pomerium · desimone · Aug 30, 2022 · Aug 26, 2022
@@ -19,7 +19,7 @@ WORKDIR /go/src/github.com/pomerium/pomerium
 RUN apt-get update \
     && apt-get -y --no-install-recommends install zip
 
-# cache depedency downloads
+# cache dependency downloads
 COPY go.mod go.sum ./
 RUN go mod download
 COPY . .

@@ -19,7 +19,7 @@ WORKDIR /go/src/github.com/pomerium/pomerium
 RUN apt-get update \
     && apt-get -y --no-install-recommends install zip
 
-# cache depedency downloads
+# cache dependency downloads
 COPY go.mod go.sum ./
 RUN go mod download
 COPY . .

@@ -398,7 +398,7 @@ func TestAuthenticate_OAuthCallback(t *testing.T) {
 		{"bad timing - too soon", http.MethodGet, time.Now().Add(1 * time.Hour).Unix(), "", "", "", "", "code", "https://corp.pomerium.io", "https://authenticate.pomerium.io", &mstore.Store{}, identity.MockProvider{AuthenticateResponse: oauth2.Token{}}, "https://corp.pomerium.io", http.StatusBadRequest},
 		{"bad timing - expired", http.MethodGet, time.Now().Add(-1 * time.Hour).Unix(), "", "", "", "", "code", "https://corp.pomerium.io", "https://authenticate.pomerium.io", &mstore.Store{}, identity.MockProvider{AuthenticateResponse: oauth2.Token{}}, "https://corp.pomerium.io", http.StatusBadRequest},
 		{"bad base64", http.MethodGet, time.Now().Unix(), "", "", "^", "", "code", "https://corp.pomerium.io", "https://authenticate.pomerium.io", &mstore.Store{}, identity.MockProvider{AuthenticateResponse: oauth2.Token{}}, "https://corp.pomerium.io", http.StatusBadRequest},
-		{"too many seperators", http.MethodGet, time.Now().Unix(), "", "", "|ok|now|what", "", "code", "https://corp.pomerium.io", "https://authenticate.pomerium.io", &mstore.Store{}, identity.MockProvider{AuthenticateResponse: oauth2.Token{}}, "https://corp.pomerium.io", http.StatusBadRequest},
+		{"too many separators", http.MethodGet, time.Now().Unix(), "", "", "|ok|now|what", "", "code", "https://corp.pomerium.io", "https://authenticate.pomerium.io", &mstore.Store{}, identity.MockProvider{AuthenticateResponse: oauth2.Token{}}, "https://corp.pomerium.io", http.StatusBadRequest},
 		{"bad hmac", http.MethodGet, time.Now().Unix(), "", "NOTMAC", "", "", "code", "https://corp.pomerium.io", "https://authenticate.pomerium.io", &mstore.Store{}, identity.MockProvider{AuthenticateResponse: oauth2.Token{}}, "https://corp.pomerium.io", http.StatusBadRequest},
 		{"bad hmac", http.MethodGet, time.Now().Unix(), base64.URLEncoding.EncodeToString([]byte("malformed_state")), "", "", "", "code", "https://corp.pomerium.io", "https://authenticate.pomerium.io", &mstore.Store{}, identity.MockProvider{AuthenticateResponse: oauth2.Token{}}, "https://corp.pomerium.io", http.StatusBadRequest},
 	}

@@ -244,7 +244,7 @@ type Options struct {
 	// these requests with this switch
 	ForwardAuthURLString string `mapstructure:"forward_auth_url" yaml:"forward_auth_url,omitempty"`
 
-	// DataBrokerURLString is the routable destination of the databroker service's gRPC endpiont.
+	// DataBrokerURLString is the routable destination of the databroker service's gRPC endpoint.
 	DataBrokerURLString         string   `mapstructure:"databroker_service_url" yaml:"databroker_service_url,omitempty"`
 	DataBrokerURLStrings        []string `mapstructure:"databroker_service_urls" yaml:"databroker_service_urls,omitempty"`
 	DataBrokerInternalURLString string   `mapstructure:"databroker_internal_service_url" yaml:"databroker_internal_service_url,omitempty"`

@@ -17,7 +17,7 @@ echo "=> create our random shared-secret and cookie-secret keys as envars"
 kubectl create secret generic shared-secret --from-literal=shared-secret=$(head -c32 /dev/urandom | base64)
 kubectl create secret generic cookie-secret --from-literal=cookie-secret=$(head -c32 /dev/urandom | base64)
 
-echo "=> initiliaze secrets for TLS wild card for service use"
+echo "=> initialize secrets for TLS wild card for service use"
 kubectl create secret generic certificate \
 	--from-literal=certificate=$(base64 -i "$HOME/.acme.sh/*.corp.beyondperimeter.com_ecc/fullchain.cer")
 kubectl create secret generic certificate-key \

@@ -51,7 +51,7 @@ func RenderJSON(w http.ResponseWriter, code int, v interface{}) {
 // with the appropriate signature, HandlerFunc(f) is a
 // Handler that calls f.
 //
-// adapted from std library to suppport error wrapping
+// adapted from std library to support error wrapping
 type HandlerFunc func(http.ResponseWriter, *http.Request) error
 
 // ServeHTTP calls f(w, r) error.

@@ -25,7 +25,7 @@ func SetHeaders(headers map[string]string) func(next http.Handler) http.Handler
 }
 
 // ValidateSignature ensures the request is valid and has been signed with
-// the correspdoning client secret key
+// the corresponding client secret key
 func ValidateSignature(sharedKey []byte) func(next http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {

@@ -46,7 +46,7 @@ func (s *Sorted[T]) ForEach(callback func(element T) bool) {
 	})
 }
 
-// Has returns true if the elment is in the set.
+// Has returns true if the element is in the set.
 func (s *Sorted[T]) Has(element T) bool {
 	return s.b.Has(element)
 }

@@ -166,7 +166,7 @@ func EncodePrivateKey(key *ecdsa.PrivateKey) ([]byte, error) {
 func GenerateSelfSignedCertificate(domain string, configure ...func(*x509.Certificate)) (*tls.Certificate, error) {
 	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
 	if err != nil {
-		return nil, fmt.Errorf("failed to geneate private key: %w", err)
+		return nil, fmt.Errorf("failed to generate private key: %w", err)
 	}
 
 	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)