kyle/eng-pad-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add comprehensive config validation and race testing target

Browse Source 
Split config validation into validateFields() (pure logic) and
validateFiles() (filesystem checks) for testability. New validations:
TLS file existence, token TTL parseability/positivity, Argon2 params > 0,
valid log level, non-empty listen addresses. Added 18 tests covering all
validation paths. Added `make test-race` target. Resolves A-015 and A-017.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Kyle Isom
2026-03-24 20:49:16 -07:00
parent c5469c6bdf
commit 41839b7284
4 changed files with 307 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
internal/config/config.go
View File

@@ -70,11 +70,65 @@ func Load(path string) (*Config, error) {
}
func (c *Config) validate() error {
if err := c.validateFields(); err != nil {
return err
}
if err := c.validateFiles(); err != nil {
return err
}
return nil
}
// validateFields checks config values that don't require filesystem access.
func (c *Config) validateFields() error {
if c.Database.Path == "" {
return fmt.Errorf("database.path is required")
}
if c.Server.TLSCert == "" || c.Server.TLSKey == "" {
return fmt.Errorf("server.tls_cert and server.tls_key are required")
}
if c.Server.ListenAddr == "" {
return fmt.Errorf("server.listen_addr is required")
}
if c.Server.GRPCAddr == "" {
return fmt.Errorf("server.grpc_addr is required")
}
d, err := c.Auth.TokenDuration()
if err != nil {
return fmt.Errorf("auth.token_ttl is invalid: %w", err)
}
if d <= 0 {
return fmt.Errorf("auth.token_ttl must be positive")
}
if c.Auth.Argon2Memory == 0 {
return fmt.Errorf("auth.argon2_memory must be greater than zero")
}
if c.Auth.Argon2Time == 0 {
return fmt.Errorf("auth.argon2_time must be greater than zero")
}
if c.Auth.Argon2Threads == 0 {
return fmt.Errorf("auth.argon2_threads must be greater than zero")
}
switch c.Log.Level {
case "debug", "info", "warn", "error":
// valid
default:
return fmt.Errorf("log.level must be one of: debug, info, warn, error (got %q)", c.Log.Level)
}
return nil
}
// validateFiles checks that referenced files exist on disk.
func (c *Config) validateFiles() error {
if _, err := os.Stat(c.Server.TLSCert); err != nil {
return fmt.Errorf("server.tls_cert file not found: %w", err)
}
if _, err := os.Stat(c.Server.TLSKey); err != nil {
return fmt.Errorf("server.tls_key file not found: %w", err)
}
return nil
}