diff --git a/ci/runner/Dockerfile b/ci/runner/Dockerfile new file mode 100644 index 0000000..e69de29 diff --git a/cmd/audit-service/audit_service_fx.go b/cmd/audit-service/audit_service_fx.go index b73833c..fdb13a1 100644 --- a/cmd/audit-service/audit_service_fx.go +++ b/cmd/audit-service/audit_service_fx.go @@ -277,12 +277,15 @@ func (s *auditServerImpl) Query(ctx context.Context, req *auditv1.QueryRequest) } total := len(protoEntries) + var totalInt32 int32 if total > math.MaxInt32 { - total = math.MaxInt32 + totalInt32 = math.MaxInt32 + } else { + totalInt32 = int32(total) } return &auditv1.QueryResponse{ Entries: protoEntries, - Total: int32(total), + Total: totalInt32, }, nil } diff --git a/cmd/identity-service/identity_service_fx.go b/cmd/identity-service/identity_service_fx.go index 9f48cc0..5fbcfe6 100644 --- a/cmd/identity-service/identity_service_fx.go +++ b/cmd/identity-service/identity_service_fx.go @@ -77,7 +77,13 @@ func verifyPassword(password, hash string) (bool, error) { if hashLen < 0 || hashLen > math.MaxUint32 { return false, fmt.Errorf("invalid hash length: %d", hashLen) } - actualHash := argon2.IDKey([]byte(password), salt, 3, 64*1024, 4, uint32(hashLen)) + var hashLenUint32 uint32 + if hashLen > math.MaxUint32 { + hashLenUint32 = math.MaxUint32 + } else { + hashLenUint32 = uint32(hashLen) + } + actualHash := argon2.IDKey([]byte(password), salt, 3, 64*1024, 4, hashLenUint32) return subtle.ConstantTimeCompare(expectedHash, actualHash) == 1, nil } diff --git a/internal/client/grpc/audit_client.go b/internal/client/grpc/audit_client.go index 7bc5f0c..c48d00a 100644 --- a/internal/client/grpc/audit_client.go +++ b/internal/client/grpc/audit_client.go @@ -87,17 +87,20 @@ func (c *AuditClient) Query(ctx context.Context, filters *services.AuditLogFilte return nil, err } - limit := filters.Limit - if limit > math.MaxInt32 { - limit = math.MaxInt32 + var limitInt32, offsetInt32 int32 + if filters.Limit > math.MaxInt32 { + limitInt32 = math.MaxInt32 + } else { + limitInt32 = int32(filters.Limit) } - offset := filters.Offset - if offset > math.MaxInt32 { - offset = math.MaxInt32 + if filters.Offset > math.MaxInt32 { + offsetInt32 = math.MaxInt32 + } else { + offsetInt32 = int32(filters.Offset) } req := &auditv1.QueryRequest{ - Limit: int32(limit), - Offset: int32(offset), + Limit: limitInt32, + Offset: offsetInt32, } if filters.UserID != nil { diff --git a/services/audit/internal/api/server.go b/services/audit/internal/api/server.go index 396f5f7..7fa34a2 100644 --- a/services/audit/internal/api/server.go +++ b/services/audit/internal/api/server.go @@ -120,11 +120,14 @@ func (s *Server) Query(ctx context.Context, req *auditv1.QueryRequest) (*auditv1 } total := len(protoEntries) + var totalInt32 int32 if total > math.MaxInt32 { - total = math.MaxInt32 + totalInt32 = math.MaxInt32 + } else { + totalInt32 = int32(total) } return &auditv1.QueryResponse{ Entries: protoEntries, - Total: int32(total), // Note: This is a simplified total, actual total would require a count query + Total: totalInt32, // Note: This is a simplified total, actual total would require a count query }, nil } diff --git a/services/identity/internal/password/password.go b/services/identity/internal/password/password.go index 81b51aa..2596608 100644 --- a/services/identity/internal/password/password.go +++ b/services/identity/internal/password/password.go @@ -82,7 +82,13 @@ func Verify(password, hash string) (bool, error) { if hashLen < 0 || hashLen > math.MaxUint32 { return false, fmt.Errorf("invalid hash length: %d", hashLen) } - actualHash := argon2.IDKey([]byte(password), salt, uint32(t), uint32(m), uint8(p), uint32(hashLen)) + var hashLenUint32 uint32 + if hashLen > math.MaxUint32 { + hashLenUint32 = math.MaxUint32 + } else { + hashLenUint32 = uint32(hashLen) + } + actualHash := argon2.IDKey([]byte(password), salt, uint32(t), uint32(m), uint8(p), hashLenUint32) // Constant-time comparison if subtle.ConstantTimeCompare(expectedHash, actualHash) == 1 {