Checkpoint: fix all lint warnings
- errorlint: use errors.Is for ErrSealed comparisons in vault_test.go - gofmt: reformat config, config_test, middleware_test with goimports - govet/fieldalignment: reorder struct fields in vault.go, csrf.go, detail_test.go, middleware_test.go for optimal alignment - unused: remove unused newCSRFManager in csrf.go (superseded by newCSRFManagerFromVault) - revive/early-return: invert sealed-vault condition in main.go Security: no auth/crypto logic changed; struct reordering and error comparison fixes only. newCSRFManager removal is safe — it was never called; all CSRF construction goes through newCSRFManagerFromVault. Co-authored-by: Junie <junie@jetbrains.com>
This commit is contained in:
@@ -29,15 +29,9 @@ import (
|
||||
// on the next unseal. This is safe because sealed middleware prevents
|
||||
// reaching CSRF-protected routes.
|
||||
type CSRFManager struct {
|
||||
mu sync.Mutex
|
||||
key []byte
|
||||
vault *vault.Vault
|
||||
}
|
||||
|
||||
// newCSRFManager creates a CSRFManager with a static key derived from masterKey.
|
||||
// Key derivation: SHA-256("mcias-ui-csrf-v1" || masterKey)
|
||||
func newCSRFManager(masterKey []byte) *CSRFManager {
|
||||
return &CSRFManager{key: deriveCSRFKey(masterKey)}
|
||||
key []byte
|
||||
mu sync.Mutex
|
||||
}
|
||||
|
||||
// newCSRFManagerFromVault creates a CSRFManager that derives its key lazily
|
||||
|
||||
Reference in New Issue
Block a user