go-pkgz · umputun · Apr 1, 2023 · Apr 1, 2023
@@ -19,7 +19,7 @@ jobs:
       - name: set up go 1.18
         uses: actions/setup-go@v3
         with:
-          go-version: 1.18
+          go-version: "1.18"
         id: go
 
       - name: launch mongodb
@@ -30,29 +30,36 @@ jobs:
       - name: checkout
         uses: actions/checkout@v3
 
-      - name: build and test
+      - name: build the example
+        working-directory: _example
         run: |
-          go get -v
-          go test -timeout=60s -v -race -p 1 -covermode=atomic -coverprofile=$GITHUB_WORKSPACE/profile.cov_tmp
-          cat $GITHUB_WORKSPACE/profile.cov_tmp | grep -v "_mock.go" > $GITHUB_WORKSPACE/profile.cov
           go build -race
         env:
           TZ: "America/Chicago"
-          ENABLE_MONGO_TESTS: "true"
 
-      - name: install golangci-lint and goveralls
+      - name: build and test
         run: |
-          curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh| sh -s -- -b $GITHUB_WORKSPACE v1.50.1
-          go install github.com/mattn/goveralls@latest
+          go test -timeout=60s -v -race -p 1 -covermode=atomic -coverprofile=$GITHUB_WORKSPACE/profile.cov
+          go build -race
+        env:
+          TZ: "America/Chicago"
+          ENABLE_MONGO_TESTS: "true"
 
-      - name: run linters
-        run: $GITHUB_WORKSPACE/golangci-lint run ./...
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          version: latest
 
-      - name: run linters on example directory
-        working-directory: _example
-        run: $GITHUB_WORKSPACE/golangci-lint --config ../.golangci.yml run ./...
+      - name: golangci-lint on example directory
+        uses: golangci/golangci-lint-action@v3
+        with:
+          version: latest
+          args: --config ../.golangci.yml
+          working-directory: _example
 
       - name: submit coverage
-        run: goveralls -service="github" -coverprofile=$GITHUB_WORKSPACE/profile.cov
+        run: |
+          go install github.com/mattn/goveralls@latest
+          goveralls -service="github" -coverprofile=$GITHUB_WORKSPACE/profile.cov
         env:
           COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -47,21 +47,10 @@ jobs:
         # Prefix the list here with "+" to use these queries and those in the config file.
         # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
+    - name: Build the code
+      run: go build -o auth
+      env:
+        TZ: "America/Chicago"
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v2
@@ -67,5 +67,9 @@ issues:
       text: "Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server"
       linters:
         - gosec
+    - path: _test\.go
+      text: "Deferring unsafe method \"Close\" on type \"io.ReadCloser\""
+      linters:
+        - gosec
 
   exclude-use-default: false
@@ -591,6 +591,6 @@ type customHandler struct{}
 func (c customHandler) Name() string {
 	return "telegramBotMySiteCom"
 }
-func (c customHandler) LoginHandler(w http.ResponseWriter, r *http.Request)  {}
-func (c customHandler) AuthHandler(w http.ResponseWriter, r *http.Request)   {}
-func (c customHandler) LogoutHandler(w http.ResponseWriter, r *http.Request) {}
+func (c customHandler) LoginHandler(http.ResponseWriter, *http.Request)  {}
+func (c customHandler) AuthHandler(http.ResponseWriter, *http.Request)   {}
+func (c customHandler) LogoutHandler(http.ResponseWriter, *http.Request) {}
@@ -217,7 +217,7 @@ func GetGravatarURL(email string) (res string, err error) {
 	if err != nil {
 		return "", err
 	}
-	defer resp.Body.Close()
+	defer resp.Body.Close() //nolint gosec // we don't care about response body
 	if resp.StatusCode != 200 {
 		return "", fmt.Errorf("%s", resp.Status)
 	}

@@ -15,18 +15,18 @@ func NewNoOp() *NoOp { return &NoOp{} }
 func (s *NoOp) String() string { return "" }
 
 // Put is a NoOp implementation
-func (s *NoOp) Put(userID string, reader io.Reader) (avatarID string, err error) { return "", nil }
+func (s *NoOp) Put(string, io.Reader) (avatarID string, err error) { return "", nil }
 
 // Get is a NoOp implementation
-func (s *NoOp) Get(avatarID string) (reader io.ReadCloser, size int, err error) {
+func (s *NoOp) Get(string) (reader io.ReadCloser, size int, err error) {
 	return io.NopCloser(bytes.NewBuffer([]byte(""))), 0, nil
 }
 
 // ID is a NoOp implementation
-func (s *NoOp) ID(avatarID string) (id string) { return "" }
+func (s *NoOp) ID(string) (id string) { return "" }
 
 // Remove is a NoOp implementation
-func (s *NoOp) Remove(avatarID string) error { return nil }
+func (s *NoOp) Remove(string) error { return nil }
 
 // List is a NoOp implementation
 func (s *NoOp) List() (ids []string, err error) { return nil, nil }

@@ -205,7 +205,7 @@ type badJwtService struct {
 	*token.Service
 }
 
-func (b *badJwtService) Set(w http.ResponseWriter, claims token.Claims) (token.Claims, error) {
+func (b *badJwtService) Set(http.ResponseWriter, token.Claims) (token.Claims, error) {
 	return token.Claims{}, fmt.Errorf("jwt set fake error")
 }
 

@@ -69,11 +69,12 @@ func (p DirectHandler) Name() string { return p.ProviderName }
 // user=name&passwd=xyz&aud=bar
 //
 // application/json body example:
-// {
-//   "user": "name",
-//   "passwd": "xyz",
-//   "aud": "bar",
-// }
+//
+//	{
+//	  "user": "name",
+//	  "passwd": "xyz",
+//	  "aud": "bar",
+//	}
 func (p DirectHandler) LoginHandler(w http.ResponseWriter, r *http.Request) {
 	creds, err := p.getCredentials(w, r)
 	if err != nil {
@@ -184,9 +185,9 @@ func (p DirectHandler) getCredentials(w http.ResponseWriter, r *http.Request) (c
 }
 
 // AuthHandler doesn't do anything for direct login as it has no callbacks
-func (p DirectHandler) AuthHandler(w http.ResponseWriter, r *http.Request) {}
+func (p DirectHandler) AuthHandler(http.ResponseWriter, *http.Request) {}
 
 // LogoutHandler - GET /logout
-func (p DirectHandler) LogoutHandler(w http.ResponseWriter, r *http.Request) {
+func (p DirectHandler) LogoutHandler(w http.ResponseWriter, _ *http.Request) {
 	p.TokenService.Reset(w)
 }
@@ -274,4 +274,4 @@ type mockCredsChecker struct {
 	err error
 }
 
-func (m *mockCredsChecker) Check(user, password string) (ok bool, err error) { return m.ok, m.err }
+func (m *mockCredsChecker) Check(string, string) (ok bool, err error) { return m.ok, m.err }
@@ -362,7 +362,7 @@ func mockKeyStore(string) (string, error) { return "12345", nil }
 
 type mockAvatarSaver struct{}
 
-func (m *mockAvatarSaver) Put(u token.User, client *http.Client) (avatarURL string, err error) {
+func (m *mockAvatarSaver) Put(u token.User, _ *http.Client) (avatarURL string, err error) {
 	if u.Picture != "" {
 		return "http://example.com/ava12345.png", nil
 	}

@@ -77,7 +77,7 @@ type mockAva struct {
 	res string
 }
 
-func (m mockAva) Put(u token.User, client *http.Client) (avatarURL string, err error) {
+func (m mockAva) Put(token.User, *http.Client) (avatarURL string, err error) {
 	if !m.ok {
 		return "", fmt.Errorf("some error")
 	}
@@ -87,12 +87,12 @@ func (m mockAva) Put(u token.User, client *http.Client) (avatarURL string, err e
 type mockHandler struct{}
 
 func (n *mockHandler) Name() string { return "mock-handler" }
-func (n *mockHandler) LoginHandler(w http.ResponseWriter, r *http.Request) {
+func (n *mockHandler) LoginHandler(w http.ResponseWriter, _ *http.Request) {
 	_, _ = w.Write([]byte("login"))
 }
-func (n *mockHandler) AuthHandler(w http.ResponseWriter, r *http.Request) {
+func (n *mockHandler) AuthHandler(w http.ResponseWriter, _ *http.Request) {
 	_, _ = w.Write([]byte("callback"))
 }
-func (n *mockHandler) LogoutHandler(w http.ResponseWriter, r *http.Request) {
+func (n *mockHandler) LogoutHandler(w http.ResponseWriter, _ *http.Request) {
 	_, _ = w.Write([]byte("logout"))
 }
@@ -459,7 +459,7 @@ func (tg *tgAPI) request(ctx context.Context, method string, data interface{}) e
 		if err != nil {
 			return fmt.Errorf("failed to send request: %w", err)
 		}
-		defer resp.Body.Close()
+		defer resp.Body.Close() //nolint gosec // we don't care about response body
 
 		if resp.StatusCode != http.StatusOK {
 			return tg.parseError(resp.Body, resp.StatusCode)

@@ -199,10 +199,10 @@ func (e VerifyHandler) sendConfirmation(w http.ResponseWriter, r *http.Request)
 }
 
 // AuthHandler doesn't do anything for direct login as it has no callbacks
-func (e VerifyHandler) AuthHandler(w http.ResponseWriter, r *http.Request) {}
+func (e VerifyHandler) AuthHandler(http.ResponseWriter, *http.Request) {}
 
 // LogoutHandler - GET /logout
-func (e VerifyHandler) LogoutHandler(w http.ResponseWriter, r *http.Request) {
+func (e VerifyHandler) LogoutHandler(w http.ResponseWriter, _ *http.Request) {
 	e.TokenService.Reset(w)
 }
 

@@ -321,6 +321,6 @@ type mockAvatarSaverVerif struct {
 	url string
 }
 
-func (a mockAvatarSaverVerif) Put(u token.User, client *http.Client) (avatarURL string, err error) {
+func (a mockAvatarSaverVerif) Put(token.User, *http.Client) (avatarURL string, err error) {
 	return a.url, a.err
 }
@@ -28,11 +28,11 @@ func TestUser_HashID(t *testing.T) {
 
 type mockBadHasher struct{}
 
-func (m *mockBadHasher) Write(p []byte) (n int, err error) { return 0, fmt.Errorf("err") }
-func (m *mockBadHasher) Sum(b []byte) []byte               { return nil }
-func (m *mockBadHasher) Reset()                            {}
-func (m *mockBadHasher) Size() int                         { return 0 }
-func (m *mockBadHasher) BlockSize() int                    { return 0 }
+func (m *mockBadHasher) Write([]byte) (n int, err error) { return 0, fmt.Errorf("err") }
+func (m *mockBadHasher) Sum([]byte) []byte               { return nil }
+func (m *mockBadHasher) Reset()                          {}
+func (m *mockBadHasher) Size() int                       { return 0 }
+func (m *mockBadHasher) BlockSize() int                  { return 0 }
 
 func TestUser_HashIDWithCRC(t *testing.T) {
 	tbl := []struct {