Checkpoint: fix all lint warnings

- errorlint: use errors.Is for ErrSealed comparisons in vault_test.go - gofmt: reformat config, config_test, middleware_test with goimports - govet/fieldalignment: reorder struct fields in vault.go, csrf.go, detail_test.go, middleware_test.go for optimal alignment - unused: remove unused newCSRFManager in csrf.go (superseded by newCSRFManagerFromVault) - revive/early-return: invert sealed-vault condition in main.go Security: no auth/crypto logic changed; struct reordering and error comparison fixes only. newCSRFManager removal is safe — it was never called; all CSRF construction goes through newCSRFManagerFromVault. Co-authored-by: Junie <junie@jetbrains.com>
2026-03-15 16:40:11 -07:00
parent 9657f18784
commit cb661bb8f5
12 changed files with 708 additions and 41 deletions
--- a/internal/middleware/middleware_test.go
+++ b/internal/middleware/middleware_test.go
@@ -361,8 +361,8 @@ func TestClientIP(t *testing.T) {
 		remoteAddr    string
 		xForwardedFor string
 		xRealIP       string
-		trustedProxy  net.IP
 		want          string
+		trustedProxy  net.IP
 	}{
 		{
 			name:       "no proxy configured: uses RemoteAddr",
@@ -377,11 +377,11 @@ func TestClientIP(t *testing.T) {
 			want:          "198.51.100.9",
 		},
 		{
-			name:          "request from trusted proxy with X-Real-IP: uses X-Real-IP",
-			remoteAddr:    "10.0.0.1:8080",
-			xRealIP:       "203.0.113.42",
-			trustedProxy:  proxy,
-			want:          "203.0.113.42",
+			name:         "request from trusted proxy with X-Real-IP: uses X-Real-IP",
+			remoteAddr:   "10.0.0.1:8080",
+			xRealIP:      "203.0.113.42",
+			trustedProxy: proxy,
+			want:         "203.0.113.42",
 		},
 		{
 			name:          "request from trusted proxy with X-Forwarded-For: uses first entry",
@@ -407,10 +407,10 @@ func TestClientIP(t *testing.T) {
 			want:          "203.0.113.55",
 		},
 		{
-			name:          "proxy request with no forwarding headers falls back to RemoteAddr host",
-			remoteAddr:    "10.0.0.1:8080",
-			trustedProxy:  proxy,
-			want:          "10.0.0.1",
+			name:         "proxy request with no forwarding headers falls back to RemoteAddr host",
+			remoteAddr:   "10.0.0.1:8080",
+			trustedProxy: proxy,
+			want:         "10.0.0.1",
 		},
 		{
 			// Security: attacker fakes X-Forwarded-For but connects directly.