Request accessor overrides (SetClientIP, SetScheme, SetHost)

[FumingPower3925]

Problem

ClientIP(), Scheme(), and Host() read raw request headers directly. A trusted-proxy middleware that validates and strips spoofed headers cannot make these methods return the validated values. Downstream handlers using c.ClientIP() see unvalidated, potentially spoofed values.

Unblocks

• Proxy Headers middleware (Examples and initial documentation #22)
• RealIP middleware (fix: resolve death spiral under sustained high-concurrency load #38)

Change

Add 3 override fields to Context struct:

clientIPOverride string
schemeOverride   string
hostOverride     string

Modify getters (one branch each):

func (c *Context) ClientIP() string {
    if c.clientIPOverride != "" { return c.clientIPOverride }
    // ... existing logic ...
}
func (c *Context) Scheme() string {
    if c.schemeOverride != "" { return c.schemeOverride }
    // ... existing logic ...
}
func (c *Context) Host() string {
    if c.hostOverride != "" { return c.hostOverride }
    // ... existing logic ...
}

Add setters:

func (c *Context) SetClientIP(ip string)  { c.extended = true; c.clientIPOverride = ip }
func (c *Context) SetScheme(s string)     { c.extended = true; c.schemeOverride = s }
func (c *Context) SetHost(h string)       { c.extended = true; c.hostOverride = h }

Add to reset() extended block:

c.clientIPOverride = ""
c.schemeOverride = ""
c.hostOverride = ""

Performance

One empty-string branch per getter call (perfectly predicted when unused). These methods are NOT called in the hot path — they're called once per request by specific middleware. Override fields cleared under extended flag (no cost when not used). Adds 48 bytes to Context struct (3 strings × 16 bytes), which is pooled.

Files

• context.go
• context_request.go