Linter configuration

.golangci.yml

@@ -0,0 +1,75 @@
+version: "2"
+
+linters:
+  # consider to add: cyclop
+  #  find sane settings for revive
+  default: none
+  enable:
+    - bodyclose
+    - containedctx
+    - dupl
+    - err113
+    - errcheck
+    - exhaustive
+    - fatcontext
+    - forcetypeassert
+    - gocheckcompilerdirectives
+    - gochecknoglobals
+    - gochecknoinits
+    - goconst
+    - gocritic
+    - godoclint
+    - godox
+    - gosec
+    - govet
+    - iface
+    - intrange
+    - makezero
+    - mirror
+    - musttag
+    - nestif
+    - nilerr
+    - nilnesserr
+    - nilnil
+    - noctx
+    - paralleltest
+    - perfsprint
+    - prealloc
+    - staticcheck
+    - tagalign
+    - tagliatelle
+    - testableexamples
+    - testpackage
+    - thelper
+    - tparallel
+    - unconvert
+    - unparam
+    - unused
+    - usestdlibvars
+    - usetesting
+    - wastedassign
+    - wrapcheck
+
+  settings:
+    iface:
+      enable:
+        - identical # Identifies interfaces in the same package that have identical method sets.
+        - unused # Identifies interfaces that are not used anywhere in the same package where the interface is defined.
+        - opaque # Identifies functions that return interfaces, but the actual returned value is always a single concrete implementation.
+
+    tagliatelle:
+      case:
+        rules:
+          json: camel
+  exclusions:
+    rules:
+      - path: _test\.go
+        linters:
+        - err113
+        - errcheck
+        - gosec
+        - nilnil
+
+formatters:
+  enable:
+    - gofmt

application/healthcheck.go

@@ -4,6 +4,8 @@ import (
 	"context"
 	"encoding/json"
 	"net/http"
+
+	"github.com/mishankov/platforma/log"
 )
 
 type healther interface {
@@ -24,5 +26,8 @@ func (h *HealthCheckHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
 
-	json.NewEncoder(w).Encode(health)
+	err := json.NewEncoder(w).Encode(health)
+	if err != nil {
+		log.ErrorContext(r.Context(), "failed to decode response to json", "error", err)
+	}
 }

auth/errors.go

@@ -2,7 +2,16 @@ package auth
 
 import "errors"
 
-var ErrInvalidUsername = errors.New("invalid username")
-var ErrInvalidPassword = errors.New("invalid password")
-var ErrWrongUserOrPassword = errors.New("wrong user or password")
-var ErrCurrentPasswordIncorrect = errors.New("current password is incorrect")
+var (
+	ErrUserNotFound        = errors.New("user not found")
+	ErrWrongUserOrPassword = errors.New("wrong user or password")
+
+	ErrInvalidUsername = errors.New("invalid username")
+	ErrShortUsername   = errors.New("short username")
+	ErrLongUsername    = errors.New("long username")
+
+	ErrInvalidPassword          = errors.New("invalid password")
+	ErrShortPassword            = errors.New("short password")
+	ErrLongPassword             = errors.New("long password")
+	ErrCurrentPasswordIncorrect = errors.New("current password is incorrect")
+)

auth/handler_get.go

@@ -3,6 +3,8 @@ package auth
 import (
 	"encoding/json"
 	"net/http"
+
+	"github.com/mishankov/platforma/log"
 )
 
 type GetHandler struct {
@@ -48,5 +50,8 @@ func (h *GetHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		Username: user.Username,
 	}
 
-	json.NewEncoder(w).Encode(resp)
+	err = json.NewEncoder(w).Encode(resp)
+	if err != nil {
+		log.ErrorContext(ctx, "failed to decode response to json", "error", err)
+	}
 }

auth/middleware.go

@@ -2,6 +2,7 @@ package auth
 
 import (
 	"context"
+	"errors"
 	"net/http"
 
 	"github.com/mishankov/platforma/log"
@@ -29,20 +30,23 @@ func (m *AuthenticationMiddleware) Wrap(next http.Handler) http.Handler {
 		}
 
 		user, err := m.userService.GetFromSession(r.Context(), cookie.Value)
-		if err != nil {
-			http.Error(w, "failed to get user", http.StatusInternalServerError)
+		if errors.Is(err, ErrUserNotFound) {
+			w.WriteHeader(http.StatusUnauthorized)
 			return
 		}
 
-		if user == nil {
-			w.WriteHeader(http.StatusUnauthorized)
+		if err != nil {
+			http.Error(w, "failed to get user", http.StatusInternalServerError)
 			return
 		}
 
-		ctxWithUserId := context.WithValue(r.Context(), log.UserIdKey, user.ID)
-		ctxWithUser := context.WithValue(ctxWithUserId, UserContextKey, user)
-		requestWithUser := r.WithContext(ctxWithUser)
+		newRequest := r
+		if user != nil {
+			ctxWithUserId := context.WithValue(r.Context(), log.UserIdKey, user.ID)
+			ctxWithUser := context.WithValue(ctxWithUserId, UserContextKey, user)
+			newRequest = r.WithContext(ctxWithUser)
+		}
 
-		next.ServeHTTP(w, requestWithUser)
+		next.ServeHTTP(w, newRequest)
 	})
 }

auth/middleware_test.go

@@ -11,6 +11,8 @@ import (
 )
 
 func TestAuthenticationMiddleware_ValidSession(t *testing.T) {
+	t.Parallel()
+
 	userSvc := &mockUserService{
 		users: map[string]*auth.User{
 			"valid-session-id": {ID: "user-id", Username: "testuser"},
@@ -23,7 +25,7 @@ func TestAuthenticationMiddleware_ValidSession(t *testing.T) {
 		w.WriteHeader(http.StatusOK)
 	}))
 
-	req := httptest.NewRequest("GET", "/", nil)
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
 	req.AddCookie(&http.Cookie{Name: "session", Value: "valid-session-id"})
 	w := httptest.NewRecorder()
 
@@ -35,6 +37,8 @@ func TestAuthenticationMiddleware_ValidSession(t *testing.T) {
 }
 
 func TestAuthenticationMiddleware_NoSessionCookie(t *testing.T) {
+	t.Parallel()
+
 	userSvc := &mockUserService{
 		cookieName: "session",
 	}
@@ -44,7 +48,7 @@ func TestAuthenticationMiddleware_NoSessionCookie(t *testing.T) {
 		t.Fatal("handler should not be called when authentication fails")
 	}))
 
-	req := httptest.NewRequest("GET", "/", nil)
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
 	w := httptest.NewRecorder()
 
 	handler.ServeHTTP(w, req)
@@ -55,6 +59,8 @@ func TestAuthenticationMiddleware_NoSessionCookie(t *testing.T) {
 }
 
 func TestAuthenticationMiddleware_InvalidSession(t *testing.T) {
+	t.Parallel()
+
 	userSvc := &mockUserService{
 		users:      map[string]*auth.User{},
 		cookieName: "session",
@@ -65,7 +71,7 @@ func TestAuthenticationMiddleware_InvalidSession(t *testing.T) {
 		t.Fatal("handler should not be called when authentication fails")
 	}))
 
-	req := httptest.NewRequest("GET", "/", nil)
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
 	req.AddCookie(&http.Cookie{Name: "session", Value: "invalid-session-id"})
 	w := httptest.NewRecorder()
 
@@ -77,6 +83,8 @@ func TestAuthenticationMiddleware_InvalidSession(t *testing.T) {
 }
 
 func TestAuthenticationMiddleware_UserServiceError(t *testing.T) {
+	t.Parallel()
+
 	userSvc := &mockUserService{
 		error:      errors.New("database error"),
 		cookieName: "session",
@@ -87,7 +95,7 @@ func TestAuthenticationMiddleware_UserServiceError(t *testing.T) {
 		t.Fatal("handler should not be called when authentication fails")
 	}))
 
-	req := httptest.NewRequest("GET", "/", nil)
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
 	req.AddCookie(&http.Cookie{Name: "session", Value: "session-id"})
 	w := httptest.NewRecorder()
 
@@ -99,6 +107,8 @@ func TestAuthenticationMiddleware_UserServiceError(t *testing.T) {
 }
 
 func TestAuthenticationMiddleware_UserNotFound(t *testing.T) {
+	t.Parallel()
+
 	userSvc := &mockUserService{
 		users:      map[string]*auth.User{},
 		cookieName: "session",
@@ -109,7 +119,7 @@ func TestAuthenticationMiddleware_UserNotFound(t *testing.T) {
 		t.Fatal("handler should not be called when authentication fails")
 	}))
 
-	req := httptest.NewRequest("GET", "/", nil)
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
 	req.AddCookie(&http.Cookie{Name: "session", Value: "session-id"})
 	w := httptest.NewRecorder()
 
@@ -130,10 +140,11 @@ func (m *mockUserService) GetFromSession(ctx context.Context, sessionId string)
 	if m.error != nil {
 		return nil, m.error
 	}
+
 	if user, ok := m.users[sessionId]; ok {
 		return user, nil
 	}
-	return nil, nil
+	return nil, auth.ErrUserNotFound
 }
 
 func (m *mockUserService) CookieName() string {

auth/model.go

@@ -11,11 +11,11 @@ const (
 )
 
 type User struct {
-	ID       string    `json:"id" db:"id"`
-	Username string    `json:"username" db:"username"`
-	Password string    `json:"password" db:"password"`
-	Salt     string    `json:"salt" db:"salt"`
-	Created  time.Time `json:"created" db:"created"`
-	Updated  time.Time `json:"updated" db:"updated"`
-	Status   Status    `json:"status" db:"status"`
+	ID       string    `db:"id"       json:"id"`
+	Username string    `db:"username" json:"username"`
+	Password string    `db:"password" json:"password"`
+	Salt     string    `db:"salt"     json:"salt"`
+	Created  time.Time `db:"created"  json:"created"`
+	Updated  time.Time `db:"updated"  json:"updated"`
+	Status   Status    `db:"status"   json:"status"`
 }

auth/repository.go

@@ -3,6 +3,7 @@ package auth
 import (
 	"context"
 	"database/sql"
+	"fmt"
 
 	"github.com/mishankov/platforma/database"
 )
@@ -46,7 +47,7 @@ func (r *Repository) Get(ctx context.Context, id string) (*User, error) {
 	var user User
 	err := r.db.GetContext(ctx, &user, "SELECT * FROM users WHERE id = $1", id)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to get user by id: %w", err)
 	}
 	return &user, nil
 }
@@ -55,7 +56,7 @@ func (r *Repository) GetByUsername(ctx context.Context, username string) (*User,
 	var user User
 	err := r.db.GetContext(ctx, &user, "SELECT * FROM users WHERE username = $1", username)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to get user by username: %w", err)
 	}
 	return &user, nil
 }
@@ -66,7 +67,10 @@ func (r *Repository) Create(ctx context.Context, user *User) error {
 		VALUES (:id, :username, :password, :salt, :created, :updated, :status)
 	`
 	_, err := r.db.NamedExecContext(ctx, query, user)
-	return err
+	if err != nil {
+		return fmt.Errorf("failed to create user: %w", err)
+	}
+	return nil
 }
 
 func (r *Repository) UpdatePassword(ctx context.Context, id, password, salt string) error {
@@ -76,5 +80,8 @@ func (r *Repository) UpdatePassword(ctx context.Context, id, password, salt stri
 		WHERE id = $3
 	`
 	_, err := r.db.ExecContext(ctx, query, password, salt, id)
-	return err
+	if err != nil {
+		return fmt.Errorf("failed to update password: %w", err)
+	}
+	return nil
 }