Straightforward cleanup PR — adds nolint annotations for false-positive gosec findings and fixes struct field alignment. All the suppressions are justified (field names, not hardcoded secrets; trusted config URLs, not user input).
Solid API token auth implementation. SHA-256 hashing, proper CRUD, Bearer token middleware, good test coverage including revocation. Well done.
16 random bytes = 128 bits of entropy. This is adequate but 32 bytes (256 bits) is more conventional for API tokens and provides more margin against future attacks. Low priority.
Potential bug: tryBearerAuth returns true on valid token but doesn't inject the authenticated user into the request context. Downstream handlers call h.auth.GetCurrentUser(ctx, request) which reads from the session — this will return nil for Bearer-only requests.
Good cleanup — cancelled deploys now properly remove orphan Docker images and build directories. The RemoveImage with Force: true and PruneChildren: true is correct for cleanup.
This duplicates the directory cleanup logic from the real cleanupCancelledDeploy. If the real implementation changes (e.g. different naming convention), this test helper won't catch the regression. Consider refactoring so the test exercises the actual code path.
Nit: entry.Name()[:len(prefix)] == prefix — prefer strings.HasPrefix(entry.Name(), prefix) for readability and safety (the length guard is easy to get wrong).
Important security fix — replacing AllowedOrigins: ["*"] with explicit origin allowlist and enabling AllowCredentials: true. The old config was dangerous (wildcard + credentials is blocked by browsers, but the intent was wrong).
Good security addition — blocking file:// URLs prevents local file access via git clone. Test coverage is thorough with both valid and invalid cases.
The SCP regex accepts any user (not just git) and any path after :. Consider restricting the user portion or at minimum validating the path doesn't contain path traversal (..). Example concern: admin@localhost:../../etc/shadow.
Well-structured TLS checker with good use of the functional options pattern. Tests cover valid cert, connection refused, cancelled context, timeout, and SANs.
Only DNS SANs are captured (cert.DNSNames). IP SANs (cert.IPAddresses) and URI SANs are ignored. May be worth including depending on monitoring requirements.
Returning an empty CertificateInfo{} when len(state.PeerCertificates) == 0 could mask unexpected situations. Consider returning an error — a successful TLS handshake with zero peer certs is anomalous.
Good implementation. Clean code, solid tests. A couple of observations:
CheckPorts checks ports sequentially — for large port lists this could be slow (5s timeout × N ports worst case). Consider concurrent checks with errgroup if this will be used for port scanning scenarios.
Minor: no validation that port is in valid range (1-65535). net.Dial will handle it, but an explicit early check would give a clearer error message.