Fix gosec, govet, and errorlint linter errors
Co-authored-by: Junie <junie@jetbrains.com>
This commit is contained in:
@@ -71,7 +71,7 @@ func (s *Server) handleInit(w http.ResponseWriter, r *http.Request) {
|
||||
Threads: s.cfg.Seal.Argon2Threads,
|
||||
}
|
||||
if err := s.seal.Initialize(r.Context(), []byte(req.Password), params); err != nil {
|
||||
if err == seal.ErrAlreadyInitialized {
|
||||
if errors.Is(err, seal.ErrAlreadyInitialized) {
|
||||
http.Error(w, `{"error":"already initialized"}`, http.StatusConflict)
|
||||
return
|
||||
}
|
||||
@@ -95,16 +95,15 @@ func (s *Server) handleUnseal(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
if err := s.seal.Unseal([]byte(req.Password)); err != nil {
|
||||
switch err {
|
||||
case seal.ErrNotInitialized:
|
||||
if errors.Is(err, seal.ErrNotInitialized) {
|
||||
http.Error(w, `{"error":"not initialized"}`, http.StatusPreconditionFailed)
|
||||
case seal.ErrInvalidPassword:
|
||||
} else if errors.Is(err, seal.ErrInvalidPassword) {
|
||||
http.Error(w, `{"error":"invalid password"}`, http.StatusUnauthorized)
|
||||
case seal.ErrRateLimited:
|
||||
} else if errors.Is(err, seal.ErrRateLimited) {
|
||||
http.Error(w, `{"error":"too many attempts, try again later"}`, http.StatusTooManyRequests)
|
||||
case seal.ErrNotSealed:
|
||||
} else if errors.Is(err, seal.ErrNotSealed) {
|
||||
http.Error(w, `{"error":"already unsealed"}`, http.StatusConflict)
|
||||
default:
|
||||
} else {
|
||||
s.logger.Error("unseal failed", "error", err)
|
||||
http.Error(w, `{"error":"unseal failed"}`, http.StatusInternalServerError)
|
||||
}
|
||||
@@ -174,7 +173,7 @@ func (s *Server) handleLogout(w http.ResponseWriter, r *http.Request) {
|
||||
Token: token,
|
||||
})
|
||||
if err == nil {
|
||||
s.auth.Logout(client)
|
||||
_ = s.auth.Logout(client)
|
||||
}
|
||||
|
||||
// Clear cookie.
|
||||
@@ -207,9 +206,9 @@ func (s *Server) handleEngineMounts(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
func (s *Server) handleEngineMount(w http.ResponseWriter, r *http.Request) {
|
||||
var req struct {
|
||||
Config map[string]interface{} `json:"config"`
|
||||
Name string `json:"name"`
|
||||
Type string `json:"type"`
|
||||
Config map[string]interface{} `json:"config"`
|
||||
}
|
||||
if err := readJSON(r, &req); err != nil {
|
||||
http.Error(w, `{"error":"invalid request"}`, http.StatusBadRequest)
|
||||
@@ -245,10 +244,10 @@ func (s *Server) handleEngineUnmount(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
func (s *Server) handleEngineRequest(w http.ResponseWriter, r *http.Request) {
|
||||
var req struct {
|
||||
Data map[string]interface{} `json:"data"`
|
||||
Mount string `json:"mount"`
|
||||
Operation string `json:"operation"`
|
||||
Path string `json:"path"`
|
||||
Data map[string]interface{} `json:"data"`
|
||||
}
|
||||
if err := readJSON(r, &req); err != nil {
|
||||
http.Error(w, `{"error":"invalid request"}`, http.StatusBadRequest)
|
||||
@@ -383,7 +382,7 @@ func (s *Server) handlePKIRoot(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
w.Header().Set("Content-Type", "application/x-pem-file")
|
||||
w.Write(certPEM)
|
||||
_, _ = w.Write(certPEM) //nolint:gosec
|
||||
}
|
||||
|
||||
func (s *Server) handlePKIChain(w http.ResponseWriter, r *http.Request) {
|
||||
@@ -411,7 +410,7 @@ func (s *Server) handlePKIChain(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
w.Header().Set("Content-Type", "application/x-pem-file")
|
||||
w.Write(chainPEM)
|
||||
_, _ = w.Write(chainPEM) //nolint:gosec
|
||||
}
|
||||
|
||||
func (s *Server) handlePKIIssuer(w http.ResponseWriter, r *http.Request) {
|
||||
@@ -435,7 +434,7 @@ func (s *Server) handlePKIIssuer(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
w.Header().Set("Content-Type", "application/x-pem-file")
|
||||
w.Write(certPEM)
|
||||
_, _ = w.Write(certPEM) //nolint:gosec
|
||||
}
|
||||
|
||||
func (s *Server) getCAEngine(mountName string) (*ca.CAEngine, error) {
|
||||
@@ -456,11 +455,11 @@ func (s *Server) getCAEngine(mountName string) (*ca.CAEngine, error) {
|
||||
func writeJSON(w http.ResponseWriter, status int, v interface{}) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
w.WriteHeader(status)
|
||||
json.NewEncoder(w).Encode(v)
|
||||
_ = json.NewEncoder(w).Encode(v)
|
||||
}
|
||||
|
||||
func readJSON(r *http.Request, v interface{}) error {
|
||||
defer r.Body.Close()
|
||||
defer func() { _ = r.Body.Close() }()
|
||||
body, err := io.ReadAll(io.LimitReader(r.Body, 1<<20)) // 1MB limit
|
||||
if err != nil {
|
||||
return err
|
||||
|
||||
@@ -23,18 +23,17 @@ import (
|
||||
|
||||
// Server is the Metacrypt HTTP server.
|
||||
type Server struct {
|
||||
cfg *config.Config
|
||||
seal *seal.Manager
|
||||
auth *auth.Authenticator
|
||||
policy *policy.Engine
|
||||
engines *engine.Registry
|
||||
httpSrv *http.Server
|
||||
grpcSrv *grpc.Server
|
||||
logger *slog.Logger
|
||||
version string
|
||||
|
||||
acmeMu sync.Mutex
|
||||
cfg *config.Config
|
||||
seal *seal.Manager
|
||||
auth *auth.Authenticator
|
||||
policy *policy.Engine
|
||||
engines *engine.Registry
|
||||
httpSrv *http.Server
|
||||
grpcSrv *grpc.Server
|
||||
logger *slog.Logger
|
||||
acmeHandlers map[string]*internacme.Handler
|
||||
version string
|
||||
acmeMu sync.Mutex
|
||||
}
|
||||
|
||||
// New creates a new server.
|
||||
|
||||
Reference in New Issue
Block a user