diff --git a/.golangci.yaml b/.golangci.yaml index 9b1e238..b4ad089 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -25,6 +25,9 @@ linters: - godox - ireturn + # In progress + - gocritic + # We should strive to enable these: - testpackage - stylecheck @@ -34,7 +37,6 @@ linters: - forcetypeassert - errname - gosec - - gocritic - forbidigo - dupl - varnamelen diff --git a/acls.go b/acls.go index 994b896..fdcb098 100644 --- a/acls.go +++ b/acls.go @@ -264,7 +264,8 @@ func (h *Headscale) expandPorts(s string) (*[]tailcfg.PortRange, error) { ports := []tailcfg.PortRange{} for _, p := range strings.Split(s, ",") { rang := strings.Split(p, "-") - if len(rang) == 1 { + switch len(rang) { + case 1: pi, err := strconv.ParseUint(rang[0], BASE_10, BIT_SIZE_16) if err != nil { return nil, err @@ -273,7 +274,8 @@ func (h *Headscale) expandPorts(s string) (*[]tailcfg.PortRange, error) { First: uint16(pi), Last: uint16(pi), }) - } else if len(rang) == EXPECTED_TOKEN_ITEMS { + + case EXPECTED_TOKEN_ITEMS: start, err := strconv.ParseUint(rang[0], BASE_10, BIT_SIZE_16) if err != nil { return nil, err @@ -286,7 +288,8 @@ func (h *Headscale) expandPorts(s string) (*[]tailcfg.PortRange, error) { First: uint16(start), Last: uint16(last), }) - } else { + + default: return nil, errorInvalidPortFormat } } diff --git a/acls_types.go b/acls_types.go index 63f79ba..8611d90 100644 --- a/acls_types.go +++ b/acls_types.go @@ -56,7 +56,7 @@ func (h *Hosts) UnmarshalJSON(data []byte) error { } for k, v := range hs { if !strings.Contains(v, "/") { - v = v + "/32" + v += "/32" } prefix, err := netaddr.ParseIPPrefix(v) if err != nil { diff --git a/app.go b/app.go index 5b732d5..af51efd 100644 --- a/app.go +++ b/app.go @@ -345,10 +345,10 @@ func (h *Headscale) grpcAuthenticationInterceptor(ctx context.Context, "Authentication is not implemented yet", ) - //if strings.TrimPrefix(token, AUTH_PREFIX) != a.Token { - // log.Error().Caller().Str("client_address", p.Addr.String()).Msg("invalid token") - // return ctx, status.Error(codes.Unauthenticated, "invalid token") - //} + // if strings.TrimPrefix(token, AUTH_PREFIX) != a.Token { + // log.Error().Caller().Str("client_address", p.Addr.String()).Msg("invalid token") + // return ctx, status.Error(codes.Unauthenticated, "invalid token") + // } // return handler(ctx, req) } @@ -604,12 +604,14 @@ func (h *Headscale) getTLSSettings() (*tls.Config, error) { Email: h.cfg.ACMEEmail, } - if h.cfg.TLSLetsEncryptChallengeType == "TLS-ALPN-01" { + switch h.cfg.TLSLetsEncryptChallengeType { + case "TLS-ALPN-01": // Configuration via autocert with TLS-ALPN-01 (https://tools.ietf.org/html/rfc8737) // The RFC requires that the validation is done on port 443; in other words, headscale // must be reachable on port 443. return m.TLSConfig(), nil - } else if h.cfg.TLSLetsEncryptChallengeType == "HTTP-01" { + + case "HTTP-01": // Configuration via autocert with HTTP-01. This requires listening on // port 80 for the certificate validation in addition to the headscale // service, which can be configured to run on any other port. @@ -620,7 +622,8 @@ func (h *Headscale) getTLSSettings() (*tls.Config, error) { }() return m.TLSConfig(), nil - } else { + + default: return nil, errors.New("unknown value for TLSLetsEncryptChallengeType") } } else if h.cfg.TLSCertPath == "" { diff --git a/oidc.go b/oidc.go index aea89e2..c77a249 100644 --- a/oidc.go +++ b/oidc.go @@ -136,11 +136,11 @@ func (h *Headscale) OIDCCallback(c *gin.Context) { } // TODO: we can use userinfo at some point to grab additional information about the user (groups membership, etc) - //userInfo, err := oidcProvider.UserInfo(context.Background(), oauth2.StaticTokenSource(oauth2Token)) - //if err != nil { - // c.String(http.StatusBadRequest, fmt.Sprintf("Failed to retrieve userinfo: %s", err)) - // return - //} + // userInfo, err := oidcProvider.UserInfo(context.Background(), oauth2.StaticTokenSource(oauth2Token)) + // if err != nil { + // c.String(http.StatusBadRequest, fmt.Sprintf("Failed to retrieve userinfo: %s", err)) + // return + // } // Extract custom claims var claims IDTokenClaims diff --git a/sharing_test.go b/sharing_test.go index 7d63a74..395b833 100644 --- a/sharing_test.go +++ b/sharing_test.go @@ -6,7 +6,7 @@ import ( func CreateNodeNamespace( c *check.C, - namespace, node, key, IP string, + namespace, node, key, ip string, ) (*Namespace, *Machine) { n1, err := h.CreateNamespace(namespace) c.Assert(err, check.IsNil) @@ -26,7 +26,7 @@ func CreateNodeNamespace( NamespaceID: n1.ID, Registered: true, RegisterMethod: "authKey", - IPAddress: IP, + IPAddress: ip, AuthKeyID: uint(pak1.ID), } h.db.Save(m1)