Whitelisted IPs not shared across multiple routers

[Sandarr95]

Not sure if this use-case is supported, but I'm trying to use the middleware in multiple routers, and it seems the whitelistedIPs are not shared across routers. I think I have the behavior narrowed down, but I don't know what the intended operating mode is.

After adding log lines, right before the check on isWhitelisted:

fmt.Printf("[%s] INFO whitelistedIPs %+v\n", i.name, i.whitelistedIPs)
fmt.Printf("[%s] INFO clientIP (%s), isWhitelisted: (%t), expiresAt: (%s).\n", i.name, clientIP, isWhitelisted, ipData.ExpiresAt)

And running these requests after approval of knock.localhost has happened:

curl -6 knock.localhost #=> 418 (default of noop@internal)
curl -6 service.localhost #=> 403

I can see this in logging:

[my-ipwhitelistshaper@file] INFO whitelistedIPs map[127.0.0.1:{ExpiresAt:2025-10-22 21:48:26.421020933 +0200 CEST ValidationID:8a35d8fa02016749091fbc7411435eda ValidationCode:penguin} ::1:{ExpiresAt:2025-10-22 21:49:40.142884351 +0200 CEST m=+402.508945046 ValidationID:3948f3f1798c7aed9569733a6342a889 ValidationCode:airplane}]
[my-ipwhitelistshaper@file] INFO clientIP (::1), isWhitelisted: (true), expiresAt: (2025-10-22 21:49:40.142884351 +0200 CEST m=+402.508945046)
...
[my-ipwhitelistshaper@file] INFO whitelistedIPs map[]
[my-ipwhitelistshaper@file] INFO clientIP (::1), isWhitelisted: (false), expiresAt: (0001-01-01 00:00:00 +0000 UTC)

Running traefik with this config:

# Static configuration
log:
  level: DEBUG
providers:
  file:
    filename: dynamic.yml
entryPoints:
  web:
    address: ":80"
    asDefault: true
experimental:
  localPlugins:
    ipwhitelistshaper:
      moduleName: github.com/hhftechnology/ipwhitelistshaper

# Dynamic configuration
http:
  middlewares:
    my-ipwhitelistshaper:
      plugin:
        ipwhitelistshaper:
          approvalURL: "https://knock.localhost"
          storagePath: "./plugins-storage/ipwhitelistshaper"
  routers:
    # Main router that applies the whitelist protection
    protected-service:
      rule: "Host(`service.localhost`)"
      service: "noop@internal"
      middlewares:
        - "my-ipwhitelistshaper"
    
    # Special router to handle the knock-knock endpoint
    knock-router:
      rule: "Host(`knock.localhost`)"
      service: "noop@internal"
      middlewares:
        - "my-ipwhitelistshaper"

[Sandarr95]

Using a setup more similar to the README also doesn't work. It seems the approve-router isn't seeing the pending approvals created by the knock-knock-router:

[my-ipwhitelistshaper@file] DEBUG Saving state. Pending approvals to save: 1 entries
...
[my-ipwhitelistshaper@file] DEBUG State loaded from file plugins-storage/ipwhitelistshaper/state.json. Pending approvals map size: 0
[my-ipwhitelistshaper@file] DEBUG State loaded in handleApproveRequest for IP ::1. Current pending map size: 0. Content samples: map[]
[my-ipwhitelistshaper@file] ERROR No pending approval found in current state for IP: ::1 (Token: fddbd0e4ce94118dadbdda601d4a7e5f). Approval attempt failed. Pending map keys: []

http:
  middlewares:
    my-ipwhitelistshaper:
      plugin:
        ipwhitelistshaper:
          approvalURL: "https://knock.localhost"
          storagePath: "./plugins-storage/ipwhitelistshaper"
  routers:
    # Main router that applies the whitelist protection
    protected-service:
      rule: "Host(`service.localhost`)"
      service: "noop@internal"
      middlewares:
        - "my-ipwhitelistshaper@file"

    knock-test-service:
      rule: "Host(`knock.localhost`)"
      service: "noop@internal"
      middlewares:
        - "my-ipwhitelistshaper@file"
    
    # Special router to handle the knock-knock endpoint
    knock-knock-router:
      rule: "Host(`knock.localhost`) && Path(`/knock-knock`)"
      service: "noop@internal"
      middlewares:
        - "my-ipwhitelistshaper@file"
      priority: 110  # Higher priority than the main router
      
    # Special router to handle the approval endpoint
    approve-router:
      rule: "Host(`knock.localhost`) && PathPrefix(`/approve`)"
      service: "noop@internal"
      middlewares:
        - "my-ipwhitelistshaper@file"
      priority: 110  # Higher priority than the main router