Init repo

.github/workflows/go-cross.yml

@@ -0,0 +1,47 @@
+name: Go Matrix
+on: [push, pull_request]
+
+jobs:
+  cross:
+    name: Go
+    runs-on: ${{ matrix.os }}
+    env:
+      CGO_ENABLED: 0
+
+    strategy:
+      matrix:
+        go-version: [1.21, 1.x]
+        os: [ubuntu-latest, macos-latest, windows-latest]
+
+    steps:
+      # https://github.com/marketplace/actions/setup-go-environment
+      - name: Set up Go ${{ matrix.go-version }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+
+      # https://github.com/marketplace/actions/checkout
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      # https://github.com/marketplace/actions/cache
+      - name: Cache Go modules
+        uses: actions/cache@v3
+        with:
+          # In order:
+          # * Module download cache
+          # * Build cache (Linux)
+          # * Build cache (Mac)
+          # * Build cache (Windows)
+          path: |
+            ~/go/pkg/mod
+            ~/.cache/go-build
+            ~/Library/Caches/go-build
+            %LocalAppData%\go-build
+          key: ${{ runner.os }}-${{ matrix.go-version }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-${{ matrix.go-version }}-go-
+
+      - name: Test
+        run: go test -v -cover ./...
+

.github/workflows/main.yml

@@ -0,0 +1,70 @@
+name: Main
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  main:
+    name: Main Process
+    runs-on: ubuntu-latest
+    env:
+      GO_VERSION: 1.21
+      GOLANGCI_LINT_VERSION: v1.58.1
+      YAEGI_VERSION: v0.16.1
+      CGO_ENABLED: 0
+    defaults:
+      run:
+        working-directory: ${{ github.workspace }}/go/src/github.com/${{ github.repository }}
+
+    steps:
+      # https://github.com/marketplace/actions/setup-go-environment
+      - name: Set up Go ${{ env.GO_VERSION }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      # https://github.com/marketplace/actions/checkout
+      - name: Check out code
+        uses: actions/checkout@v2
+        with:
+          path: go/src/github.com/${{ github.repository }}
+          fetch-depth: 0
+
+      # https://github.com/marketplace/actions/cache
+      - name: Cache Go modules
+        uses: actions/cache@v3
+        with:
+          path: ${{ github.workspace }}/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+
+      # https://golangci-lint.run/usage/install#other-ci
+      - name: Install golangci-lint ${{ env.GOLANGCI_LINT_VERSION }}
+        run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin ${GOLANGCI_LINT_VERSION}
+
+      - name: Install Yaegi ${{ env.YAEGI_VERSION }}
+        run: curl -sfL https://raw.githubusercontent.com/traefik/yaegi/master/install.sh | bash -s -- -b $(go env GOPATH)/bin ${YAEGI_VERSION}
+
+      - name: Setup GOPATH
+        run: go env -w GOPATH=${{ github.workspace }}/go
+
+      - name: Check and get dependencies for responseheadersfilter
+        run: |
+          go mod tidy
+          git diff --exit-code go.mod
+          # git diff --exit-code go.sum
+          go mod download
+          go mod vendor
+          # git diff --exit-code ./vendor/
+
+      - name: Lint and Tests for responseheadersfilter
+        run: make
+
+      - name: Run tests with Yaegi for responseheadersfilter
+        run: make yaegi_test
+        env:
+          GOPATH: ${{ github.workspace }}/go

.gitignore

@@ -0,0 +1,3 @@
+.idea/
+.DS_Store
+**/bin

.golangci.yml

@@ -0,0 +1,76 @@
+run:
+  timeout: 3m
+  skip-files: []
+  skip-dirs: []
+
+linters-settings:
+  govet:
+    enable-all: true
+    disable:
+      - fieldalignment
+  golint:
+    min-confidence: 0
+  gocyclo:
+    min-complexity: 12
+  goconst:
+    min-len: 5
+    min-occurrences: 4
+  misspell:
+    locale: US
+  funlen:
+    lines: -1
+    statements: 50
+  godox:
+    keywords:
+      - FIXME
+  gofumpt:
+    extra-rules: true
+
+linters:
+  enable-all: true
+  disable:
+    - deadcode # deprecated
+    - depguard # unused
+    - exhaustivestruct # deprecated
+    - golint # deprecated
+    - ifshort # deprecated
+    - interfacer # deprecated
+    - maligned # deprecated
+    - nosnakecase # deprecated
+    - scopelint # deprecated
+    - scopelint # deprecated
+    - structcheck # deprecated
+    - varcheck # deprecated
+    - sqlclosecheck # not relevant (SQL)
+    - rowserrcheck # not relevant (SQL)
+    - execinquery # not relevant (SQL)
+    - cyclop # duplicate of gocyclo
+    - bodyclose # Too many false positives: https://github.com/timakin/bodyclose/issues/30
+    - dupl
+    - testpackage
+    - tparallel
+    - paralleltest
+    - nlreturn
+    - wsl
+    - exhaustive
+    - exhaustruct
+    - err113
+    - wrapcheck
+    - ifshort
+    - noctx
+    - lll
+    - gomnd
+    - forbidigo
+    - varnamelen
+
+issues:
+  exclude-use-default: false
+  max-per-linter: 0
+  max-same-issues: 0
+  exclude: []
+  exclude-rules:
+    - path: (.+)_test.go
+      linters:
+        - goconst
+        - funlen
+        - godot

.traefik.yml

@@ -0,0 +1,11 @@
+displayName: Response Headers Filter Plugin
+type: middleware
+
+import: github.com/quortex/traefik-responseheadersfilter
+
+summary: "filter response headers based on a list of allowed headers"
+
+testData:
+  Headers:
+    - allowed-header-1
+    - allowed-header-2

Makefile

@@ -0,0 +1,43 @@
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+## Tool Binaries
+GOLANG_CI_LINT?= $(LOCALBIN)/golangci-lint
+YAEGI?= $(LOCALBIN)/yaegi
+
+## Tool Versions
+GOLANG_CI_LINT_VERSION ?= v1.58.1
+YAEGI_VERSION ?= v0.16.1
+
+.PHONY: golangci-lint
+golangci-lint: $(GOLANG_CI_LINT) ## Download golangci-lint locally if necessary.
+$(GOLANG_CI_LINT): $(LOCALBIN)
+	test -s $(LOCALBIN)/golangci-lint || GOBIN=$(LOCALBIN) go install github.com/golangci/golangci-lint/cmd/golangci-lint@$(GOLANG_CI_LINT_VERSION)
+.PHONY: yaegi
+yaegi: $(YAEGI) ## Download yaegi locally if necessary.
+$(YAEGI): $(LOCALBIN)
+	test -s $(LOCALBIN)/yaegi || GOBIN=$(LOCALBIN) go install github.com/traefik/yaegi/cmd/yaegi@$(YAEGI_VERSION)
+
+.PHONY: lint test vendor clean
+
+export GO111MODULE=on
+
+default: lint test
+
+lint: golangci-lint
+	$(GOLANG_CI_LINT) run
+
+test:
+	go test -v -cover ./...
+
+yaegi_test: yaegi
+	$(YAEGI) test -v .
+
+vendor:
+	go mod vendor
+
+clean:
+	rm -rf ./vendor
+

README.md

@@ -0,0 +1,120 @@
+# Traefik Plugin: Response Headers Filter
+
+[![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/bmagic/traefik-plugin-filter-response-headers/blob/main/LICENSE)
+
+This repo contains a Traefik plugin that allows you to filter response headers based on a whitelist.
+
+
+## Configuration
+
+It is possible to install the [plugin locally](https://traefik.io/blog/using-private-plugins-in-traefik-proxy-2-5/) or to install it through [Traefik Pilot](https://pilot.traefik.io/plugins).
+
+### Configuration as local plugin
+
+Depending on your setup, the installation steps might differ from the one described here. This example assumes that your Traefik instance runs in a Docker container and uses the [official image](https://hub.docker.com/_/traefik/).
+
+Download the latest release of the plugin and save it to a location the Traefik container can reach. Below is an example of a possible setup. Notice how the plugin source is mapped into the container (`/plugin/traefik-responseheadersfilter:/plugins-local/src/github.com/quortex/traefik-responseheadersfilter/`) via a volume bind mount:
+
+#### `docker-compose.yml`
+
+````yml
+version: "3.7"
+
+services:
+  traefik:
+    image: traefik
+
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /docker/config/traefik/traefik.yml:/etc/traefik/traefik.yml
+      - /docker/config/traefik/dynamic-configuration.yml:/etc/traefik/dynamic-configuration.yml
+      - /docker/config/traefik/plugin/traefik-responseheadersfilter:/plugins-local/src/github.com/quortex/traefik-responseheadersfilter/
+
+    ports:
+      - "8080:80"
+
+  hello:
+    image: ealen/echo-server
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.hello.entrypoints=http
+      - traefik.http.routers.hello.rule=Host(`localhost`)
+      - traefik.http.services.hello.loadbalancer.server.port=80
+      - traefik.http.routers.hello.middlewares=my-traefik-responseheadersfilter@file
+
+````
+
+To complete the setup, the Traefik configuration must be extended with the plugins. For this you must create the `traefik.yml` and the dynamic-configuration.yml` files if not present already.
+
+````yml
+log:
+  level: INFO
+
+experimental:
+  localPlugins:
+    traefik-responseheadersfilter:
+      moduleName: github.com/quortex/traefik-responseheadersfilter
+````
+
+#### `dynamic-configuration.yml`
+
+````yml
+http:
+  middlewares:
+    my-traefik-responseheadersfilter:
+      plugin:
+        traefik-responseheadersfilter:
+          headers:
+            - allowed-header
+````
+### Traefik Plugin registry
+
+This procedure will install the plugins via the [Traefik Plugin registry](https://plugins.traefik.io/install).
+
+Add the following code to your `traefik-config.yml`
+
+```yml
+experimental:
+  plugins:
+    traefik-responseheadersfilter:
+      moduleName: "github.com/quortex/traefik-responseheadersfilter"
+      version: "v0.0.0"
+# other stuff you might have in your traefik-config
+entryPoints:
+  http:
+    address: ":80"
+  https:
+    address: ":443"
+
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+  file:
+    filename: "/etc/traefik/dynamic-configuration.yml"
+```
+
+In your dynamic configuration add the following code:
+
+```yml
+http:
+  middlewares:
+    my-traefik-responseheadersfilter:
+      plugin:
+        traefik-responseheadersfilter:
+          headers:
+            - allowed-header
+            - allowed-header-2
+```
+
+## Develop
+A docker compose configuration is already sets to run a traefik and and echo server with local plugin deployed 
+```bash
+docker compose -f docker/dev/docker-compose.yml up
+```
+
+### Testing headers filtering
+You can run a curl to check the response headers
+```bash
+curl  -v "http://localhost:8080?echo_header=Allowed-header:value1,%20foo:foo,%20bar:bar"                                                                    
+```