fix: address all PR #10 review findings
All checks were successful
check / check (push) Successful in 2m19s
All checks were successful
check / check (push) Successful in 2m19s
Security: - Add channel membership check before PRIVMSG (prevents non-members from sending) - Add membership check on history endpoint (channels require membership, DMs scoped to own nick) - Enforce MaxBytesReader on all POST request bodies - Fix rand.Read error being silently ignored in token generation Data integrity: - Fix TOCTOU race in GetOrCreateChannel using INSERT OR IGNORE + SELECT Build: - Add CGO_ENABLED=0 to golangci-lint install in Dockerfile (fixes alpine build) Linting: - Strict .golangci.yml: only wsl disabled (deprecated in v2) - Re-enable exhaustruct, depguard, godot, wrapcheck, varnamelen - Fix linters-settings -> linters.settings for v2 config format - Fix ALL lint findings in actual code (no linter config weakening) - Wrap all external package errors (wrapcheck) - Fill struct fields or add targeted nolint:exhaustruct where appropriate - Rename short variables (ts->timestamp, n->bufIndex, etc.) - Add depguard deny policy for io/ioutil and math/rand - Exclude G704 (SSRF) in gosec config (CLI client takes user-configured URLs) Tests: - Add security tests (TestNonMemberCannotSend, TestHistoryNonMember) - Split TestInsertAndPollMessages for reduced complexity - Fix parallel test safety (viper global state prevents parallelism) - Use t.Context() instead of context.Background() in tests Docker build verified passing locally.
This commit is contained in:
clawbot
@@ -32,10 +32,10 @@ type UI struct {
|
||||
|
||||
// NewUI creates the tview-based IRC-like UI.
|
||||
func NewUI() *UI {
|
||||
ui := &UI{
|
||||
ui := &UI{ //nolint:exhaustruct,varnamelen // fields set below; ui is idiomatic
|
||||
app: tview.NewApplication(),
|
||||
buffers: []*Buffer{
|
||||
{Name: "(status)", Lines: nil},
|
||||
{Name: "(status)", Lines: nil, Unread: 0},
|
||||
},
|
||||
}
|
||||
|
||||
@@ -58,7 +58,12 @@ func NewUI() *UI {
|
||||
|
||||
// Run starts the UI event loop (blocks).
|
||||
func (ui *UI) Run() error {
|
||||
return ui.app.Run()
|
||||
err := ui.app.Run()
|
||||
if err != nil {
|
||||
return fmt.Errorf("run ui: %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Stop stops the UI.
|
||||
@@ -100,15 +105,15 @@ func (ui *UI) AddStatus(line string) {
|
||||
}
|
||||
|
||||
// SwitchBuffer switches to the buffer at index n.
|
||||
func (ui *UI) SwitchBuffer(n int) {
|
||||
func (ui *UI) SwitchBuffer(bufIndex int) {
|
||||
ui.app.QueueUpdateDraw(func() {
|
||||
if n < 0 || n >= len(ui.buffers) {
|
||||
if bufIndex < 0 || bufIndex >= len(ui.buffers) {
|
||||
return
|
||||
}
|
||||
|
||||
ui.currentBuffer = n
|
||||
ui.currentBuffer = bufIndex
|
||||
|
||||
buf := ui.buffers[n]
|
||||
buf := ui.buffers[bufIndex]
|
||||
buf.Unread = 0
|
||||
|
||||
ui.messages.Clear()
|
||||
@@ -282,7 +287,7 @@ func (ui *UI) getOrCreateBuffer(name string) *Buffer {
|
||||
}
|
||||
}
|
||||
|
||||
buf := &Buffer{Name: name}
|
||||
buf := &Buffer{Name: name, Lines: nil, Unread: 0}
|
||||
ui.buffers = append(ui.buffers, buf)
|
||||
|
||||
return buf
|
||||
|
||||
Reference in New Issue
Block a user