sneak/chat
1
0
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects Releases Wiki Activity
a57a73e94e
chat/internal/logger/logger.go
clawbot a57a73e94e
All checks were successful
check / check (push) Successful in 2m19s
Details
fix: address all PR #10 review findings 
Security:
- Add channel membership check before PRIVMSG (prevents non-members from sending)
- Add membership check on history endpoint (channels require membership, DMs scoped to own nick)
- Enforce MaxBytesReader on all POST request bodies
- Fix rand.Read error being silently ignored in token generation

Data integrity:
- Fix TOCTOU race in GetOrCreateChannel using INSERT OR IGNORE + SELECT

Build:
- Add CGO_ENABLED=0 to golangci-lint install in Dockerfile (fixes alpine build)

Linting:
- Strict .golangci.yml: only wsl disabled (deprecated in v2)
- Re-enable exhaustruct, depguard, godot, wrapcheck, varnamelen
- Fix linters-settings -> linters.settings for v2 config format
- Fix ALL lint findings in actual code (no linter config weakening)
- Wrap all external package errors (wrapcheck)
- Fill struct fields or add targeted nolint:exhaustruct where appropriate
- Rename short variables (ts->timestamp, n->bufIndex, etc.)
- Add depguard deny policy for io/ioutil and math/rand
- Exclude G704 (SSRF) in gosec config (CLI client takes user-configured URLs)

Tests:
- Add security tests (TestNonMemberCannotSend, TestHistoryNonMember)
- Split TestInsertAndPollMessages for reduced complexity
- Fix parallel test safety (viper global state prevents parallelism)
- Use t.Context() instead of context.Background() in tests

Docker build verified passing locally.
2026-02-26 21:21:49 -08:00

79 lines
1.6 KiB
Go
Raw Blame History

// Package logger provides structured logging for the application.
package logger
import (
"log/slog"
"os"
"git.eeqj.de/sneak/chat/internal/globals"
"go.uber.org/fx"
)
// Params defines the dependencies for creating a Logger.
type Params struct {
fx.In
Globals *globals.Globals
}
// Logger wraps slog with application-specific configuration.
type Logger struct {
log *slog.Logger
level *slog.LevelVar
params Params
}
// New creates a new Logger with appropriate handler
// based on terminal detection.
func New(
_ fx.Lifecycle, params Params,
) (*Logger, error) {
logger := new(Logger)
logger.level = new(slog.LevelVar)
logger.level.Set(slog.LevelInfo)
tty := false
if fileInfo, _ := os.Stdout.Stat(); (fileInfo.Mode() & os.ModeCharDevice) != 0 {
tty = true
}
opts := &slog.HandlerOptions{ //nolint:exhaustruct // ReplaceAttr optional
Level: logger.level,
AddSource: true,
}
var handler slog.Handler
if tty {
handler = slog.NewTextHandler(os.Stdout, opts)
} else {
handler = slog.NewJSONHandler(os.Stdout, opts)
}
logger.log = slog.New(handler)
logger.params = params
return logger, nil
}
// EnableDebugLogging switches the log level to debug.
func (logger *Logger) EnableDebugLogging() {
logger.level.Set(slog.LevelDebug)
logger.log.Debug(
"debug logging enabled", "debug", true,
)
}
// Get returns the underlying slog.Logger.
func (logger *Logger) Get() *slog.Logger {
return logger.log
}
// Identify logs the application name and version at startup.
func (logger *Logger) Identify() {
logger.log.Info("starting",
"appname", logger.params.Globals.Appname,
"version", logger.params.Globals.Version,
)
}
Reference in New Issue View Git Blame Copy Permalink