fix: resolve all golangci-lint issues
Fixes #32 Changes: - middleware.go: use max() builtin, strconv.Itoa, fix wsl whitespace - database.go: fix nlreturn, noinlineerr, wsl whitespace - handlers.go: remove unnecessary template.HTML conversion, unused import - app.go: extract cleanupContainer to fix nestif, fix lll - client.go: break long string literals to fix lll - deploy.go: fix wsl whitespace - auth_test.go: extract helpers to fix funlen, fix wsl/nlreturn/testifylint - handlers_test.go: deduplicate IDOR tests, fix paralleltest - validation_test.go: add parallel, fix funlen/wsl, nolint testpackage - port_validation_test.go: add parallel, nolint testpackage - ratelimit_test.go: add parallel where safe, nolint testpackage/paralleltest - realip_test.go: add parallel, use NewRequestWithContext, fix wsl/funlen - user.go: (noinlineerr already fixed by database.go pattern)
This commit is contained in:
clawbot
@@ -71,71 +71,80 @@ func setupTestService(t *testing.T) (*auth.Service, func()) {
|
||||
return svc, cleanup
|
||||
}
|
||||
|
||||
func setupAuthService(t *testing.T, debug bool) *auth.Service {
|
||||
t.Helper()
|
||||
|
||||
tmpDir := t.TempDir()
|
||||
|
||||
globals.SetAppname("upaas-test")
|
||||
globals.SetVersion("test")
|
||||
|
||||
globalsInst, err := globals.New(fx.Lifecycle(nil))
|
||||
require.NoError(t, err)
|
||||
|
||||
loggerInst, err := logger.New(
|
||||
fx.Lifecycle(nil),
|
||||
logger.Params{Globals: globalsInst},
|
||||
)
|
||||
require.NoError(t, err)
|
||||
|
||||
cfg := &config.Config{
|
||||
Port: 8080,
|
||||
DataDir: tmpDir,
|
||||
SessionSecret: "test-secret-key-at-least-32-chars",
|
||||
Debug: debug,
|
||||
}
|
||||
|
||||
dbInst, err := database.New(fx.Lifecycle(nil), database.Params{
|
||||
Logger: loggerInst,
|
||||
Config: cfg,
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
svc, err := auth.New(fx.Lifecycle(nil), auth.ServiceParams{
|
||||
Logger: loggerInst,
|
||||
Config: cfg,
|
||||
Database: dbInst,
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
return svc
|
||||
}
|
||||
|
||||
func getSessionCookie(t *testing.T, svc *auth.Service) *http.Cookie {
|
||||
t.Helper()
|
||||
|
||||
_, err := svc.CreateUser(context.Background(), "admin", "password123")
|
||||
require.NoError(t, err)
|
||||
|
||||
user, err := svc.Authenticate(context.Background(), "admin", "password123")
|
||||
require.NoError(t, err)
|
||||
|
||||
recorder := httptest.NewRecorder()
|
||||
request := httptest.NewRequest(http.MethodGet, "/", nil)
|
||||
|
||||
err = svc.CreateSession(recorder, request, user)
|
||||
require.NoError(t, err)
|
||||
|
||||
for _, c := range recorder.Result().Cookies() {
|
||||
if c.Name == "upaas_session" {
|
||||
return c
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func TestSessionCookieSecureFlag(testingT *testing.T) {
|
||||
testingT.Parallel()
|
||||
|
||||
testingT.Run("secure flag is true when debug is false", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
tmpDir := t.TempDir()
|
||||
|
||||
globals.SetAppname("upaas-test")
|
||||
globals.SetVersion("test")
|
||||
|
||||
globalsInst, err := globals.New(fx.Lifecycle(nil))
|
||||
require.NoError(t, err)
|
||||
|
||||
loggerInst, err := logger.New(
|
||||
fx.Lifecycle(nil),
|
||||
logger.Params{Globals: globalsInst},
|
||||
)
|
||||
require.NoError(t, err)
|
||||
|
||||
cfg := &config.Config{
|
||||
Port: 8080,
|
||||
DataDir: tmpDir,
|
||||
SessionSecret: "test-secret-key-at-least-32-chars",
|
||||
Debug: false,
|
||||
}
|
||||
|
||||
dbInst, err := database.New(fx.Lifecycle(nil), database.Params{
|
||||
Logger: loggerInst,
|
||||
Config: cfg,
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
svc, err := auth.New(fx.Lifecycle(nil), auth.ServiceParams{
|
||||
Logger: loggerInst,
|
||||
Config: cfg,
|
||||
Database: dbInst,
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
// Create user and session, check cookie has Secure flag
|
||||
_, err = svc.CreateUser(context.Background(), "admin", "password123")
|
||||
require.NoError(t, err)
|
||||
|
||||
user, err := svc.Authenticate(context.Background(), "admin", "password123")
|
||||
require.NoError(t, err)
|
||||
|
||||
recorder := httptest.NewRecorder()
|
||||
request := httptest.NewRequest(http.MethodGet, "/", nil)
|
||||
|
||||
err = svc.CreateSession(recorder, request, user)
|
||||
require.NoError(t, err)
|
||||
|
||||
cookies := recorder.Result().Cookies()
|
||||
require.NotEmpty(t, cookies)
|
||||
|
||||
var sessionCookie *http.Cookie
|
||||
for _, c := range cookies {
|
||||
if c.Name == "upaas_session" {
|
||||
sessionCookie = c
|
||||
break
|
||||
}
|
||||
}
|
||||
require.NotNil(t, sessionCookie, "session cookie should exist")
|
||||
assert.True(t, sessionCookie.Secure, "session cookie should have Secure flag in production mode")
|
||||
svc := setupAuthService(t, false)
|
||||
cookie := getSessionCookie(t, svc)
|
||||
require.NotNil(t, cookie, "session cookie should exist")
|
||||
assert.True(t, cookie.Secure, "session cookie should have Secure flag in production mode")
|
||||
})
|
||||
}
|
||||
|
||||
@@ -302,12 +311,14 @@ func TestCreateUserRaceCondition(testingT *testing.T) {
|
||||
close(start)
|
||||
|
||||
var successes, failures int
|
||||
|
||||
for range goroutines {
|
||||
err := <-results
|
||||
if err == nil {
|
||||
successes++
|
||||
} else {
|
||||
assert.ErrorIs(t, err, auth.ErrUserExists)
|
||||
require.ErrorIs(t, err, auth.ErrUserExists)
|
||||
|
||||
failures++
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user