5n=F&6!?AgkX~(E95)gDVH&~FU+6Oc zgWX&f@D{KHrD{aHjZ(5NGeD~^hZ}TS~>llL8xNp%F0F3 z`a_cp=`QLhX@Xp#AzSd~8G6x5tEFkNi#j-SfCbR>XE?bVOuB;~`x8>Vg)6D7KY!s0 zuP`o*<8%k#5kW#+>QscPNf*E2@(`dJEg?6Yl)-GgBIJwh^-ObEWWRKvsbW0RBBYMdDMe`OFT~%q0eTJRk31mv*}lDQLu};nnRbGWjg;0 zA-?#gD&fX!*n^*(6t%!*7l@yz-A7KM=`Z0|-(-jTf?x2IZ*qR)|B=w2oPQFG4V&(} zfod%L=U?x?;WnxzApYU+FwGR3i2+-R{*k|OE=|UqnTIs z$^a<^!&MeuSzTRhhE_yy6><7oDCHe%{gFs3hP;NBvMHe5MP1=EYbpgPy9O3RjGlJD z!iA`Z+gcjb&{85z=qz?#3sgnkF$vBZ`U~mRo=>aM&QD!$JMepgbH96-(#q0wxQW zkwZm){-Hkq*ieXUSX!zQ1iqeAaI9#=kv`lE6nAa!r`42RmS_=?g()I(=22m^hzKbl z7PN@S8D|wnYiMBru}F%DoRL;xl>Vah7YQni(qEMRBH|#8*3gR5pY{@KzUfcxMnVjI zK?<@MJ*_gdNVc~)yHUl6H@A(_UzGkdlUPyui_%|YB$jp=T2cD@Y|~$uy8&qDreZYS zMV)%Vo1qF(k6ebkm&Jc`u}ST(Ftt@^9*rv(!x3 z#F6(VYYz%PiM{DRRf53z&a=M$F7oqPYeLL5-y?80P%spTKn*R1X*+z(`E-5~C1z0tDF8_-Wg=TbG72h;jJ+F_mY_Vfxe-MTEwb&gq6ay!z`}&6 z6WIS)`V;R_BXS?$=nw0iz*cUI9`aO(b5rRK>|orE;0Jul5@z{%v~H@9ML&ZDTzHcZ zw0z?czP$!TWVpuJ^riYszY!u&ZD|ZmjGja`=_1%i513*spZk{ZlgXO>-nQy9L1N+P zkKOem80np}o|c{K4**L=hL*{!yXw2b@A1VjU7{)^mIRE1a|YzCA#Fp{v8ak@ zh&qq2r5rsdtwKzU9?{K^aZ4o!pyn~*AMA$+VjY5EhclB=7V1#|BZOrPHzT$!PkUK0)wahiP+B9)UWH@kZe%yvsq=5!ixwD5R;7S?~~b zIjc}p`Xd>#s8Xf1RVa2NF!P?F6^<%xGqj?pnt!WMO^lv48Cp`Bb0jjfqQ`tXNEbzh zmK?6MvHn18qH)8Oh|n0IH@Nrh3>liG%eahu)YxU@n>JoWHQbX`d;Ip{g`INWV7I5? zXlPH%b*VWNI+npG8Y?|)AtO&jg^MCVS&9p_OiT*_AT!2?(XgccN^RZFbwYQ?k>SY&=A}S?ry?==|IBSlH6z>%jBXN7pB# zu9qG0HA3n*y32@{4#1lc-N59>&@<@4y;|Rc%GXD@E8kB4fLBiB=e_G?fwQF#zGt^T z-}t_jGhIdvajFmeO`L{kst#S_vcj+c{_;Rw=TI| zMt!l;Jbit!ez{M1IOZ~Gzdk(i4?N&ce>DI2 z_PcG_Z*p86iBZw*;lo^lj90*>i$TBZ(Jr3eMd}+zddZpgo;GC}Zhp%x+Cb>UZY=B62Io64qXph}?m>DQmD-e*9^ z$(~eL5#jr8JkB3ncILce74;JzhA4c~D%(fP$}2ku;|1-`f$4@G%YF%%DEY3(+v>`~ zC)b=T`R*xg?pMrBtL{(4BHGNpv$xeR_2hgHQ>ccV1L_OL!_9SRWmqRFw- z?%_8huBEi;%6g4pB zUWTuLU3jlxJz&H&D&rk?$jT8R9c&p}y%BWh2doYR4yuFNl@1T3G-_(pO2+ zrEkeGgHh&qr9;Fz-;EG+O%@7#!_aN2D zLPo}J`%qUt8gu#Pmha5gF%OiqfN$%`AkjrsO8PZ2ZM;r)w&t!4+h90Eg|cMdZ>SJQ zRpm|X5MGP7hC3=We}mY$gI=CQ6%@tqU(SIxsT9Q*t#hv{W*Ez6oswK@8}FX`;e8al zPK;`wUnHzg<}u)P8shGRmAoF~?kIWK0~U6Vxa3!JTHI}#0}c_}gZmm@0dqpcm^?}^ zHTueuX6K8>O5KdoD<~XV?6wO&WXf?P9DbDY8`JKViDGO7dZEp(3I_$k*t=2{ZxA*! zNrDVx7ue^z&+=s%p~c&J7WH^g0D|5Mttftslbrb&+~zyIeND|S5EHMOfg4jc{c_O> ztS}EK#>UzUOd^*YWg)AOK)RL@OEt6gk5_OXh?q>83U)lt__~}W1aT$U_FIgnkWnXs zF{#65aST0yHt^ByM%fw0ysEZS@^@^uZsa$sQe6d;FFjY-szx*PJ}KrQ-QN-5Tas0v zzTQ8KJ=T<@ljBjnV)cTTK8SsZ=$ds2ZNN$4a4v~V`oN)xl5~2w+g|jIB&@>N03;#o zsF}^JQcTTu^^DFgB(O2Xkelw`y-So(MTg`?QDLB1h@J~Ry?o6Z7sFmLNG&G_q9}vovIS3nA z8vny8J&bale7T+o5v6d@|5lncS$_B;@Ay||u8M}HXxiAX7P)&Av_urKkapE$4^D;C z@I0S^i=aLxzEA=ZBa;#ixmZ*ict|o?D7+Ts%^v1B&!50C6i!zUgd|td1}vF9l$>$CMbd?A6a1z=Go!Li50QNyQ}3MLD%O|LlL zSJpOg*q|@ZL)+FrWDWj~jS@#K>yMb(#R_VvAg&Y3- zn-hGnL@Owrp@8xCm#8TY&Ja+Y3Vu^vq>q@6a9Ul)WEeo4sB+>MgAIzZ4n0ZTLnw_@ zM~u?|NZIWnmCiT7EAQl+hV%k8OzHP?$*G4-n8DDKVWtdIGZwszVXr$z&CD|W-g8F^+1&;P**tsgM z$}|j(9ZY}@8%bZn8HEX(V@uiv5AGh*dFLPrH_~2R5fqt5KhCOsC{#OQ6&RO``lC_M zH_M6Ku3`PEei|g(A z&)Z+19DW{i2@7_P?5e}aq2m|Hx8M?>;!Dfh!!~Y1wkvz!eKLj{So_d5#xkd=)=Q4ByaLX8^OUDW101|4}l1g*G% z`IGkxttR|%=umb)_Rmmda@mLOY{CN)TUY}H0+I7f9i>Kmm)sit?tqXKrz|-dthPlR z;>o&v$b8D0fZlff)9iH^Jb_|CDb5-J0tpB|nVa-Lo+yBAdYS!sZ!-NooyLA7?Vz9^ z3=;M4UvEJ&Rh}weKX(2IK`&6?v&fw_f<}eO7Q%P#@#Ld|d{9{B=ndbmr@xlAU!pOi z*@PK^xTk#HiqGimq*{bwM~$yl6jB7z%Z;;Fr0BD8;0#w32u6K?6Gb4T4-CY&@8QC5 zlp>S$gx80ZRn!@vC0UkYIf-Q&O?EB%IGUICnGZb~*Z-3P5AAX5@LJ-P=aF^BPJ-u3 zkS{!WA-P3=QS^CHIFuSv5nPi>m^fz7-F|AC z>DJSl*Z?+%zz6S6=@0D zN)oM7iku!b;69t>uDj7m6&io^n9Ud_2;|U#*3LvL6e7qGXuG%omf6}DorHnC7<8#v zMAQ!E5-21`L$sDM(%LFhQchZx2$X6iX&?tN98r@h=%0~LlF2Ibwd-0AyvnMz>`EQ z9OYyL&Z+u^Mp(pQO}-!J=eJF11(KS8TVrP69jdPqkV`&Fc=U5Vx)O4ahLkQX<=}>%dgn~4p z(0a10HN##is$4hw(6}nLIUYfJ^vX zzBkzz5dBdSR*`woz~hs!IE^3hcHLwDfj*u-Ck%xcb%n$NCT3m_LMtPY6nF>*CMZdPxsUBMzwe3(SB8}uRr?sISR&#E4$uF0$iv(jX8elNF z#x0yN1~jwa4qM^W;};DKG)^(04QmK5>Nfra`pd{o_0KBKK5wL5I8(}B*+Xoqu3_LK ze+4(&Tx{EhWIl~V<4jz82_V&$iAadhi#3Wn*M~Z?f9jGsf*Al)@CE5bD$V8iDufx@ zE=w0dn7qiQE2m0OUxhxrh<#8nh$?Jqn=|WiDooz(67{E~(vd1a5=|k6`Q{W{i(+nz zCS#X>lw#`d3WAlK@fwE3g?%So)5wyENifSCh3HlijLU=rhSxlzs4Ub}{Wm^-hrRg; ze1j$I57CCJUpDh*W$P3)c(Zs>W{`$oa3b({?ziC-@b93iIL`o4IKkET7gS&Q)6@0M zGnO;jD%pm<-669{TqurR6#Jn|B+Gts5Os!vw+cqb`LTW}N?fsx{%iYCNihzhDcJ?T zRHHjX3(g)>jeklxH6;mKHll?Zn@qQ8l4`fjKO>iMzTRk^B4u1HFzjd^!I)?cLK^Ly z6llU3g$yx)utkMP5?8mvtA!JO7S6nSyICw>Sa^=&2`$Tv=U)h2YSihJaYr5H2E#7m0_d-Ty*SJO60HC>Q%r<+Gr zT68lgiF<0M2fpWoPVa!y6^>q=R7y$mP7zLg9@xJ zWa*6(3_O((z(wIG*AcC4$Y>HXN=CpYqAe|%kAMSgdyg_UMF?W+FDLAC`_Zpko-ja@ zjT$W~;@RCKPoWV$2aEAE=_IbNM)K;~%?HLM1nNVK9gwV!Mxc#xz2b`>` z$ncX{CJKVMhyLfciRK}&Aj@YdIlE-lk8v$8k1ZQ2MPiyRj;Z}D)_-B~nhU%vUhGV20LNMn^o z4YCY7n-!TjXd%FZo|wr(86<^^>5&0Oql9vgt^ebN)5?#(d}z%jO$V(QnZXY%?pMGm zPupiyu7q51GBTZYg^^$jjdLC|*vUv=i|P8kH6-hV9W;qxg(4gew41`;VhwQJy-ehy z6@~;I3)2ndP}UKz8%&aR^9#nJ{jRv6v`k!;`xPS{#s+k07%Umv&0T`iZR}C1?~T|G zNC>g$Ut@Io=rv*QAl;3co(k9yRKcBF@F-VTC7|lqN?@DCbHqzBv;fhL-%VqtQD%me zAlT9FkSGR0=5^)$=vMf6+fx*r>39HnMP%W@u&<|zj5gfMUV;Tl zO@7e<5sBYD&!uB+K64Q@jO=pa5CoS~t~N^2k4{FoeMxagcnDPGR1A&rqjuaTbcB`M zlDe_KHz1}x8P0a6BZ=&`wF#)Ch6-T7jVM){!8n%y`xOso!&}{Plf{WBMHZeHEWVlu zd%1l%hjE9Ww2{$2C4~ouDhk!iqBxrQoSuotVFLDD0j^ZONbUmc7uvlMe<@GwbXF7J zX~8DTSQL}a(vMyO37*KIMp?{HWT-k|BQ8O-uoLIfH`*mLtJO*Szw~jh1CA)hM_Z%O4>#F@nB3Nm9MiY~P4Q*2FNV%50{e=Pg5q$>^`z1!#8_=+wI^vY zs5SokjNY2UO(Ism)js1%K29gbWNCs+HB-NWVqs%y3v++BDHZCVrN+hHd;BA z9kRG(E3^~fxPDrdfbwPDsbx)v_4F$P!5D<|1)pVYQGoyrc9|bC6@!m?N=gQyr+F(L zI)v+0y`(dx6?n^65$|rsZfLQpBYB;gs!%}6nv@GN2a(W_67GqoPsBl(vAq;#lIu1I zSyjN$HatOWLp~#EV}ykzbz}{~ft8hTOKSr6MLk{u)eWd-{6#f`>rJ||)$I8QB@*x3 zy*Sit7*T@n=QZOBCXoW<2?z!L_noC(K02cu&83tapk7sY@$o{&F=0-chmfn6f(@BY zRsHvA!E)4fmSI?@q>rVwn>h01jHg>e>6EN(A*QFba7%i4wS$MY;BQ&aZBc)d;VV8g zES5xVg$2S5!b;){2!P>N$e0SaPaTOi+{`!fS)WHJko7#J=#--EU^OU;^?j;>`KB9q z?5NKTQ+=9zuj9vUJUxQVhp`fguahIWxG6-LQC>xQ>2D5*D%?`bA^ZJO-=JX2K4Eui z?L_re{7%%6mgs~-XjYXbp4dlmhgd;CEG;;MR)=KAzq~3x_KU2{WAAObKF=WS#6Dz z43j_#s?0YnXo-4lH}|~ubn8h5i*OA%J=3Ul2poNGAsH~4Mnv@&P9cG6M+?awAdJkVi=~U z@<}@ksG}!V3M|(0F7PVAD5x_ySCB9Q}U-_ToNZ2 zXm*9HNgZ^NByPbd`L5u!#;C9%hQ1{XygwP36Q3}7f+T~(Vo4S*=ml#pc>REwJE0QU z)Vd7nnsS$An8rO2U$y$EN&@Z}baF_M4nJE}eg%blev^x_X5*am&9!z|RjzX9+S(W0 zt%xR}9TWy;wlPsJZj8-CTkNgV+z?FwF^8k^u)>c5(_#JXcR#9RLq;s55K;^Exd0oJ z4+uAvtJoduJU_{5x{5joK_Fhc@*#PG>^hH)NH{2cSLy@Q4PF1FeaWq>oRt}ZOHtL* zO9rAf$+@Dc=xWoVr1PcD9lAWPdG)p~H%l1On%4ksnwV_WEiyV2ih8i)Wd3DpN`a?kWY7X2a*>CfbJ9c!rfG2f)af zO1+g#aXc@HZF(Rs8d-TF7U6c*FG{YGD(0Sez3ByWUVhea1ygYPNNMv=vc^`Q9-F04 zc7Dba_KZ+weMnaG@xeoR*1JR#4WvL*rb@A}LzFF5v+ldeTEPP!-O@9E?CWNii52iL zTsPOi+Bv~dFj3U1SOQjC6ZfMvoGWv=KER2l9AB696VygfsxltH*jF!2=54mwQ`W5= z#3r!g$X(c~rWC$l7-P)@{t#8zHNX+tyu99$@5q{)=$`9gi6>RB<`AuD^%6fAr9mgf zUcy>dNg{+K7f<2Il$Llh#6V*t9w{vNGOR%i^>tR|5N<>~C>aw7#aJ~6A*X+r0D^z8 z!b9NZV}7FIe2uUmT7vMnkBMnxJ2~b(P*PAAm|Wf6_8x)p9x63-<&F$ojy%PXMZ_v* zsDve+HVCf$ZtcmCSFZ08)K-RSxd(f{Tn5;b7S^!W)Etm13T3hjmWOFUe=}_gCmC{UKI&qvAb z11Plm#!EomXC$g*)RM%UC~0;V%H|t^{5*%R6V}HgcFvS4;$7dFqZpGoqa6$jTv0=S z6=|w()GEyoIHbk&ifkkt5kH2OW=o}7?e~Z1ot^>BZ^Cs4QjH&uBgzsOo^z1AHxLz( zXI^G6HfmIH4SL*CFwnt<9kRvrHJfYiMBwl~6Ac%hoOzCmez8WflXzO%*o{R_dyI&tST>#S} z45*TdhtN2#Yo}ELhmEW19Y^~)$|#^0uynieUM&}Vo~U68s|EYRx7XCqgOs$mXX#%g zmCYRA&`7&yVIl`p(!*iq7gTaJPwFc8w>omi{N?D~wrkI~CFGSVT{jU)WStW-1B((d z(U<)kRTY%19Z;nvoY<1g4gnih{HOiSqLqkm`7k8!QYv^(e5kxK;1!yFw%`+fxL4y{RXw_{ZeXMWgMZyEn3b#0E+Ds(pjR7D z*5dlt2RJ4W&wZhI7F2{Qj<$JL9g<|EnXz^c(U2KGzgxRkaWhI-i55^+3r*;``FAQks~ zl@O%NWe8L>*(xErzhvoUBzf-lx>c8HKsDX&j(n?Ri2=hYhYTXWT+xNLxN%MicIpbR zAe#axe6FDds%k2X9!_hvY6V?AVX3?Qo*v||HH=3Qu>G))-JzNL+`tpOvC#%OjIH@}uP4j#)?y#$JUK-4WI#d%xBz(?858UK`T0=HD&t3a8kpxx9~R^(J~ z+RXuosgj)*IcG^U>PYnPOT0t;qL@BVsEa{LCnV z2R8CY+>Ux*ThqHVHuT%BCFW>S&sqgW0}i_vj`XXhk|3OC7y zEUp%-34$Pd12-7Gh$2GPgaS5&S&%fuW!q0zf`(KneXx)+Md|>%8I=^tnJ32ia3OGr z#B$DuV3LM3*M3ahqEoQ>%?2F?8OT=auP?3+*miW*ld#;0xng>Ji>XO^uL_aw;WCf; z=3)w)8sBPM=b&%o^8#PBEh@8atJbXc?eY9*DRG``JKc|YOSHi3DsaiV>N^mKrY{R2y+utJdLj_j9{71oJVty%sSB#y_ zpWhtw`qlN50mv1-QRc-1Z^5o1$Semvo>cuKs^t+Vo%9bk+@FC*f_yd9^{iO(3AP$%X_l#{`}}jXN`(L}kiY_HG)dC15(N zc31asaoX{{)tRjc1zK>VGa4rr6#6$q6dz=E5Z~`9IT$nF2Q{hTr)AHxe<+f1>BeCb zf5LBL(+NV%J1$Y8`T(0&{@w8W#QX_=s}hH;0ax7>EmRkq!R)9UO3;=OmDm?^F%N!T zOHT)^F}4JkATrWAN7y=nTBsRHT0BC3Fg|O1G)pRt^e1~+#4Yovg-t$c0iL?1t2rv9 z3c|R!24d!1VfwtCrPsl=AgN8WZ`$g?1lXaj4#Ura5y1qtIqR=>=qJsGaFu1G=pAv| z(>zdOAQpZl6Z;(JPCNbk4h#xj>09D-pRJJ7f9*CS`T zyoHX@{FP3U%SJgWqcDj~fbe%m5B<`%ZyAC}OvmNcZdHP?6Bsbn@$ z%xE^FHTjywld&C-J}qv)7(tN-!hcbfTDD@0cYqOxoc5ke1%%o7fv*oAoVQ+@KR*~j zW(J+dcH??}yt3$tX2B+oj*jY4DS>ne9}Joo#Lov}xlk@elR>lhZEmQC6EMxG6wv&t zK$aNdb4|lsr%fs1Lo*X7=rzFH_6{0&NuQ*gY^8dl2FqJ#_+Bs##+CMY)`baun&CI zMk#Z|KIl*rn1=hNi>X)N;~MPlzKY(3Ku)p}MULRWjy9K$){~;zw;L?<2mscm>PXc~ zdYOj_E^G)e03z8-LO*_f$Nd+C2i+=-oz%8XTW;6i?4|lFZV}^aOH(wt9I}tzn#sJ=P~vZeJzT8I0=K6ns8t z&bzS6L?V1IvM+S=MhAtg#4o3Z5?#CdPJPJA!>@wwY}6L?B*~QY6QWCF8eTBj!Ip-K zJDi!`mW*O~5AR3yK;!p${$x;GVZ{k2G9M+$inkZ_NyhO1h zroZ1EB&%IQ!5nEE##B0t%SUW_~4U4gK1vQfF>8sG17o-{Z zE1k>OLuGYJuvYA2q)L|7F?m7_$i zmtbcFFE-s*6owk{G&<3G<>~I{PLHxrK$$Dsp>~}opy#=&ahEdv&;dYQq65i6M6p0s z&>|7ThWP+pj{ALIB{hbbxO9!XD~5XrxdE9-7*D9q`C&-Aoj_@RYbidSMoLq1if-v% z4C0V(XokkqJb2I(nTgj{jLk-)(Ry42tCs>T_g7oa2S0F+Oe;ai-+r3J=}%vl)_YQL zWUXx4lIa2lsn#~HFTrvgl7>pk;-kRP4AH2M0~w^sD;azu6jNTjg551qx6jLuI^eQ5 zT0-K;54y2GSpXcZvTB0#&78WenYWf43N2aj_|1toYj`6>@4v0F2!57SJBW|*Z5O9z zxEV~^yCsJrw%q6(=H*U?DzP|vrZ_N`Sf&y{50!SU+w-GsnU2g75#X1NCbyq^2;v)L zIqV>4^M{9FH0u(`fA|b=%3q^`OgN=By3?pWdT1ui7uvt3-bXzy-!8_aT`ESf4vP}N zZNM30y^BID=ah2#%Wu~XJHfb%FU!7vcIh+ z;aTM6*#mrxnSZ5rl%b540>2!S8fFKuw^H@8_EU;vYY=M?&XSAH@890egvimk=6q`X zAiY+A!bOSRC{whm)Mp1fvlW$k3>XP)j04qiEX9%W;%gJ?tSj zZxDfyAB%}H(5-^(sTLEh#}vxe7I4VHRB$$Z@7 zfSNp`K|M#n`va?e&(tx2GXN18uJp*`ZKwi=*a(C z58c4*=PD^@>U>Fnn>XT%Txe(Evo#K1nQh`PVAap5m5)wx7+fgdn8iCDM6IiXf51vN zUfpa-fDE?r3U>W3Fu4mm^15ShN+{s6s@RB6d#$!DE%}HgKWmq2(`w=hWHu%g%3xQ0 zf2^xdW-eb6q&Xb@kTJf~xYH-Kx+_K>8{K@nw1CHInDXQIQ7a&)b?Kadqfk?6I58Jx zGm}Rb*II{l8)MwgKS)`x<}OI(Em7)q+TSa!n{WT*JV-k)6Kx*RaT9ai4>>~Y=VC%B zNdfENLMZL?HwO-9Yk@HL!=vK`<0gVmytp3H(2xjy*`z10gy49QvN(R5H$lq4qQ}O1 z9iqBS5P*HWoSGUH^E6RSK*IVdguq)QQ+fXIhJT6Ar{NQ>2Z$zXwKs`KK;tX5I2>bZ z+W`^@!&_%@H{q!bbpr4J6sd`8z`?u}GaY57)esSLt0{(A3=Qmjs~dRygp$CIUBh!-pz-rEvmgnYNR%Vo%obZs-N5|VY4&_W&WrLgqc#& zGBNTaSukUet*o+7YPvdtadte4vnOMPz>LW&JXP~l$DWdC=>5?G9m!sd#ESXtFgw*` z(mMnKl3tK6mfQA0zzK%Dmok#)OZ(Hh%43ko`Qj3=gjMwEq{2rxpgZAdee!p2~>f~We>)ME>~IaIIy|CT-p%fp){^{ov2{R zV^#`WhhinS?~s(-Q#il24x1ml&#;nA=+!X9g_gR@NVbZuSb`%hn-i3iqwj1JS3Qu= zw?5N>hoNQENWZgsCR6A@lyJD3F@kjdGQ7}6(27Mr+8Hs)^UHGWH@@-u*<|%$`BNL} z^P}dD1iyyrSExNi+LQWj_2I14n;EuRdJPw&kX0pXn2G41qT605$1+6!!*=|mU%}p= zc?Il;RUK$%opd|$H&w~10IX$GT3x=7sMSs9;6z``-bRp|GbPRd#`!+95%ndeS_JcLG%? zv`W|cMvXTpsMb$_M@iVGd8}zy9u(v2m9cO~O+(G17fFdPudA8r`LLP6`E+RmmDaeS z%&u(Ect^!BR@Z<}K&8Xgt^lwzeiUc*7)U+FjhuP=;!dW}#=+1DP0HCA{(G&*ZgCHMRIk2g!G?Nmr_vFWGayYo*&A6}kh zXiHvk&&*u9o)8rmetV~1yg|;oMM?2?e+&Wx0}r*5kO0U@Nc`hm!TV`~&wfe5vVEdN z10U7DQlz4|qd5%&a+o4N?iXv)iH89g8xD<~4-xHJbZsscK>YSo4gdc+uK*Y!hwXKxIp4m%=XOjbe`qmJHwRGmD7rvjEYcdCA*;f ziJh>>}Z(19d%41HgPDw%=Uz(--Aie-hy~44mGyqNbT;hgbJziq` zv_c_^f@TsAhJ)6$%|jw|(sNT|DzXyU*gErg!Dzv9whK%Gl3-gV8j9SLKA$cy#Kw8c zZ9q*uZ1RzYh+5)W&JpcB{c<9p6+Opqp3#4mC(d}J>R6aDl@T=~Y;Lx<8YOXTfxH&R zucL2MODqP^ft^`gEAi*u;p`jTc-x$AU4st;v`Y!s*U|78)NZpT+uD|Vp6(RuyGR$x zohOfL6Z7BCe|TEGpYzaBQWO9>*s++HIhcZ2JnbCc&w+q}35j?*ngDG;u4JYl3oCnJ zinF#Z3NkA*VG3<-B{n5T36Q0gthX~r-CJ1$=xqb!H=_{wfFR^4@J?U{ay23Iw6nE$ z5%3hI_={KI{qr9)D+SqK5LX*v3LPZ?nS_Hgh>VMci-nC@%G1i7gW>}MnUJ%YxqzCa z^xrAouY@TqU0odoSXn(hJXkz9Ssa`#SlRjc`B~XGSUEVD-x16%UiPjgp3L?xlz%Ax z#vuuE0Xkbbx>`Bdll|c|F?Dcr6{etgZzuale0GjXO8=y{clo;t?|QI$nmDquv#_z+ z*|Gkshl{I}`#Z_s1NuLDxM;i|mtj={xj48v13^;mAbVHJf2A-3{?p&l&Dr*^bj*OP zAX|{#JJjX9SN4DFQbtY*@K29F5?EN-IsWDKF8046U9HUjN34H~?N7^J>HKRT@9zKP z{WtVKa{mkbj#5$*kaPgL{RvM_QkddT{{m(XKr1tWzdmxBnS!`DxXqb4*?EA>T->H0 zW>a<^b7nSE5H}AG7m$sehy7oua@%(4A z())BWGjTPMG;syJld^Ge2(a-Auybgz^9peD39xfBvb|gW1@B;HW$yKVL;smPWI}%% za#<^v_x`>9GW~5vse_#UcJ;SQTdTjO5*gWFlS04*__q{XOx!_cf5rLE^|vOVrHQ=- z=zaD0d%6C@ZuNgC1s;Ar4t73vc4mHVUiSC#Ur2^Kb(B%-Oj3I6z!n|IY5> zVD9Q+;tUeAc-Qe=tM~H!ODi(EzXpo_-_ahHpg*JVE*LW#FZ2H{80+5?X8p5f{3Bx_ z*8fctp}zqCvdFyq{mu5ic)hQMtp8jL|E}4eW#|9n&)>)5|6>pD)c@_|KhpQVa{X7X z|44!V2>jpb`mbF7kplk__`lWl|4c4~|JhD~?BBlydAx6y`k>4I9KMG!RgjSc6Z!Ki z0VHgGx4=8f>bih|q4fQEfe$&9n7tceUFDRdV0U4WPz6xs-5SNgz({B0B*ip5mrim# zd^I#52Xh5E50EjU^SGpHnU5Jteu?VLxv3^;9^2#AR@yx*>MVS3?OhU^)6{ZGqS4ZD zlv0f*Gt{$$hakr*2uw^A|FT9(du5Wm!kOvf@?(PP^W7Eyo7wIU#a+Knm$Q~V;mM=! zaO459DV%OHFh8(suqk{|hQJUocZgx=bMC+dbc6{H21e8+hY4vHm`yVX2Mj*ZK=xP$ z2phQPq#)7Y7Z^J(Rx%>m%tMtEjunZ zIsvrdc_=AQ4UFa(W_^KM!tc{q`Fx{bSQ}1>-HzrUT|Qebdb%Y{9UHi4S-w*X@7AzB z>6E|%<{$@T33RWYhYmO>gcrzRTMgtjy|i=`8=k*1>Ev1ZWCjpZ2L(D`xo5;~b z5Qv26(dT#rpRf=k;+g{ssDmDyz@$8dCW?vzCt~9ULn&gq)1BS}5ty521%7>FpI6rO7_bT}&XjMdP5xCA*QsAOAdyZu0lr0!4V?+l9d zj=wDFu;8I+cqrdphy|4ECTft~=z@FDf_`R`V{Kf36VncuFG(K*LdC@(s=0yhC`tk4 zvWez6oqW#+wm=FY^BJcZyIs5Cd|6pIG&~nPF?5o*!Ywl$=wBs>Ql_SX-SrWFh@gpS zXBm11$?1}lA)urQF%8MqPnwIUx;E~k<5NJ`CXkBCC}^I&8NZbIf($x8`)-7_CLj|? z+Am42x@rF&8jPoQaT%Faxg(5!aQ&R7g&)C*Ra%M?BvW>$bcCzhWWPO{N+qYIg-{zo z+IFp0R|63G?(k8GZ!i{pl6GVwdt_GmiZDLR^|NhxVjp^REK)?bED%8CQ^BV$DJ>Ni zxRtDcB8DFC_cYvgh6B*hnDec0TE7pEpB-h`aSSfdWQ^#38O+;XYGlFMD5;=|iTO>+ zNMDL5#dmo*%=zP-F#apllFk4Ti!oSVIr7+bOsN8{^MM*cRJ%}}heOwfj`BKOdDbrK zfZ;pIT$Djws5B*Og3y!gdy`yVho;I^*d`AU;JQy1VfyA@S2p@mTR`E)cX>79^5cRq zejX~mj=|a=fW!$S^>n+<%kTAkvAxo=y1qX<tT6G5vat>GgENoqNUy5x+AwkW)T9r1$+DpT-;qJ|qnxqwmITNLNJ(Fp(s( zTS`R49Ym4Z=G%n3>$0#&aoP0@DGUhc+8CyEjMdbg4cTOX*pZf;ZsmTs`FTq5yD6c4 z3+1djCsoS-B20j2&F?3kqb<2(g{J;&(57?PkCH=+=!dHvz>1ee-x{TG2YpX%YWIbf z+XdnfOITX zr?zDx4~vVJ%Vke@h!<_dcl(9gL68M%TG;V`VM3zi?@5p__sByCZJ2By^6#;OUZj)1 zyoYs@N))}(_dCJo-lVSKddlU!@^aq{{8)#M7gyJt&&9hoJby5-cjn=V8s{dNefv6+ zPe)IF);9Ul96?eBFU7Y|P3v%cf{ea`dp4t*j*7Z$ z46_8p5*?sOQ4w|BhdpNYF%sb#ZqpK}S1=HgM!Uctb0@C@WIKxidh#F61D~8Ir6nUM zhzNNSJG@H+id953BMS2Z+wV=gy6Kv@HRBKmbfIqXmJ6A)ucbpadte7LsTO|Ki1{5^ zt6}ilr1A2xwDhy`*?&i{Bcl63c3zlN1QRly?|CkEw{_a4g8aV9{SZ<=;Vdpr=Cl}P zbT8~-w@f58R{YLzLmK@BDmu>a!${SZg2G7G%fw5w&)E%(6d#ZMdqvRZmh{yEVZ9bX z#XUN})I(ORE;4`_Ri>QW_S@?oOEDzuHUNo~#eR{8i^ooFE$~w^Mz!N{ll2X1^eL1( zfx<2-i}y4Ypy&`JV69{>yKFnS_;enVD~DxFz9pnAo?sUrVumSKUEPMM;nZ~x#e zO~3yYzDcJp^mt|QrP*qBE}-@(L;~co$~ifVjAd5q!OCx&F@1wnu6G3>QZa60^-#BO z30tWjGE`JZPnID)@n4xM_1+jBi?Q=qomENM**OHP_|{+aikBPI1BkQ@I}X+$=4(ux z`O=s%!(r`*TI>w%WViQH_P#K_eSUjP7r=VDC0S0W-lHZiO2_3-vo?1n|d`9AnU$UX00?QG6 zO6r8x>M_sT7dNi2{n&ud*B@~XWnzjCP0_eYtuTRytsa5de{FRs+`jNNPM-TkLb%A{iKl2^}=5!*lplS&8b+N3;(?EY#Dc69ly=1#do` zs|>oVSSRI59pj=Gr){gWLt$aPIR=fZhZDRv-L>A0j>;ZBsH`ckafC{lk^vI{I?MSA z)M!dLUmK)ok5#LC;=;jT-~_=mu0`&Xcvy=yAA(v^0 z{F{mgZUS!Y=}M_lC@x&0L;J?b%R&{kionQ=TZg#G;NAD&ZnSc9KR`p-_bgs@YDWE3 z7FJw8Ix};tn;v%08iBm(t}2+JR=4d*f12Eta`B{ei_x?1$=%Fa6OVbrG&RF`SnA(e z5o-&?S4QA{evB&49)@i3cB#G@ygjJcI!Z1Ro`TeJb5(9nY#^dTpiXP77ht6jArNE5 z*sYR@qS=9mOSaxYTTf>rW31Y5zFR{wxbF5WUZeD(vt9bFm6X#Y_;DxY@G)kIVzt9|ai&V!GWh+z zPXzSHHA}}&P2FyGnoh8r4mPOiCM1#wF9}%C{#f~-%WF&KbL$#Vb@)t$6vn^Rh(12v z0C@Mz>9!cmOEfgs&`M_Qz*@F3GxrWDEQxHtl)ssLJ`0GMY(7~HvGC5Q07-Ue}5XH!ofZNhZ+mw?4d5fbRXb+ zXU|Vm#~ozpg2Kw&?b^KojZi;mt-{W~XkR-8Aw`xbY1~?!9sBxh!B14KU7pRbx9xf4 ztYM&N?1@F>p1YlFL& zHsSlG3&K`}-~TO6`~Pa$yyMwkzc}8jvBITDDT3ChQ8lUvYS+3}w2i%LwzYy9wOX}< zXsB8(LXF01%pxJ>5~HfAt@f(z(%S3yO<%vi^E&x{pL5Q0p7;5j?=wrMdMZnJs&q6< z|JUM1!${ruSgiqRdoFP`CmGCS+yp)&Yhk%i7U5BX>?~HYj)?S$djq|X#=hGKWe7yP zviSw!#A)OGOAOj;6}cIJ>%MC*1R-Gd;O^1IfkbJXgWK)e8EI<{Zt1|2rZ&R>pLJ*U zi;;KB9)-h`Wa&Ca@l#kCT0Lv)dD3hhQnp^UPYcV0ijKYz=?)~VTaq%QTC4d{h5%Y9 zTN8KG*+cMNV;U>EuM;x?9ryU`C?w@u0&@E!q zrS++s$|XySjXr}blQu1Z9|J2ws!$6qK17MV^$*SW9LzM;jwPSj{;*y$+Ajqt&OZ=yKp_&}C7$K3ElVu?vca~qsFNO29)C$vKHQ*W0m2^7V4cS=1=HX^M`)ng?*jx|ZrC1n?dUY`YE*?2dEVlWm{2ZBGUj^ity4R^fNwR4ofMf|M<( z@9Rh7s+)RwW89|x$diU;(jEPh#s{9ch9_b)+^NrH7DSTts|)Nx`?Ezt+;{l6HH23q?+JCI0yj=qN?defgYDy3ra1ovGv%;AL-(`S@x&Ms zo_ekT#K=C4Jy@5U-QzkuLGuycDb3NMqv#iNlJ+($Rvr}uc?x~&!&wPHep>7s59F1z z2`va_soH!B8B{9{4WjV283x~M%aPG!g(476XSV=$_*=iuE8;hr4`f1Jxz2MMb#8;< zDApeA!HNI=z11|69TpuIwp=b1?yA#mL2Tyj6}a)pH*DO@XoKl`nao8UtQXw}E|eO; zf(FCk``wA#OJCSJUF%YmWvUHz$_`|Lrv`-^6d{vZKHI(s|MKoe zoYRK2|CFIURG#p=aI}WJFj+iam`Qp}_0qD{sbQhI)&7J~WznS5)Ey;=$8hGp>S59GAk(LPttLLP)WjTo6W%g=54X)Gya3;vrKjM%$HRhdRdc#7&L|nHVIT2De5oX0HBH}dJ$qZ3v zJNUEr(4ufhVJk|68P`q0lsmUt@)^jLc9hvqhi(C4{}^_}ips&)MUj!zjer*VIHX_g zO_W!L=-rvPnN^({OH1q#tF&)(Jag+vDErUuL>?>G#)_D=LeHpUZb z;-7dsyY(ebYvzskaYN}2 zddT@foPn74pNhu@YLQPZS3fgj>F7z{gx7j+cyUb)SNLhmOB44A<8xgThCMyetZ%r* zBp6O8)F68?lmm%2eQt02yt$)cI`y4$qW~8ev(;MV9q0d<_GmmQ{q?K;X@}Ou;_@pW z_udwkC!PFMH`X*Wa4bdCNQps9E=LyWrtUURcVjK9`qf?AMNTeo!HM^x_dAU`+VnOYLNzbd7kUsp}m0IbV+v_z``LBi~ z>_RKT^5P|XdX4SX_=J%uRGVssFxT3t^Hjs=4=+5!u@36HBVqfK*+>Xy&rJnauTH`n zSKDVr1e<%c3CH(MvyRYZ3=@A+nVH5vZ0uU#c88xk>7z)|sz=K&^b4WvzPkE2@^?CI%F-p(v2awg^> z_8UkC9GSvHi~8@=vY@Zw(9L?Uv?}#~m333h;{?aSwH9K6y!~qernf{ow6L@&jjLIt z<76-pi{K4Eh(`{79De8Q)A5>JVAe^e=54VFp8hpnQ(19w$IBJ;C}EndD+Ys$8EI85 z5<#p`dEDmoz(99ZOKPIW4~1P_sTVTh_r--$>S@APidHK?5;wZ>&c<5XP!9H&=9G|p zePNj){ep;Jyt3CSaDpW!6^En5eH3DTXD7QsVqn1eM#X509nnJP>LnGZtLx^sSRdKm zB`r$+6~(W@5NB?%mDp`fjD}+Y=B{0!RiDQePQq`zHXAJ}2nIdU_WVy|`?z zE-B#PgdLQD*iRy7PpSUzvOtg1Dw~PiK3OJG!`F`X4)$ z(AdDVj7i(!z9yUq#18N|>UB^|%v30%i}T0P{ytrYM-_k_5*H(dsoW%dosQwo+HsS% zeeS2uN@6KzZc=kPDo(VOi7O-WYD^9cm@iu#l=Wb51i8Sw2oz?8yftw(^A za&n^m=60c;fVFKI;CWN7p!g>i?YeIq0NRgg_YlhHqLicntA0Ky3=#O|dyl$m%$p@Z z4Ad|9s_qbxg?BZa#EqI2f}j}qUGw%g=?OzCU9AnC;$e@8q}d`2lSZyTx^xv0GncGr zq_r)}CptuB$CVW-I|@G`T{x6p4VvyQdssy@pO6X&U2j^OIN!XC-fHD4nvpmkY5WN; zMPM^!J_|!?mSK;nOx)FlWJtQ5T6%W6*jh@Fe9Uv}mRw9<>l4W31mF|VT=AV>L)c6h z1u$5Ft^6_Q@ng6Hw~HuOG&?=&es0#_HDJNBsbF1uDfuCRWac20QPa<<2!4PKUb~qF z4>KTl*HZh6z`aqTxCX`;Q-OuTAK z1HRROZzBJiKoAe@dYGuHf6I7W$Ut34Tj&9K2W7EOMCEeI~ z^R&TlCU-rCU#TBkdFJ`9TW-1a02|`Cvb))|jG?xMDlv$GZA(?nR6|pF6-qN~0N9&~ zAbOC;>vr3L7U?;hu%BxnHp~wDjs(U!H@558!7l-MKPxed2rR!=LcAOn4f=lnrYy4 z?$OcO)YJ{>E%@5pxQ)N4$?e7hVvL4GnWMjB81AN3hP_14fWOBtUc)NzJEWw8RJQ4G zMBaPh?cPcr%qiiN&xR4|KIFlfxvLZ-0R=RL5!?B* z?DPHS@{`QYcI9PWm!AYe*kB#FAqSaZ9^=)b4BagR7OW@ph>m4QF77!J!m;d{zN&sD zEm>4C`x!n%R|+kJyH6xh$})~U0PVElrG{0rjOx4|jk{&K0?U<#gW*N}peodd`$IFq z=i!vz=DoG2D_T-^IJJ?3Ii|Ft`A~+pz$K($N2pHz1Q)Czi`(bN^=V?sMKr7W(`m?H zqgZJ@QwD z;5-xhXBbghpzl#dz6P-uGe79La1Wsqv6EmqR(U!hl=9ncOev^R#!HUAL&rQ}n=W>_ zn>b+sJKE0xRN1%&PRH4I&uiQ;;^F~$11&^F#kOa^qJ3XxZ52e5M9gEhLx-1b?dnzp zpr=PGaq}(5T}eqzDRmw{`(lu1VbxwX_op?*0eTGIX4O-qnLY&TO}F@!eQndC=oe$R zD8d!9v2O7Se*6}q{Y9)I-~F{ z6u*?ulgOEM=l%osgD8Z>KwKe5WPmTNo}?YRx~5yne-LX)u$=fRPv4Pjj_9LDvw(&V zz+|PLUE$tqYksfOMOHHj8raor{$rT_j9Xdp5SnLjrcZ;P zbl^%4+bC!f7+A$GBPD2^%?n_*P~%>vjeq)~^ds;9Rddxo0dzg+%^{e)QZmA-=OlPI z=DrG-v{`BquoZypTMt2{kT4Sun#6EG;2c=+0-;cZu>)xb6aJvLANp-|W;EU0Rm^4M zxS&cPPQa!8xvO@GE_f%}v5Fi6F@7gt);K2s!*3zGJYmu;mQ!574>4HyH@7KW zN#uL>gO6+{cBlMQfbs0~DkWjGW{7Ug9U!_WMuh=|!C3}SDx;B4ES%7xLDG6ysEGu| zli!o_GkY|yQrw1PSzzppgdyhq;J8SQ)V|WcCy_>v+TdXtWP|#w+J`h~5Y2qfRfxcV z?>$dCugoZ+D@IrU+qw?wkW@Cw?tA;U`V0fxl@U;WrZL%|fxBi_0E&gbB4xs2omhYg zq+3tyIr0zE@W#Qv6agv>cQqv#DJ-f2(j~J&n3iE<3UUfO0_ed9aU}Km3n-nZZ=pGC zyxSM`bYrz=D7w*3;(R4_ebLFmG4t5f@PP;|{7VhqoWFRtS;!0mvz9tD499&x;-ABA z$??(bTkyUCQ0ivn-X3oQ<>^cp00}2USD|Z+P}kPSyue;~3ymYa8`?Wm#&(H(qeQeT zWGh@H?G9~31Zc?SX{a1mj6ae>p1dWc(kZ+QYkPzK@hAcrKi59ZVOfD3S=HE8dzH4K z_(*8@QR*4a$cQ +# +# SPDX-License-Identifier: CC0-1.0 + +* @RiskIdent/platform diff --git a/.github/workflows/go-cross.yml b/.github/workflows/go-cross.yml index 6e2b2e4..ed37db1 100644 --- a/.github/workflows/go-cross.yml +++ b/.github/workflows/go-cross.yml @@ -1,5 +1,9 @@ name: Go Matrix -on: [push, pull_request] +on: + push: + branches: + - main + pull_request: jobs: diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 025a3d1..7617390 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -13,8 +13,8 @@ jobs: runs-on: ubuntu-latest env: GO_VERSION: 1.19 - GOLANGCI_LINT_VERSION: v1.50.0 - YAEGI_VERSION: v0.14.2 + GOLANGCI_LINT_VERSION: v1.59.0 + YAEGI_VERSION: v0.16.1 CGO_ENABLED: 0 defaults: run: @@ -24,20 +24,20 @@ jobs: # https://github.com/marketplace/actions/setup-go-environment - name: Set up Go ${{ env.GO_VERSION }} - uses: actions/setup-go@v2 + uses: actions/setup-go@v5 with: go-version: ${{ env.GO_VERSION }} # https://github.com/marketplace/actions/checkout - name: Check out code - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: path: go/src/github.com/${{ github.repository }} fetch-depth: 0 # https://github.com/marketplace/actions/cache - name: Cache Go modules - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ${{ github.workspace }}/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} diff --git a/.golangci.yml b/.golangci.yml index cc994d7..20e65c0 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,15 +1,15 @@ run: timeout: 3m - skip-files: [] - skip-dirs: [] linters-settings: govet: enable-all: true disable: - fieldalignment - golint: - min-confidence: 0 + revive: + rules: + - name: var-naming + disabled: true gocyclo: min-complexity: 12 goconst: @@ -25,21 +25,21 @@ linters-settings: - FIXME gofumpt: extra-rules: true + depguard: + rules: + main: + allow: + - $gostd + - "github.com/RiskIdent/traefik-remoteaddr-plugin" + stylecheck: + checks: + - all + # Remove some checks: + - -ST1003 # should not use underscores in package names linters: enable-all: true disable: - - deadcode # deprecated - - exhaustivestruct # deprecated - - golint # deprecated - - ifshort # deprecated - - interfacer # deprecated - - maligned # deprecated - - nosnakecase # deprecated - - scopelint # deprecated - - scopelint # deprecated - - structcheck # deprecated - - varcheck # deprecated - sqlclosecheck # not relevant (SQL) - rowserrcheck # not relevant (SQL) - execinquery # not relevant (SQL) @@ -53,18 +53,16 @@ linters: - wsl - exhaustive - exhaustruct - - goerr113 - wrapcheck - - ifshort - noctx - lll - gomnd - forbidigo - varnamelen + - exhaustivestruct issues: exclude-use-default: false - max-per-linter: 0 max-same-issues: 0 exclude: [] exclude-rules: diff --git a/.traefik.yml b/.traefik.yml index 57fb70e..ef44571 100644 --- a/.traefik.yml +++ b/.traefik.yml @@ -1,12 +1,11 @@ -displayName: Demo Plugin +displayName: RemoteAddr (fix X-Forwarded-Port) type: middleware iconPath: .assets/icon.png -import: github.com/traefik/plugindemo +import: github.com/RiskIdent/traefik-remoteaddr-plugin -summary: '[Demo] Add Request Header' +summary: "Add request header for the client port, to make X-Forwarded-Port act like in nginx" testData: - Headers: - X-Demo: test - X-URL: '{{URL}}' + headers: + port: X-Forwarded-Port diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..8205b0b --- /dev/null +++ b/Dockerfile @@ -0,0 +1,9 @@ +# When using this Dockerfile, make sure to also add static Traefik config for +# loading the local plugin. Such as via CLI: +# --experimental.localplugins.remoteaddr.modulename=github.com/RiskIdent/traefik-remoteaddr-plugin + +ARG TRAEFIK_VERSION=v3.0.0 +ARG BASE_IMAGE=docker.io/traefik:${TRAEFIK_VERSION} +FROM ${BASE_IMAGE} + +COPY . plugins-local/src/github.com/RiskIdent/traefik-remoteaddr-plugin/ diff --git a/README.md b/README.md new file mode 100644 index 0000000..1c2c5c7 --- /dev/null +++ b/README.md @@ -0,0 +1,158 @@ +# Traefik RemoteAddr plugin + +[![Main workflow](https://github.com/RiskIdent/traefik-remoteaddr-plugin/actions/workflows/main.yml/badge.svg)](https://github.com/RiskIdent/traefik-remoteaddr-plugin/actions/workflows/main.yml) +[![Go matrix workflow](https://github.com/RiskIdent/traefik-remoteaddr-plugin/actions/workflows/go-cross.yml/badge.svg)](https://github.com/RiskIdent/traefik-remoteaddr-plugin/actions/workflows/go-cross.yml) + +## Usage + +This plugin is very simple: take the **client** IP and port and write them to some headers. +This is done by using the Go field [`net/http.Request.RemoteAddr`](https://pkg.go.dev/net/http#Request) +which is composed of `IP:port` of the client connection. + +To mimic nginx's behaviour of `X-Forwarded-Port`, where it sets that header to the client's port, then use the dynamic middleware config: + +```yaml +middlewares: + my-middleware: + plugin: + remoteaddr: + headers: + port: X-Forwarded-Port +``` + +Alternatively, you could use the non-standard `X-Real-Port` to not override Traefik's behavior: + +```yaml +middlewares: + my-middleware: + plugin: + remoteaddr: + headers: + port: X-Real-Port +``` + +### Configuration + +Traefik static configuration must define the module name (as is usual for Go packages). + +The following declaration (given here in YAML) defines a plugin: + +
File (YAML) + +```yaml +# Static configuration + +experimental: + plugins: + remoteaddr: + moduleName: github.com/RiskIdent/traefik-remoteaddr-plugin + version: v0.1.0 +``` + +
+ +
CLI + +```bash +# Static configuration + +--experimental.plugins.remoteaddr.moduleName=github.com/RiskIdent/traefik-remoteaddr-plugin +--experimental.plugins.remoteaddr.version=v0.1.0 +``` + +
+ +Here is an example of a file provider dynamic configuration (given here in YAML), where the interesting part is the `http.middlewares` section: + +
File (YAML) + +```yaml +# Dynamic configuration + +http: + middlewares: + my-middleware: + plugin: + remoteaddr: + headers: + # if set, then set header "X-Real-Address" to the RemoteAddr (e.g "192.168.1.2:1234") + address: X-Real-Address + # if set, then set header "X-Real-Ip" to the IP of RemoteAddr (e.g "192.168.1.2") + ip: X-Real-Ip + # if set, then set header "X-Real-Port" to the port of RemoteAddr (e.g "1234") + port: X-Real-Port +``` + +
+ +
Kubernetes + +```yaml +# Dynamic configuration + +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: my-middleware +spec: + plugin: + remoteaddr: + headers: + # if set, then set header "X-Real-Address" to the RemoteAddr (e.g "192.168.1.2:1234") + address: X-Real-Address + # if set, then set header "X-Real-Ip" to the IP of RemoteAddr (e.g "192.168.1.2") + ip: X-Real-Ip + # if set, then set header "X-Real-Port" to the port of RemoteAddr (e.g "1234") + port: X-Real-Port +``` + +
+ +### Local Mode + +Traefik also offers a developer mode that can be used for temporary testing of plugins not hosted on GitHub. +To use a plugin in local mode, the Traefik static configuration must define the module name (as is usual for Go packages) and a path to a [Go workspace](https://golang.org/doc/gopath_code.html#Workspaces), which can be the local GOPATH or any directory. + +The plugins must be placed in `./plugins-local` directory, +which should be in the working directory of the process running the Traefik binary. +The source code of the plugin should be organized as follows: + +```console +$ tree ./plugins-local/ +./plugins-local/ + └── src + └── github.com + └── RiskIdent + └── traefik-remoteaddr-plugin + ├── plugin.go + ├── plugin_test.go + ├── go.mod + ├── LICENSE + ├── Makefile + └── README.md +``` + +
File (YAML) + +```yaml +# Static configuration + +experimental: + localPlugins: + remoteaddr: + moduleName: github.com/RiskIdent/traefik-remoteaddr-plugin +``` + +
+ +
CLI + +```bash +# Static configuration + +--experimental.localPlugins.remoteaddr.moduleName=github.com/RiskIdent/traefik-remoteaddr-plugin +``` + +
+ +(In the above example, the `traefik-remoteaddr-plugin` plugin will be loaded from the path `./plugins-local/src/github.com/RiskIdent/traefik-remoteaddr-plugin`.) diff --git a/demo.go b/demo.go deleted file mode 100644 index 88d8c18..0000000 --- a/demo.go +++ /dev/null @@ -1,66 +0,0 @@ -// Package plugindemo a demo plugin. -package plugindemo - -import ( - "bytes" - "context" - "fmt" - "net/http" - "text/template" -) - -// Config the plugin configuration. -type Config struct { - Headers map[string]string `json:"headers,omitempty"` -} - -// CreateConfig creates the default plugin configuration. -func CreateConfig() *Config { - return &Config{ - Headers: make(map[string]string), - } -} - -// Demo a Demo plugin. -type Demo struct { - next http.Handler - headers map[string]string - name string - template *template.Template -} - -// New created a new Demo plugin. -func New(ctx context.Context, next http.Handler, config *Config, name string) (http.Handler, error) { - if len(config.Headers) == 0 { - return nil, fmt.Errorf("headers cannot be empty") - } - - return &Demo{ - headers: config.Headers, - next: next, - name: name, - template: template.New("demo").Delims("[[", "]]"), - }, nil -} - -func (a *Demo) ServeHTTP(rw http.ResponseWriter, req *http.Request) { - for key, value := range a.headers { - tmpl, err := a.template.Parse(value) - if err != nil { - http.Error(rw, err.Error(), http.StatusInternalServerError) - return - } - - writer := &bytes.Buffer{} - - err = tmpl.Execute(writer, req) - if err != nil { - http.Error(rw, err.Error(), http.StatusInternalServerError) - return - } - - req.Header.Set(key, writer.String()) - } - - a.next.ServeHTTP(rw, req) -} diff --git a/demo_test.go b/demo_test.go deleted file mode 100644 index dd0edcf..0000000 --- a/demo_test.go +++ /dev/null @@ -1,49 +0,0 @@ -package plugindemo_test - -import ( - "context" - "net/http" - "net/http/httptest" - "testing" - - "github.com/traefik/plugindemo" -) - -func TestDemo(t *testing.T) { - cfg := plugindemo.CreateConfig() - cfg.Headers["X-Host"] = "[[.Host]]" - cfg.Headers["X-Method"] = "[[.Method]]" - cfg.Headers["X-URL"] = "[[.URL]]" - cfg.Headers["X-URL"] = "[[.URL]]" - cfg.Headers["X-Demo"] = "test" - - ctx := context.Background() - next := http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {}) - - handler, err := plugindemo.New(ctx, next, cfg, "demo-plugin") - if err != nil { - t.Fatal(err) - } - - recorder := httptest.NewRecorder() - - req, err := http.NewRequestWithContext(ctx, http.MethodGet, "http://localhost", nil) - if err != nil { - t.Fatal(err) - } - - handler.ServeHTTP(recorder, req) - - assertHeader(t, req, "X-Host", "localhost") - assertHeader(t, req, "X-URL", "http://localhost") - assertHeader(t, req, "X-Method", "GET") - assertHeader(t, req, "X-Demo", "test") -} - -func assertHeader(t *testing.T, req *http.Request, key, expected string) { - t.Helper() - - if req.Header.Get(key) != expected { - t.Errorf("invalid header value: %s", req.Header.Get(key)) - } -} diff --git a/go.mod b/go.mod index 38181bb..16b3d48 100644 --- a/go.mod +++ b/go.mod @@ -1,3 +1,3 @@ -module github.com/traefik/plugindemo +module github.com/RiskIdent/traefik-remoteaddr-plugin go 1.19 diff --git a/plugin.go b/plugin.go new file mode 100644 index 0000000..6468ac4 --- /dev/null +++ b/plugin.go @@ -0,0 +1,72 @@ +// Package traefik_remoteaddr_plugin contains the Traefik plugin for adding headers based on the +// [net/http.Request.RemoteAddr] field. +// +// The naming of this package may seem odd and unconventional with its use +// of underscores. But Traefik requires the package name to be the same +// as the repository name while loading the plugin +// (but with dashes converted to underscores) +package traefik_remoteaddr_plugin + +import ( + "context" + "errors" + "net/http" + "strings" +) + +var errMissingHeaderConfig = errors.New("missing header config: must set at least one of headers.port, headers.ip, or headers.address") + +// Config the plugin configuration. +type Config struct { + Headers ConfigHeaders `json:"headers,omitempty"` +} + +// ConfigHeaders defines the headers to use for the different values. +type ConfigHeaders struct { + Port string `json:"port,omitempty"` + IP string `json:"ip,omitempty"` + Address string `json:"address,omitempty"` +} + +// CreateConfig creates the default plugin configuration. +func CreateConfig() *Config { + return &Config{ + Headers: ConfigHeaders{}, + } +} + +// RemoteAddrPlugin is the main handler model for this Traefik plugin. +type RemoteAddrPlugin struct { + next http.Handler + headers ConfigHeaders + name string +} + +// New created a new RemoteAddrPlugin. +func New(_ context.Context, next http.Handler, config *Config, name string) (http.Handler, error) { + if config.Headers == (ConfigHeaders{}) { + return nil, errMissingHeaderConfig + } + + return &RemoteAddrPlugin{ + headers: config.Headers, + next: next, + name: name, + }, nil +} + +func (a *RemoteAddrPlugin) ServeHTTP(rw http.ResponseWriter, req *http.Request) { + ip, port, _ := strings.Cut(req.RemoteAddr, ":") + + if a.headers.IP != "" { + req.Header.Set(a.headers.IP, ip) + } + if a.headers.Port != "" { + req.Header.Set(a.headers.Port, port) + } + if a.headers.Address != "" { + req.Header.Set(a.headers.Address, req.RemoteAddr) + } + + a.next.ServeHTTP(rw, req) +} diff --git a/plugin_test.go b/plugin_test.go new file mode 100644 index 0000000..b1cfcc5 --- /dev/null +++ b/plugin_test.go @@ -0,0 +1,94 @@ +package traefik_remoteaddr_plugin_test + +import ( + "context" + "net/http" + "net/http/httptest" + "testing" + + plugin "github.com/RiskIdent/traefik-remoteaddr-plugin" +) + +func TestInvalidConfig(t *testing.T) { + cfg := plugin.CreateConfig() + next := http.HandlerFunc(func(http.ResponseWriter, *http.Request) {}) + _, err := plugin.New(context.Background(), next, cfg, "traefik-remoteaddr-plugin") + if err == nil { + t.Fatal("expected error") + } +} + +func TestHeaderAddress(t *testing.T) { + tests := []struct { + name string + cfg plugin.ConfigHeaders + wantHeader string + wantValue string + }{ + { + name: "full address", + cfg: plugin.ConfigHeaders{Address: "X-Real-Address"}, + wantHeader: "X-Real-Address", + wantValue: "127.0.0.1:1234", + }, + { + name: "only ip", + cfg: plugin.ConfigHeaders{IP: "X-Real-IP"}, + wantHeader: "X-Real-IP", + wantValue: "127.0.0.1", + }, + { + name: "only port", + cfg: plugin.ConfigHeaders{Port: "X-Real-Port"}, + wantHeader: "X-Real-Port", + wantValue: "1234", + }, + } + + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + cfg := plugin.CreateConfig() + cfg.Headers = tc.cfg + req := testPlugin(t, cfg) + assertHeader(t, req.Header, tc.wantHeader, tc.wantValue) + }) + } +} + +func testPlugin(t *testing.T, cfg *plugin.Config) *http.Request { + t.Helper() + ctx := context.Background() + next := http.HandlerFunc(func(http.ResponseWriter, *http.Request) {}) + + handler, err := plugin.New(ctx, next, cfg, "traefik-remoteaddr-plugin") + if err != nil { + t.Fatal(err) + } + + recorder := httptest.NewRecorder() + + req, err := http.NewRequestWithContext(ctx, http.MethodGet, "http://localhost", nil) + if err != nil { + t.Fatal(err) + } + + req.RemoteAddr = "127.0.0.1:1234" + handler.ServeHTTP(recorder, req) + + t.Logf("request headers: %d", len(req.Header)) + for k, vals := range req.Header { + for _, v := range vals { + t.Logf(" %s=%q", k, v) + } + } + + return req +} + +func assertHeader(t *testing.T, header http.Header, key, expected string) { + t.Helper() + + if header.Get(key) != expected { + t.Errorf("invalid header value\nwant: %s=%q\ngot: %s=%q", key, expected, key, header.Get(key)) + } +} diff --git a/readme.md b/readme.md deleted file mode 100644 index 353f34d..0000000 --- a/readme.md +++ /dev/null @@ -1,270 +0,0 @@ -This repository includes an example plugin, `demo`, for you to use as a reference for developing your own plugins. - -[![Build Status](https://github.com/traefik/plugindemo/workflows/Main/badge.svg?branch=master)](https://github.com/traefik/plugindemo/actions) - -The existing plugins can be browsed into the [Plugin Catalog](https://plugins.traefik.io). - -# Developing a Traefik plugin - -[Traefik](https://traefik.io) plugins are developed using the [Go language](https://golang.org). - -A [Traefik](https://traefik.io) middleware plugin is just a [Go package](https://golang.org/ref/spec#Packages) that provides an `http.Handler` to perform specific processing of requests and responses. - -Rather than being pre-compiled and linked, however, plugins are executed on the fly by [Yaegi](https://github.com/traefik/yaegi), an embedded Go interpreter. - -## Usage - -For a plugin to be active for a given Traefik instance, it must be declared in the static configuration. - -Plugins are parsed and loaded exclusively during startup, which allows Traefik to check the integrity of the code and catch errors early on. -If an error occurs during loading, the plugin is disabled. - -For security reasons, it is not possible to start a new plugin or modify an existing one while Traefik is running. - -Once loaded, middleware plugins behave exactly like statically compiled middlewares. -Their instantiation and behavior are driven by the dynamic configuration. - -Plugin dependencies must be [vendored](https://golang.org/ref/mod#vendoring) for each plugin. -Vendored packages should be included in the plugin's GitHub repository. ([Go modules](https://blog.golang.org/using-go-modules) are not supported.) - -### Configuration - -For each plugin, the Traefik static configuration must define the module name (as is usual for Go packages). - -The following declaration (given here in YAML) defines a plugin: - -```yaml -# Static configuration - -experimental: - plugins: - example: - moduleName: github.com/traefik/plugindemo - version: v0.2.1 -``` - -Here is an example of a file provider dynamic configuration (given here in YAML), where the interesting part is the `http.middlewares` section: - -```yaml -# Dynamic configuration - -http: - routers: - my-router: - rule: host(`demo.localhost`) - service: service-foo - entryPoints: - - web - middlewares: - - my-plugin - - services: - service-foo: - loadBalancer: - servers: - - url: http://127.0.0.1:5000 - - middlewares: - my-plugin: - plugin: - example: - headers: - Foo: Bar -``` - -### Local Mode - -Traefik also offers a developer mode that can be used for temporary testing of plugins not hosted on GitHub. -To use a plugin in local mode, the Traefik static configuration must define the module name (as is usual for Go packages) and a path to a [Go workspace](https://golang.org/doc/gopath_code.html#Workspaces), which can be the local GOPATH or any directory. - -The plugins must be placed in `./plugins-local` directory, -which should be in the working directory of the process running the Traefik binary. -The source code of the plugin should be organized as follows: - -``` -./plugins-local/ - └── src - └── github.com - └── traefik - └── plugindemo - ├── demo.go - ├── demo_test.go - ├── go.mod - ├── LICENSE - ├── Makefile - └── readme.md -``` - -```yaml -# Static configuration - -experimental: - localPlugins: - example: - moduleName: github.com/traefik/plugindemo -``` - -(In the above example, the `plugindemo` plugin will be loaded from the path `./plugins-local/src/github.com/traefik/plugindemo`.) - -```yaml -# Dynamic configuration - -http: - routers: - my-router: - rule: host(`demo.localhost`) - service: service-foo - entryPoints: - - web - middlewares: - - my-plugin - - services: - service-foo: - loadBalancer: - servers: - - url: http://127.0.0.1:5000 - - middlewares: - my-plugin: - plugin: - example: - headers: - Foo: Bar -``` - -## Defining a Plugin - -A plugin package must define the following exported Go objects: - -- A type `type Config struct { ... }`. The struct fields are arbitrary. -- A function `func CreateConfig() *Config`. -- A function `func New(ctx context.Context, next http.Handler, config *Config, name string) (http.Handler, error)`. - -```go -// Package example a example plugin. -package example - -import ( - "context" - "net/http" -) - -// Config the plugin configuration. -type Config struct { - // ... -} - -// CreateConfig creates the default plugin configuration. -func CreateConfig() *Config { - return &Config{ - // ... - } -} - -// Example a plugin. -type Example struct { - next http.Handler - name string - // ... -} - -// New created a new plugin. -func New(ctx context.Context, next http.Handler, config *Config, name string) (http.Handler, error) { - // ... - return &Example{ - // ... - }, nil -} - -func (e *Example) ServeHTTP(rw http.ResponseWriter, req *http.Request) { - // ... - e.next.ServeHTTP(rw, req) -} -``` - -## Logs - -Currently, the only way to send logs to Traefik is to use `os.Stdout.WriteString("...")` or `os.Stderr.WriteString("...")`. - -In the future, we will try to provide something better and based on levels. - -## Plugins Catalog - -Traefik plugins are stored and hosted as public GitHub repositories. - -Every 30 minutes, the Plugins Catalog online service polls Github to find plugins and add them to its catalog. - -### Prerequisites - -To be recognized by Plugins Catalog, your repository must meet the following criteria: - -- The `traefik-plugin` topic must be set. -- The `.traefik.yml` manifest must exist, and be filled with valid contents. - -If your repository fails to meet either of these prerequisites, Plugins Catalog will not see it. - -### Manifest - -A manifest is also mandatory, and it should be named `.traefik.yml` and stored at the root of your project. - -This YAML file provides Plugins Catalog with information about your plugin, such as a description, a full name, and so on. - -Here is an example of a typical `.traefik.yml`file: - -```yaml -# The name of your plugin as displayed in the Plugins Catalog web UI. -displayName: Name of your plugin - -# For now, `middleware` is the only type available. -type: middleware - -# The import path of your plugin. -import: github.com/username/my-plugin - -# A brief description of what your plugin is doing. -summary: Description of what my plugin is doing - -# Medias associated to the plugin (optional) -iconPath: foo/icon.png -bannerPath: foo/banner.png - -# Configuration data for your plugin. -# This is mandatory, -# and Plugins Catalog will try to execute the plugin with the data you provide as part of its startup validity tests. -testData: - Headers: - Foo: Bar -``` - -Properties include: - -- `displayName` (required): The name of your plugin as displayed in the Plugins Catalog web UI. -- `type` (required): For now, `middleware` is the only type available. -- `import` (required): The import path of your plugin. -- `summary` (required): A brief description of what your plugin is doing. -- `testData` (required): Configuration data for your plugin. This is mandatory, and Plugins Catalog will try to execute the plugin with the data you provide as part of its startup validity tests. -- `iconPath` (optional): A local path in the repository to the icon of the project. -- `bannerPath` (optional): A local path in the repository to the image that will be used when you will share your plugin page in social medias. - -There should also be a `go.mod` file at the root of your project. Plugins Catalog will use this file to validate the name of the project. - -### Tags and Dependencies - -Plugins Catalog gets your sources from a Go module proxy, so your plugins need to be versioned with a git tag. - -Last but not least, if your plugin middleware has Go package dependencies, you need to vendor them and add them to your GitHub repository. - -If something goes wrong with the integration of your plugin, Plugins Catalog will create an issue inside your Github repository and will stop trying to add your repo until you close the issue. - -## Troubleshooting - -If Plugins Catalog fails to recognize your plugin, you will need to make one or more changes to your GitHub repository. - -In order for your plugin to be successfully imported by Plugins Catalog, consult this checklist: - -- The `traefik-plugin` topic must be set on your repository. -- There must be a `.traefik.yml` file at the root of your project describing your plugin, and it must have a valid `testData` property for testing purposes. -- There must be a valid `go.mod` file at the root of your project. -- Your plugin must be versioned with a git tag. -- If you have package dependencies, they must be vendored and added to your GitHub repository.