Compare commits
17 Commits
c8d944e9ea
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 3a98b72ffd | |||
| a785cd73de | |||
| 75c5293c8c | |||
| 9712e50f6c | |||
| 8eda9af769 | |||
| 4b33ed522d | |||
| bc740f7b1f | |||
| e98e4d3099 | |||
| 93623e6865 | |||
| b531f92436 | |||
| 31e8ca7ce9 | |||
| e673fcae6f | |||
| 131e44f3d4 | |||
| 0d6094267a | |||
| 4b8536e34a | |||
| e509faea25 | |||
| 355008a3a2 |
5
.github/workflows/ci.yml
vendored
5
.github/workflows/ci.yml
vendored
@@ -132,7 +132,10 @@ jobs:
|
||||
fi
|
||||
|
||||
- name: Install golangci-lint
|
||||
uses: golangci/golangci-lint-action@v6
|
||||
run: |
|
||||
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin
|
||||
echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
|
||||
golangci-lint --version
|
||||
|
||||
- name: Run linters
|
||||
run: make lint
|
||||
|
||||
12
AGENTS.md
12
AGENTS.md
@@ -197,10 +197,14 @@ When working on this project, follow this workflow:
|
||||
|
||||
### 7. Commit Changes
|
||||
- **ALWAYS commit** after successful implementation
|
||||
- Ensure the code builds (`go build`)
|
||||
- Ensure all tests pass (`go test`)
|
||||
- Ensure there are no linter issues (`make lint`)
|
||||
- Ensure there are no fmt issues (`make fmt-check`)
|
||||
- Verify that everything is in order before commit:
|
||||
- there is a Gitea Runner image in ci/pre-commit
|
||||
- run scripts/pre-commit-check.sh
|
||||
- Ensure the code builds (`make build`)
|
||||
- Ensure all tests pass (`make test`)
|
||||
- Ensure there are no linter issues (`make lint`)
|
||||
- Ensure there are no fmt issues (`make fmt-check`)
|
||||
- If there are issues, fix them before comitting
|
||||
- Verify all acceptance criteria are met
|
||||
- Write a clear, descriptive commit message
|
||||
|
||||
|
||||
40
ci/pre-commit/Dockerfile
Normal file
40
ci/pre-commit/Dockerfile
Normal file
@@ -0,0 +1,40 @@
|
||||
FROM alpine:latest
|
||||
|
||||
# Install system dependencies
|
||||
RUN apk add --no-cache \
|
||||
nodejs \
|
||||
npm \
|
||||
gcc \
|
||||
build-base \
|
||||
musl-dev \
|
||||
curl \
|
||||
make \
|
||||
wget \
|
||||
tar \
|
||||
bash \
|
||||
git \
|
||||
protobuf \
|
||||
protobuf-dev
|
||||
|
||||
# Install Go 1.25.3
|
||||
RUN cd /tmp && \
|
||||
wget -q https://go.dev/dl/go1.25.3.linux-amd64.tar.gz && \
|
||||
tar -C /usr/local -xzf go1.25.3.linux-amd64.tar.gz && \
|
||||
rm go1.25.3.linux-amd64.tar.gz
|
||||
|
||||
# Set up Go environment
|
||||
ENV PATH=/usr/local/go/bin:$PATH:/root/go/bin
|
||||
ENV GOROOT=/usr/local/go
|
||||
ENV GOPATH=/root/go
|
||||
ENV CGO_ENABLED=1
|
||||
ENV GOFLAGS=-buildvcs=false
|
||||
|
||||
# Install Go protobuf plugins
|
||||
RUN go install google.golang.org/protobuf/cmd/protoc-gen-go@latest && \
|
||||
go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest
|
||||
|
||||
# Install golangci-lint
|
||||
RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b /root/go/bin
|
||||
|
||||
# Set working directory
|
||||
WORKDIR /workspace
|
||||
@@ -5,6 +5,7 @@ package main
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"math"
|
||||
"net"
|
||||
"time"
|
||||
|
||||
@@ -275,9 +276,16 @@ func (s *auditServerImpl) Query(ctx context.Context, req *auditv1.QueryRequest)
|
||||
})
|
||||
}
|
||||
|
||||
total := len(protoEntries)
|
||||
var totalInt32 int32
|
||||
if total > math.MaxInt32 {
|
||||
totalInt32 = math.MaxInt32
|
||||
} else {
|
||||
totalInt32 = int32(total)
|
||||
}
|
||||
return &auditv1.QueryResponse{
|
||||
Entries: protoEntries,
|
||||
Total: int32(len(protoEntries)),
|
||||
Total: totalInt32,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
||||
@@ -8,6 +8,7 @@ import (
|
||||
"crypto/subtle"
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"math"
|
||||
"net"
|
||||
"strings"
|
||||
"time"
|
||||
@@ -72,7 +73,17 @@ func verifyPassword(password, hash string) (bool, error) {
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
actualHash := argon2.IDKey([]byte(password), salt, 3, 64*1024, 4, uint32(len(expectedHash)))
|
||||
hashLen := len(expectedHash)
|
||||
if hashLen < 0 || hashLen > math.MaxUint32 {
|
||||
return false, fmt.Errorf("invalid hash length: %d", hashLen)
|
||||
}
|
||||
var hashLenUint32 uint32
|
||||
if hashLen > math.MaxUint32 {
|
||||
hashLenUint32 = math.MaxUint32
|
||||
} else {
|
||||
hashLenUint32 = uint32(hashLen)
|
||||
}
|
||||
actualHash := argon2.IDKey([]byte(password), salt, 3, 64*1024, 4, hashLenUint32)
|
||||
return subtle.ConstantTimeCompare(expectedHash, actualHash) == 1, nil
|
||||
}
|
||||
|
||||
|
||||
@@ -4,6 +4,7 @@ package grpc
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"math"
|
||||
|
||||
auditv1 "git.dcentral.systems/toolz/goplt/api/proto/generated/audit/v1"
|
||||
"git.dcentral.systems/toolz/goplt/pkg/registry"
|
||||
@@ -86,9 +87,24 @@ func (c *AuditClient) Query(ctx context.Context, filters *services.AuditLogFilte
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var limitInt32, offsetInt32 int32
|
||||
if filters.Limit > math.MaxInt32 {
|
||||
limitInt32 = math.MaxInt32
|
||||
} else if filters.Limit < math.MinInt32 {
|
||||
limitInt32 = math.MinInt32
|
||||
} else {
|
||||
limitInt32 = int32(filters.Limit) //nolint:gosec // bounds checked above
|
||||
}
|
||||
if filters.Offset > math.MaxInt32 {
|
||||
offsetInt32 = math.MaxInt32
|
||||
} else if filters.Offset < math.MinInt32 {
|
||||
offsetInt32 = math.MinInt32
|
||||
} else {
|
||||
offsetInt32 = int32(filters.Offset) //nolint:gosec // bounds checked above
|
||||
}
|
||||
req := &auditv1.QueryRequest{
|
||||
Limit: int32(filters.Limit),
|
||||
Offset: int32(filters.Offset),
|
||||
Limit: limitInt32,
|
||||
Offset: offsetInt32,
|
||||
}
|
||||
|
||||
if filters.UserID != nil {
|
||||
|
||||
@@ -100,9 +100,15 @@ func LoadConfig(env string) (config.ConfigProvider, error) {
|
||||
// e.g., DATABASE_DSN -> database.dsn, SERVER_PORT -> server.port
|
||||
v.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
|
||||
// Bind specific environment variables to config keys
|
||||
v.BindEnv("database.dsn", "DATABASE_DSN")
|
||||
v.BindEnv("registry.consul.address", "REGISTRY_CONSUL_ADDRESS")
|
||||
v.BindEnv("registry.type", "REGISTRY_TYPE")
|
||||
if err := v.BindEnv("database.dsn", "DATABASE_DSN"); err != nil {
|
||||
return nil, fmt.Errorf("failed to bind DATABASE_DSN: %w", err)
|
||||
}
|
||||
if err := v.BindEnv("registry.consul.address", "REGISTRY_CONSUL_ADDRESS"); err != nil {
|
||||
return nil, fmt.Errorf("failed to bind REGISTRY_CONSUL_ADDRESS: %w", err)
|
||||
}
|
||||
if err := v.BindEnv("registry.type", "REGISTRY_TYPE"); err != nil {
|
||||
return nil, fmt.Errorf("failed to bind REGISTRY_TYPE: %w", err)
|
||||
}
|
||||
|
||||
return NewViperConfig(v), nil
|
||||
}
|
||||
|
||||
57
scripts/pre-commit-check.sh
Executable file
57
scripts/pre-commit-check.sh
Executable file
@@ -0,0 +1,57 @@
|
||||
#!/bin/bash
|
||||
# Pre-commit check script that runs lint, fmt-check, test, and build in gitea-runner container
|
||||
|
||||
set -e
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
|
||||
IMAGE_NAME="wirelos/pre-commit"
|
||||
CONTAINER_NAME="goplt-pre-commit-check"
|
||||
|
||||
echo "🔍 Checking for Docker image: $IMAGE_NAME"
|
||||
if ! docker images --format "{{.Repository}}:{{.Tag}}" | grep -q "^${IMAGE_NAME}:latest$"; then
|
||||
echo "📦 Image not found. Building $IMAGE_NAME from ci/pre-commit/Dockerfile..."
|
||||
docker build -t "$IMAGE_NAME:latest" -f "$PROJECT_ROOT/ci/pre-commit/Dockerfile" "$PROJECT_ROOT/ci/pre-commit" || {
|
||||
echo "❌ Failed to build Docker image"
|
||||
exit 1
|
||||
}
|
||||
echo "✅ Image built successfully"
|
||||
else
|
||||
echo "✅ Image found locally"
|
||||
fi
|
||||
|
||||
echo "🧹 Cleaning up any existing container..."
|
||||
docker rm -f "$CONTAINER_NAME" 2>/dev/null || true
|
||||
|
||||
echo "🚀 Starting pre-commit container..."
|
||||
docker run --rm \
|
||||
--name "$CONTAINER_NAME" \
|
||||
-v "$PROJECT_ROOT:/workspace" \
|
||||
-w /workspace \
|
||||
"$IMAGE_NAME:latest" \
|
||||
sh -c "
|
||||
echo '📋 Running make fmt-check...'
|
||||
make fmt-check || exit 1
|
||||
|
||||
echo '🔍 Running make lint...'
|
||||
make lint || exit 1
|
||||
|
||||
echo '🧪 Running make test...'
|
||||
make test || exit 1
|
||||
|
||||
echo '🔨 Running make build...'
|
||||
make build || exit 1
|
||||
|
||||
echo '✅ All checks passed!'
|
||||
"
|
||||
|
||||
EXIT_CODE=$?
|
||||
|
||||
if [ $EXIT_CODE -eq 0 ]; then
|
||||
echo "✅ All pre-commit checks passed!"
|
||||
else
|
||||
echo "❌ Pre-commit checks failed. Please fix the issues above."
|
||||
fi
|
||||
|
||||
exit $EXIT_CODE
|
||||
|
||||
@@ -3,6 +3,7 @@ package api
|
||||
|
||||
import (
|
||||
"context"
|
||||
"math"
|
||||
|
||||
auditv1 "git.dcentral.systems/toolz/goplt/api/proto/generated/audit/v1"
|
||||
"git.dcentral.systems/toolz/goplt/services/audit/internal/service"
|
||||
@@ -118,8 +119,15 @@ func (s *Server) Query(ctx context.Context, req *auditv1.QueryRequest) (*auditv1
|
||||
})
|
||||
}
|
||||
|
||||
total := len(protoEntries)
|
||||
var totalInt32 int32
|
||||
if total > math.MaxInt32 {
|
||||
totalInt32 = math.MaxInt32
|
||||
} else {
|
||||
totalInt32 = int32(total)
|
||||
}
|
||||
return &auditv1.QueryResponse{
|
||||
Entries: protoEntries,
|
||||
Total: int32(len(protoEntries)), // Note: This is a simplified total, actual total would require a count query
|
||||
Total: totalInt32, // Note: This is a simplified total, actual total would require a count query
|
||||
}, nil
|
||||
}
|
||||
|
||||
@@ -7,6 +7,7 @@ import (
|
||||
"encoding/base64"
|
||||
"errors"
|
||||
"fmt"
|
||||
"math"
|
||||
"strings"
|
||||
|
||||
"golang.org/x/crypto/argon2"
|
||||
@@ -77,7 +78,44 @@ func Verify(password, hash string) (bool, error) {
|
||||
}
|
||||
|
||||
// Compute hash with same parameters
|
||||
actualHash := argon2.IDKey([]byte(password), salt, uint32(t), uint32(m), uint8(p), uint32(len(expectedHash)))
|
||||
hashLen := len(expectedHash)
|
||||
if hashLen < 0 || hashLen > math.MaxUint32 {
|
||||
return false, fmt.Errorf("invalid hash length: %d", hashLen)
|
||||
}
|
||||
var hashLenUint32 uint32
|
||||
if hashLen > math.MaxUint32 {
|
||||
hashLenUint32 = math.MaxUint32
|
||||
} else {
|
||||
hashLenUint32 = uint32(hashLen)
|
||||
}
|
||||
|
||||
// Bounds check for t and m to prevent overflow
|
||||
var tUint32, mUint32 uint32
|
||||
if t > math.MaxUint32 {
|
||||
tUint32 = math.MaxUint32
|
||||
} else if t < 0 {
|
||||
tUint32 = 0
|
||||
} else {
|
||||
tUint32 = uint32(t) //nolint:gosec // bounds checked above
|
||||
}
|
||||
if m > math.MaxUint32 {
|
||||
mUint32 = math.MaxUint32
|
||||
} else if m < 0 {
|
||||
mUint32 = 0
|
||||
} else {
|
||||
mUint32 = uint32(m) //nolint:gosec // bounds checked above
|
||||
}
|
||||
|
||||
var pUint8 uint8
|
||||
if p > math.MaxUint8 {
|
||||
pUint8 = math.MaxUint8
|
||||
} else if p < 0 {
|
||||
pUint8 = 0
|
||||
} else {
|
||||
pUint8 = uint8(p)
|
||||
}
|
||||
|
||||
actualHash := argon2.IDKey([]byte(password), salt, tUint32, mUint32, pUint8, hashLenUint32)
|
||||
|
||||
// Constant-time comparison
|
||||
if subtle.ConstantTimeCompare(expectedHash, actualHash) == 1 {
|
||||
|
||||
@@ -208,34 +208,3 @@ func TestHash_Uniqueness(t *testing.T) {
|
||||
assert.True(t, valid, "All hashes should verify correctly")
|
||||
}
|
||||
}
|
||||
|
||||
// Helper functions for test
|
||||
func splitHash(hash string) []string {
|
||||
parts := make([]string, 0, 6)
|
||||
current := ""
|
||||
for _, char := range hash {
|
||||
if char == '$' {
|
||||
if current != "" {
|
||||
parts = append(parts, current)
|
||||
current = ""
|
||||
}
|
||||
} else {
|
||||
current += string(char)
|
||||
}
|
||||
}
|
||||
if current != "" {
|
||||
parts = append(parts, current)
|
||||
}
|
||||
return parts
|
||||
}
|
||||
|
||||
func joinHash(parts []string) string {
|
||||
result := ""
|
||||
for i, part := range parts {
|
||||
if i > 0 {
|
||||
result += "$"
|
||||
}
|
||||
result += part
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user