Fix all golangci-lint warnings
- errorlint: use errors.Is for db.ErrNotFound comparisons in accountservice.go, credentialservice.go, tokenservice.go - gofmt/goimports: move mciasv1 alias into internal import group in auth.go, credentialservice.go, grpcserver.go, grpcserver_test.go - gosec G115: add nolint annotation on int32 port conversions in mciasgrpcctl/main.go and credentialservice.go (port validated as [1,65535] on input; overflow not reachable) - govet fieldalignment: reorder Server, grpcRateLimiter, grpcRateLimitEntry, testEnv structs to reduce GC bitmap size (96 -> 80 pointer bytes each) - ineffassign: remove intermediate grpcSrv = GRPCServer() call in cmd/mciassrv/main.go (immediately overwritten by TLS build) - staticcheck SA9003: replace empty if-body with _ = Serve(lis) in grpcserver_test.go 0 golangci-lint issues; 137 tests pass (go test -race ./...)
This commit is contained in:
@@ -31,10 +31,10 @@ import (
|
||||
"google.golang.org/grpc/peer"
|
||||
"google.golang.org/grpc/status"
|
||||
|
||||
mciasv1 "git.wntrmute.dev/kyle/mcias/gen/mcias/v1"
|
||||
"git.wntrmute.dev/kyle/mcias/internal/config"
|
||||
"git.wntrmute.dev/kyle/mcias/internal/db"
|
||||
"git.wntrmute.dev/kyle/mcias/internal/token"
|
||||
mciasv1 "git.wntrmute.dev/kyle/mcias/gen/mcias/v1"
|
||||
)
|
||||
|
||||
// contextKey is the unexported context key type for this package.
|
||||
@@ -55,10 +55,10 @@ func claimsFromContext(ctx context.Context) *token.Claims {
|
||||
type Server struct {
|
||||
db *db.DB
|
||||
cfg *config.Config
|
||||
logger *slog.Logger
|
||||
privKey ed25519.PrivateKey
|
||||
pubKey ed25519.PublicKey
|
||||
masterKey []byte
|
||||
logger *slog.Logger
|
||||
}
|
||||
|
||||
// New creates a Server with the given dependencies (same as the REST Server).
|
||||
@@ -76,10 +76,10 @@ func New(database *db.DB, cfg *config.Config, priv ed25519.PrivateKey, pub ed255
|
||||
// publicMethods is the set of fully-qualified method names that bypass auth.
|
||||
// These match the gRPC full method path: /<package>.<Service>/<Method>.
|
||||
var publicMethods = map[string]bool{
|
||||
"/mcias.v1.AdminService/Health": true,
|
||||
"/mcias.v1.AdminService/GetPublicKey": true,
|
||||
"/mcias.v1.TokenService/ValidateToken": true,
|
||||
"/mcias.v1.AuthService/Login": true,
|
||||
"/mcias.v1.AdminService/Health": true,
|
||||
"/mcias.v1.AdminService/GetPublicKey": true,
|
||||
"/mcias.v1.TokenService/ValidateToken": true,
|
||||
"/mcias.v1.AuthService/Login": true,
|
||||
}
|
||||
|
||||
// GRPCServer builds and returns a configured *grpc.Server with all services
|
||||
@@ -217,17 +217,17 @@ func (s *Server) requireAdmin(ctx context.Context) error {
|
||||
// grpcRateLimiter is a per-IP token bucket for gRPC, sharing the same
|
||||
// algorithm as the REST RateLimit middleware.
|
||||
type grpcRateLimiter struct {
|
||||
mu sync.Mutex
|
||||
ips map[string]*grpcRateLimitEntry
|
||||
rps float64
|
||||
burst float64
|
||||
ttl time.Duration
|
||||
mu sync.Mutex
|
||||
}
|
||||
|
||||
type grpcRateLimitEntry struct {
|
||||
mu sync.Mutex
|
||||
lastSeen time.Time
|
||||
tokens float64
|
||||
mu sync.Mutex
|
||||
}
|
||||
|
||||
func newGRPCRateLimiter(rps float64, burst int) *grpcRateLimiter {
|
||||
|
||||
Reference in New Issue
Block a user