diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1ea45ea..d9d1ae9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -29,20 +29,12 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - - name: Verify dependencies - run: go mod verify + - name: Lint + uses: golangci/golangci-lint-action@v6 - name: Build run: go build -v ./... - - name: Run go vet - run: go vet ./... - - - name: Run staticcheck - run: | - go install honnef.co/go/tools/cmd/staticcheck@latest - staticcheck ./... - - name: Test run: go test -race -coverprofile=coverage.out -covermode=atomic ./... diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 0000000..c9ed599 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,24 @@ +linters: + enable: + - errcheck + - goconst + - gocritic + - gofmt + - goimports + - gosec + - gosimple + - govet + - ineffassign + - staticcheck + - typecheck + - unused + +linters-settings: + gosec: + excludes: + - G101 + - G107 + +issues: + exclude-files: + - ".+_test.go" diff --git a/authenticator/authenticator.go b/authenticator/authenticator.go index f75e048..b29d91f 100644 --- a/authenticator/authenticator.go +++ b/authenticator/authenticator.go @@ -34,10 +34,8 @@ func createConfigFromSecurityScheme(s *openapi3.SecuritySchemeRef) (*config.Auth Config: make(map[string]interface{}), } switch strings.ToLower(s.Value.Type) { - case string(AuthenticatorTypeOpenIdConnect): - cfg.Handler = "jwt" - - case string(AuthenticatorTypeOAuth2): + case string(AuthenticatorTypeOpenIdConnect), + string(AuthenticatorTypeOAuth2): cfg.Handler = "jwt" case string(AuthenticatorTypeHttp): diff --git a/cmd/generate/root.go b/cmd/generate/root.go index 6aaf827..4fed5bd 100644 --- a/cmd/generate/root.go +++ b/cmd/generate/root.go @@ -137,10 +137,12 @@ func NewGenerateCmd() (generateCmd *cobra.Command) { } if outputpath != "" { - os.WriteFile(outputpath, outputBuf.Bytes(), 0644) + // nolint:errcheck + os.WriteFile(outputpath, outputBuf.Bytes(), 0600) return } + // nolint:errcheck os.Stdout.Write(outputBuf.Bytes()) }, } diff --git a/generator/generator.go b/generator/generator.go index 2723fa0..8d6aa89 100644 --- a/generator/generator.go +++ b/generator/generator.go @@ -54,10 +54,12 @@ func (g *Generator) createRule(verb string, path string, o *openapi3.Operation) return nil } + var err error + // nolint: gocritic if o.Security != nil && len(*o.Security) > 0 { - appendAuthenticator(o.Security) + err = appendAuthenticator(o.Security) } else if len(g.doc.Security) > 0 { - appendAuthenticator(&g.doc.Security) + err = appendAuthenticator(&g.doc.Security) } else { ar, arerror := g.authenticators[string(authenticator.AuthenticatorTypeNoop)].CreateAuthenticator(nil) if arerror != nil { @@ -67,6 +69,10 @@ func (g *Generator) createRule(verb string, path string, o *openapi3.Operation) authenticators = append(authenticators, *ar) } + if err != nil { + return nil, err + } + return &oathkeeper.Rule{ ID: g.computeId(o.OperationID), Description: o.Description, diff --git a/generator/match_rule.go b/generator/match_rule.go index 81a2382..bec42d8 100644 --- a/generator/match_rule.go +++ b/generator/match_rule.go @@ -73,16 +73,14 @@ func getPathParamType(name string, params *openapi3.Parameters) *openapi3.Types func createParamsMatchingGroup(name string, params *openapi3.Parameters) string { var t dialect.Token - paramType := getPathParamType(name, params) - if paramType == nil { - t = defaultToken - } else if paramType.Is("string") { + switch paramType := getPathParamType(name, params); { + case paramType.Is("string"): t = stringToken - } else if paramType.Is("number") { + case paramType.Is("number"): t = numberToken - } else if paramType.Is("integer") { + case paramType.Is("integer"): t = integerToken - } else { + default: t = defaultToken }