fix: resolve mnd and nestif linter errors

- Added constants to replace magic numbers: - agePrivKeyPassphraseLength = 64 - versionNameParts = 2 - maxVersionsPerDay = 999 - Refactored crypto.go to reduce nesting complexity: - Inverted if condition to handle non-existent secret first - Extracted getSecretValue helper method
2025-07-09 07:05:07 -07:00
parent 6fe49344e2
commit 38b450cbcf
3 changed files with 40 additions and 26 deletions
--- a/internal/secret/keychainunlocker.go
+++ b/internal/secret/keychainunlocker.go
@@ -16,6 +16,10 @@ import (
 	"github.com/spf13/afero"
 )

+const (
+	agePrivKeyPassphraseLength = 64
+)
+
 // keychainItemNameRegex validates keychain item names
 // Allows alphanumeric characters, dots, hyphens, and underscores only
 var keychainItemNameRegex = regexp.MustCompile(`^[A-Za-z0-9._-]+$`)
@@ -253,7 +257,7 @@ func CreateKeychainUnlocker(fs afero.Fs, stateDir string) (*KeychainUnlocker, er
 	}

 	// Step 2: Generate a random passphrase for encrypting the age private key
-	agePrivKeyPassphrase, err := generateRandomPassphrase(64)
+	agePrivKeyPassphrase, err := generateRandomPassphrase(agePrivKeyPassphraseLength)
 	if err != nil {
 		return nil, fmt.Errorf("failed to generate age private key passphrase: %w", err)
 	}
--- a/internal/secret/version.go
+++ b/internal/secret/version.go
@@ -15,6 +15,11 @@ import (
 	"github.com/spf13/afero"
 )

+const (
+	versionNameParts  = 2
+	maxVersionsPerDay = 999
+)
+
 // VersionMetadata contains information about a secret version
 type VersionMetadata struct {
 	ID        string     `json:"id"`                  // ULID
@@ -87,7 +92,7 @@ func GenerateVersionName(fs afero.Fs, secretDir string) (string, error) {
 		if entry.IsDir() && strings.HasPrefix(entry.Name(), prefix) {
 			// Extract serial number
 			parts := strings.Split(entry.Name(), ".")
-			if len(parts) == 2 {
+			if len(parts) == versionNameParts {
 				var serial int
 				if _, err := fmt.Sscanf(parts[1], "%03d", &serial); err == nil {
 					if serial > maxSerial {
@@ -100,7 +105,7 @@ func GenerateVersionName(fs afero.Fs, secretDir string) (string, error) {

 	// Generate new version name
 	newSerial := maxSerial + 1
-	if newSerial > 999 {
+	if newSerial > maxVersionsPerDay {
 		return "", fmt.Errorf("exceeded maximum versions per day (999)")
 	}