diff --git a/backend/cmd/api/main_test.go b/backend/cmd/api/main_test.go index 3a9e1d86..b0745c44 100644 --- a/backend/cmd/api/main_test.go +++ b/backend/cmd/api/main_test.go @@ -31,14 +31,14 @@ func TestResetPasswordCommand_Succeeds(t *testing.T) { if err != nil { t.Fatalf("connect db: %v", err) } - if err := db.AutoMigrate(&models.User{}); err != nil { + if err = db.AutoMigrate(&models.User{}); err != nil { t.Fatalf("automigrate: %v", err) } email := "user@example.com" user := models.User{UUID: "u-1", Email: email, Name: "User", Role: "admin", Enabled: true} user.PasswordHash = "$2a$10$example_hashed_password" - if err := db.Create(&user).Error; err != nil { + if err = db.Create(&user).Error; err != nil { t.Fatalf("seed user: %v", err) } @@ -80,7 +80,7 @@ func TestMigrateCommand_Succeeds(t *testing.T) { t.Fatalf("connect db: %v", err) } // Only migrate User table to simulate old database - if err := db.AutoMigrate(&models.User{}); err != nil { + if err = db.AutoMigrate(&models.User{}); err != nil { t.Fatalf("automigrate user: %v", err) } @@ -138,7 +138,7 @@ func TestStartupVerification_MissingTables(t *testing.T) { t.Fatalf("connect db: %v", err) } // Only migrate User table to simulate old database - if err := db.AutoMigrate(&models.User{}); err != nil { + if err = db.AutoMigrate(&models.User{}); err != nil { t.Fatalf("automigrate user: %v", err) } diff --git a/backend/internal/api/handlers/access_list_handler.go b/backend/internal/api/handlers/access_list_handler.go index 65c413b0..e0152bd1 100644 --- a/backend/internal/api/handlers/access_list_handler.go +++ b/backend/internal/api/handlers/access_list_handler.go @@ -164,8 +164,8 @@ func (h *AccessListHandler) TestIP(c *gin.Context) { var req struct { IPAddress string `json:"ip_address" binding:"required"` } - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) + if bindErr := c.ShouldBindJSON(&req); bindErr != nil { + c.JSON(http.StatusBadRequest, gin.H{"error": bindErr.Error()}) return } diff --git a/backend/internal/api/handlers/certificate_handler.go b/backend/internal/api/handlers/certificate_handler.go index 798d3a1d..5494606b 100644 --- a/backend/internal/api/handlers/certificate_handler.go +++ b/backend/internal/api/handlers/certificate_handler.go @@ -87,8 +87,8 @@ func (h *CertificateHandler) Upload(c *gin.Context) { return } defer func() { - if err := certSrc.Close(); err != nil { - logger.Log().WithError(err).Warn("failed to close certificate file") + if errClose := certSrc.Close(); errClose != nil { + logger.Log().WithError(errClose).Warn("failed to close certificate file") } }() @@ -98,8 +98,8 @@ func (h *CertificateHandler) Upload(c *gin.Context) { return } defer func() { - if err := keySrc.Close(); err != nil { - logger.Log().WithError(err).Warn("failed to close key file") + if errClose := keySrc.Close(); errClose != nil { + logger.Log().WithError(errClose).Warn("failed to close key file") } }() diff --git a/backend/internal/api/handlers/certificate_handler_test.go b/backend/internal/api/handlers/certificate_handler_test.go index 07f2013f..4f91e861 100644 --- a/backend/internal/api/handlers/certificate_handler_test.go +++ b/backend/internal/api/handlers/certificate_handler_test.go @@ -51,13 +51,13 @@ func TestDeleteCertificate_InUse(t *testing.T) { } // Migrate minimal models - if err := db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { + if err = db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { t.Fatalf("failed to migrate: %v", err) } // Create certificate cert := models.SSLCertificate{UUID: "test-cert", Name: "example-cert", Provider: "custom", Domains: "example.com"} - if err := db.Create(&cert).Error; err != nil { + if err = db.Create(&cert).Error; err != nil { t.Fatalf("failed to create cert: %v", err) } @@ -90,13 +90,13 @@ func TestDeleteCertificate_CreatesBackup(t *testing.T) { t.Fatalf("failed to open db: %v", err) } - if err := db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { + if err = db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { t.Fatalf("failed to migrate: %v", err) } // Create certificate cert := models.SSLCertificate{UUID: "test-cert-backup-success", Name: "deletable-cert", Provider: "custom", Domains: "delete.example.com"} - if err := db.Create(&cert).Error; err != nil { + if err = db.Create(&cert).Error; err != nil { t.Fatalf("failed to create cert: %v", err) } @@ -144,13 +144,13 @@ func TestDeleteCertificate_BackupFailure(t *testing.T) { t.Fatalf("failed to open db: %v", err) } - if err := db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { + if err = db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { t.Fatalf("failed to migrate: %v", err) } // Create certificate cert := models.SSLCertificate{UUID: "test-cert-backup-fails", Name: "deletable-cert", Provider: "custom", Domains: "delete-fail.example.com"} - if err := db.Create(&cert).Error; err != nil { + if err = db.Create(&cert).Error; err != nil { t.Fatalf("failed to create cert: %v", err) } @@ -192,13 +192,13 @@ func TestDeleteCertificate_InUse_NoBackup(t *testing.T) { t.Fatalf("failed to open db: %v", err) } - if err := db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { + if err = db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { t.Fatalf("failed to migrate: %v", err) } // Create certificate cert := models.SSLCertificate{UUID: "test-cert-in-use-no-backup", Name: "in-use-cert", Provider: "custom", Domains: "inuse.example.com"} - if err := db.Create(&cert).Error; err != nil { + if err = db.Create(&cert).Error; err != nil { t.Fatalf("failed to create cert: %v", err) } @@ -282,7 +282,7 @@ func TestCertificateHandler_List(t *testing.T) { t.Fatalf("failed to open db: %v", err) } - if err := db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { + if err = db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { t.Fatalf("failed to migrate: %v", err) } @@ -310,7 +310,7 @@ func TestCertificateHandler_Upload_MissingName(t *testing.T) { t.Fatalf("failed to open db: %v", err) } - if err := db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { + if err = db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { t.Fatalf("failed to migrate: %v", err) } @@ -338,7 +338,7 @@ func TestCertificateHandler_Upload_MissingCertFile(t *testing.T) { if err != nil { t.Fatalf("failed to open db: %v", err) } - if err := db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { + if err = db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { t.Fatalf("failed to migrate: %v", err) } @@ -369,7 +369,7 @@ func TestCertificateHandler_Upload_MissingKeyFile(t *testing.T) { if err != nil { t.Fatalf("failed to open db: %v", err) } - if err := db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { + if err = db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { t.Fatalf("failed to migrate: %v", err) } @@ -397,7 +397,7 @@ func TestCertificateHandler_Upload_Success(t *testing.T) { if err != nil { t.Fatalf("failed to open db: %v", err) } - if err := db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { + if err = db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { t.Fatalf("failed to migrate: %v", err) } @@ -475,7 +475,7 @@ func TestDeleteCertificate_InvalidID(t *testing.T) { if err != nil { t.Fatalf("failed to open db: %v", err) } - if err := db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { + if err = db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { t.Fatalf("failed to migrate: %v", err) } @@ -501,7 +501,7 @@ func TestDeleteCertificate_ZeroID(t *testing.T) { if err != nil { t.Fatalf("failed to open db: %v", err) } - if err := db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { + if err = db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { t.Fatalf("failed to migrate: %v", err) } @@ -527,7 +527,7 @@ func TestDeleteCertificate_LowDiskSpace(t *testing.T) { if err != nil { t.Fatalf("failed to open db: %v", err) } - if err := db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { + if err = db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { t.Fatalf("failed to migrate: %v", err) } @@ -567,7 +567,7 @@ func TestDeleteCertificate_DiskSpaceCheckError(t *testing.T) { if err != nil { t.Fatalf("failed to open db: %v", err) } - if err := db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { + if err = db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}); err != nil { t.Fatalf("failed to migrate: %v", err) } @@ -613,7 +613,7 @@ func TestDeleteCertificate_UsageCheckError(t *testing.T) { } // Only migrate SSLCertificate, not ProxyHost - this will cause usage check to fail - if err := db.AutoMigrate(&models.SSLCertificate{}); err != nil { + if err = db.AutoMigrate(&models.SSLCertificate{}); err != nil { t.Fatalf("failed to migrate: %v", err) } @@ -647,7 +647,7 @@ func TestDeleteCertificate_NotificationRateLimit(t *testing.T) { if err != nil { t.Fatalf("failed to open db: %v", err) } - if err := db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}, &models.NotificationProvider{}); err != nil { + if err = db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{}, &models.NotificationProvider{}); err != nil { t.Fatalf("failed to migrate: %v", err) } diff --git a/backend/internal/api/handlers/credential_handler.go b/backend/internal/api/handlers/credential_handler.go index 131a2e4d..bbd2166a 100644 --- a/backend/internal/api/handlers/credential_handler.go +++ b/backend/internal/api/handlers/credential_handler.go @@ -54,8 +54,8 @@ func (h *CredentialHandler) Create(c *gin.Context) { } var req services.CreateCredentialRequest - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) + if bindErr := c.ShouldBindJSON(&req); bindErr != nil { + c.JSON(http.StatusBadRequest, gin.H{"error": bindErr.Error()}) return } @@ -126,8 +126,8 @@ func (h *CredentialHandler) Update(c *gin.Context) { } var req services.UpdateCredentialRequest - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) + if bindErr := c.ShouldBindJSON(&req); bindErr != nil { + c.JSON(http.StatusBadRequest, gin.H{"error": bindErr.Error()}) return } diff --git a/backend/internal/api/handlers/crowdsec_archive_test.go b/backend/internal/api/handlers/crowdsec_archive_test.go index 4f304fe1..dbe149e1 100644 --- a/backend/internal/api/handlers/crowdsec_archive_test.go +++ b/backend/internal/api/handlers/crowdsec_archive_test.go @@ -115,11 +115,11 @@ func TestCalculateUncompressedSize(t *testing.T) { Size: int64(len(testContent)), Typeflag: tar.TypeReg, } - if err := tw.WriteHeader(hdr); err != nil { - t.Fatalf("Failed to write tar header: %v", err) + if writeHeaderErr := tw.WriteHeader(hdr); writeHeaderErr != nil { + t.Fatalf("Failed to write tar header: %v", writeHeaderErr) } - if _, err := tw.Write([]byte(testContent)); err != nil { - t.Fatalf("Failed to write tar content: %v", err) + if _, writeErr := tw.Write([]byte(testContent)); writeErr != nil { + t.Fatalf("Failed to write tar content: %v", writeErr) } // Add a second file @@ -130,21 +130,21 @@ func TestCalculateUncompressedSize(t *testing.T) { Size: int64(len(content2)), Typeflag: tar.TypeReg, } - if err := tw.WriteHeader(hdr2); err != nil { - t.Fatalf("Failed to write tar header 2: %v", err) + if writeHeaderErr := tw.WriteHeader(hdr2); writeHeaderErr != nil { + t.Fatalf("Failed to write tar header 2: %v", writeHeaderErr) } - if _, err := tw.Write([]byte(content2)); err != nil { - t.Fatalf("Failed to write tar content 2: %v", err) + if _, writeErr := tw.Write([]byte(content2)); writeErr != nil { + t.Fatalf("Failed to write tar content 2: %v", writeErr) } - if err := tw.Close(); err != nil { - t.Fatalf("Failed to close tar writer: %v", err) + if closeErr := tw.Close(); closeErr != nil { + t.Fatalf("Failed to close tar writer: %v", closeErr) } - if err := gw.Close(); err != nil { - t.Fatalf("Failed to close gzip writer: %v", err) + if closeErr := gw.Close(); closeErr != nil { + t.Fatalf("Failed to close gzip writer: %v", closeErr) } - if err := f.Close(); err != nil { - t.Fatalf("Failed to close file: %v", err) + if closeErr := f.Close(); closeErr != nil { + t.Fatalf("Failed to close file: %v", closeErr) } // Test calculateUncompressedSize @@ -206,22 +206,22 @@ func TestListArchiveContents(t *testing.T) { Size: int64(len(file.content)), Typeflag: tar.TypeReg, } - if err := tw.WriteHeader(hdr); err != nil { - t.Fatalf("Failed to write tar header for %s: %v", file.name, err) + if writeHeaderErr := tw.WriteHeader(hdr); writeHeaderErr != nil { + t.Fatalf("Failed to write tar header for %s: %v", file.name, writeHeaderErr) } - if _, err := tw.Write([]byte(file.content)); err != nil { - t.Fatalf("Failed to write tar content for %s: %v", file.name, err) + if _, writeErr := tw.Write([]byte(file.content)); writeErr != nil { + t.Fatalf("Failed to write tar content for %s: %v", file.name, writeErr) } } - if err := tw.Close(); err != nil { - t.Fatalf("Failed to close tar writer: %v", err) + if closeErr := tw.Close(); closeErr != nil { + t.Fatalf("Failed to close tar writer: %v", closeErr) } - if err := gw.Close(); err != nil { - t.Fatalf("Failed to close gzip writer: %v", err) + if closeErr := gw.Close(); closeErr != nil { + t.Fatalf("Failed to close gzip writer: %v", closeErr) } - if err := f.Close(); err != nil { - t.Fatalf("Failed to close file: %v", err) + if closeErr := f.Close(); closeErr != nil { + t.Fatalf("Failed to close file: %v", closeErr) } // Test listArchiveContents @@ -316,8 +316,8 @@ func TestConfigArchiveValidator_Validate(t *testing.T) { // Test unsupported format unsupportedPath := filepath.Join(tmpDir, "test.rar") // #nosec G306 -- Test file permissions, not security-critical - if err := os.WriteFile(unsupportedPath, []byte("dummy"), 0644); err != nil { - t.Fatalf("Failed to create dummy file: %v", err) + if writeErr := os.WriteFile(unsupportedPath, []byte("dummy"), 0644); writeErr != nil { + t.Fatalf("Failed to create dummy file: %v", writeErr) } err = validator.Validate(unsupportedPath) if err == nil { @@ -348,21 +348,21 @@ func createTestTarGz(t *testing.T, path string, files []struct { Size: int64(len(file.content)), Typeflag: tar.TypeReg, } - if err := tw.WriteHeader(hdr); err != nil { - t.Fatalf("Failed to write tar header for %s: %v", file.name, err) + if writeHeaderErr := tw.WriteHeader(hdr); writeHeaderErr != nil { + t.Fatalf("Failed to write tar header for %s: %v", file.name, writeHeaderErr) } - if _, err := tw.Write([]byte(file.content)); err != nil { - t.Fatalf("Failed to write tar content for %s: %v", file.name, err) + if _, writeErr := tw.Write([]byte(file.content)); writeErr != nil { + t.Fatalf("Failed to write tar content for %s: %v", file.name, writeErr) } } - if err := tw.Close(); err != nil { - t.Fatalf("Failed to close tar writer: %v", err) + if closeErr := tw.Close(); closeErr != nil { + t.Fatalf("Failed to close tar writer: %v", closeErr) } - if err := gw.Close(); err != nil { - t.Fatalf("Failed to close gzip writer: %v", err) + if closeErr := gw.Close(); closeErr != nil { + t.Fatalf("Failed to close gzip writer: %v", closeErr) } - if err := f.Close(); err != nil { - t.Fatalf("Failed to close file: %v", err) + if closeErr := f.Close(); closeErr != nil { + t.Fatalf("Failed to close file: %v", closeErr) } } diff --git a/backend/internal/api/handlers/crowdsec_bouncer_test.go b/backend/internal/api/handlers/crowdsec_bouncer_test.go index 908fc5ec..abfa7e12 100644 --- a/backend/internal/api/handlers/crowdsec_bouncer_test.go +++ b/backend/internal/api/handlers/crowdsec_bouncer_test.go @@ -76,8 +76,8 @@ func TestSaveAndReadKeyFromFile(t *testing.T) { testKey := "test-api-key-789" // Test saveKeyToFile creates directories and saves key - if err := saveKeyToFile(keyFile, testKey); err != nil { - t.Fatalf("saveKeyToFile() error = %v", err) + if saveErr := saveKeyToFile(keyFile, testKey); saveErr != nil { + t.Fatalf("saveKeyToFile() error = %v", saveErr) } // Verify file was created diff --git a/backend/internal/api/handlers/crowdsec_handler.go b/backend/internal/api/handlers/crowdsec_handler.go index a4770ec3..07000e05 100644 --- a/backend/internal/api/handlers/crowdsec_handler.go +++ b/backend/internal/api/handlers/crowdsec_handler.go @@ -404,8 +404,8 @@ func (h *CrowdsecHandler) Start(c *gin.Context) { Enabled: true, CrowdSecMode: "local", } - if err := h.DB.Create(&cfg).Error; err != nil { - logger.Log().WithError(err).Error("Failed to create SecurityConfig") + if createErr := h.DB.Create(&cfg).Error; createErr != nil { + logger.Log().WithError(createErr).Error("Failed to create SecurityConfig") c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to persist configuration"}) return } @@ -1124,11 +1124,11 @@ func (h *CrowdsecHandler) ApplyPreset(c *gin.Context) { if cached, err := h.Hub.Cache.Load(ctx, slug); err == nil { logger.Log().WithField("slug", util.SanitizeForLog(slug)).WithField("cache_key", cached.CacheKey).WithField("archive_path", cached.ArchivePath).WithField("preview_path", cached.PreviewPath).Info("preset found in cache") // Verify files still exist - if _, err := os.Stat(cached.ArchivePath); err != nil { - logger.Log().WithError(err).WithField("archive_path", cached.ArchivePath).Error("cached archive file missing") + if _, statErr := os.Stat(cached.ArchivePath); statErr != nil { + logger.Log().WithError(statErr).WithField("archive_path", cached.ArchivePath).Error("cached archive file missing") } - if _, err := os.Stat(cached.PreviewPath); err != nil { - logger.Log().WithError(err).WithField("preview_path", cached.PreviewPath).Error("cached preview file missing") + if _, statErr := os.Stat(cached.PreviewPath); statErr != nil { + logger.Log().WithError(statErr).WithField("preview_path", cached.PreviewPath).Error("cached preview file missing") } } else { logger.Log().WithError(err).WithField("slug", util.SanitizeForLog(slug)).Warn("preset not found in cache before apply") @@ -1460,8 +1460,8 @@ func (h *CrowdsecHandler) GetLAPIDecisions(c *gin.Context) { return } defer func() { - if err := resp.Body.Close(); err != nil { - logger.Log().WithError(err).Warn("Failed to close response body") + if closeErr := resp.Body.Close(); closeErr != nil { + logger.Log().WithError(closeErr).Warn("Failed to close response body") } }() diff --git a/backend/internal/api/handlers/dns_provider_handler.go b/backend/internal/api/handlers/dns_provider_handler.go index 88c02af3..f2fc19c0 100644 --- a/backend/internal/api/handlers/dns_provider_handler.go +++ b/backend/internal/api/handlers/dns_provider_handler.go @@ -86,8 +86,8 @@ func (h *DNSProviderHandler) Get(c *gin.Context) { // Creates a new DNS provider with encrypted credentials. func (h *DNSProviderHandler) Create(c *gin.Context) { var req services.CreateDNSProviderRequest - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) + if bindErr := c.ShouldBindJSON(&req); bindErr != nil { + c.JSON(http.StatusBadRequest, gin.H{"error": bindErr.Error()}) return } @@ -131,8 +131,8 @@ func (h *DNSProviderHandler) Update(c *gin.Context) { } var req services.UpdateDNSProviderRequest - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) + if bindErr := c.ShouldBindJSON(&req); bindErr != nil { + c.JSON(http.StatusBadRequest, gin.H{"error": bindErr.Error()}) return } @@ -221,8 +221,8 @@ func (h *DNSProviderHandler) Test(c *gin.Context) { // Tests DNS provider credentials without saving them. func (h *DNSProviderHandler) TestCredentials(c *gin.Context) { var req services.CreateDNSProviderRequest - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) + if bindErr := c.ShouldBindJSON(&req); bindErr != nil { + c.JSON(http.StatusBadRequest, gin.H{"error": bindErr.Error()}) return } diff --git a/backend/internal/api/handlers/import_handler.go b/backend/internal/api/handlers/import_handler.go index fd484cc3..9f52b921 100644 --- a/backend/internal/api/handlers/import_handler.go +++ b/backend/internal/api/handlers/import_handler.go @@ -94,17 +94,17 @@ func (h *ImportHandler) GetStatus(c *gin.Context) { if err == gorm.ErrRecordNotFound { // No pending/reviewing session, check if there's a mounted Caddyfile available for transient preview if h.mountPath != "" { - if fileInfo, err := os.Stat(h.mountPath); err == nil { + if fileInfo, statErr := os.Stat(h.mountPath); statErr == nil { // Check if this mount has already been committed recently var committedSession models.ImportSession - err := h.db.Where("source_file = ? AND status = ?", h.mountPath, "committed"). + committedErr := h.db.Where("source_file = ? AND status = ?", h.mountPath, "committed"). Order("committed_at DESC"). First(&committedSession).Error // Allow re-import if: // 1. Never committed before (err == gorm.ErrRecordNotFound), OR // 2. File was modified after last commit - allowImport := err == gorm.ErrRecordNotFound + allowImport := committedErr == gorm.ErrRecordNotFound if !allowImport && committedSession.CommittedAt != nil { fileMod := fileInfo.ModTime() commitTime := *committedSession.CommittedAt @@ -192,7 +192,7 @@ func (h *ImportHandler) GetPreview(c *gin.Context) { // No DB session found or failed to parse session. Try transient preview from mountPath. if h.mountPath != "" { - if fileInfo, err := os.Stat(h.mountPath); err == nil { + if fileInfo, statErr := os.Stat(h.mountPath); statErr == nil { // Check if this mount has already been committed recently var committedSession models.ImportSession err := h.db.Where("source_file = ? AND status = ?", h.mountPath, "committed"). @@ -310,7 +310,7 @@ func (h *ImportHandler) Upload(c *gin.Context) { return } // #nosec G301 -- Import uploads directory needs group readability for processing - if err := os.MkdirAll(uploadsDir, 0o755); err != nil { + if mkdirErr := os.MkdirAll(uploadsDir, 0o755); mkdirErr != nil { c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to create uploads directory"}) return } @@ -320,8 +320,8 @@ func (h *ImportHandler) Upload(c *gin.Context) { return } // #nosec G306 -- Caddyfile uploads need group readability for Caddy validation - if err := os.WriteFile(tempPath, []byte(normalizedContent), 0o644); err != nil { - middleware.GetRequestLogger(c).WithField("tempPath", util.SanitizeForLog(filepath.Base(tempPath))).WithError(err).Error("Import Upload: failed to write temp file") + if writeErr := os.WriteFile(tempPath, []byte(normalizedContent), 0o644); writeErr != nil { + middleware.GetRequestLogger(c).WithField("tempPath", util.SanitizeForLog(filepath.Base(tempPath))).WithError(writeErr).Error("Import Upload: failed to write temp file") c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to write upload"}) return } @@ -492,7 +492,7 @@ func (h *ImportHandler) UploadMulti(c *gin.Context) { return } // #nosec G301 -- Session directory with standard permissions for import processing - if err := os.MkdirAll(sessionDir, 0o755); err != nil { + if mkdirErr := os.MkdirAll(sessionDir, 0o755); mkdirErr != nil { c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to create session directory"}) return } @@ -507,8 +507,8 @@ func (h *ImportHandler) UploadMulti(c *gin.Context) { // Clean filename and create subdirectories if needed cleanName := filepath.Clean(f.Filename) - targetPath, err := safeJoin(sessionDir, cleanName) - if err != nil { + targetPath, joinErr := safeJoin(sessionDir, cleanName) + if joinErr != nil { c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("invalid filename: %s", f.Filename)}) return } @@ -516,14 +516,14 @@ func (h *ImportHandler) UploadMulti(c *gin.Context) { // Create parent directory if file is in a subdirectory if dir := filepath.Dir(targetPath); dir != sessionDir { // #nosec G301 -- Subdirectory within validated session directory - if err := os.MkdirAll(dir, 0o755); err != nil { + if mkdirErr := os.MkdirAll(dir, 0o755); mkdirErr != nil { c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to create directory for %s", f.Filename)}) return } } // #nosec G306 -- Imported Caddyfile needs to be readable for processing - if err := os.WriteFile(targetPath, []byte(f.Content), 0o644); err != nil { + if writeErr := os.WriteFile(targetPath, []byte(f.Content), 0o644); writeErr != nil { c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("failed to write file %s", f.Filename)}) return } diff --git a/backend/internal/api/handlers/logs_handler.go b/backend/internal/api/handlers/logs_handler.go index fe8238c3..bb18d1d6 100644 --- a/backend/internal/api/handlers/logs_handler.go +++ b/backend/internal/api/handlers/logs_handler.go @@ -88,8 +88,8 @@ func (h *LogsHandler) Download(c *gin.Context) { return } defer func() { - if err := os.Remove(tmpFile.Name()); err != nil { - logger.Log().WithError(err).Warn("failed to remove temp file") + if removeErr := os.Remove(tmpFile.Name()); removeErr != nil { + logger.Log().WithError(removeErr).Warn("failed to remove temp file") } }() diff --git a/backend/internal/api/handlers/manual_challenge_handler.go b/backend/internal/api/handlers/manual_challenge_handler.go index 1e5e5f19..05046146 100644 --- a/backend/internal/api/handlers/manual_challenge_handler.go +++ b/backend/internal/api/handlers/manual_challenge_handler.go @@ -538,10 +538,10 @@ func (h *ManualChallengeHandler) CreateChallenge(c *gin.Context) { } var req CreateChallengeRequest - if err := c.ShouldBindJSON(&req); err != nil { + if bindErr := c.ShouldBindJSON(&req); bindErr != nil { c.JSON(http.StatusBadRequest, newErrorResponse( "INVALID_REQUEST", - err.Error(), + bindErr.Error(), nil, )) return diff --git a/backend/internal/api/handlers/security_handler.go b/backend/internal/api/handlers/security_handler.go index 2b65b5ae..b121eb1f 100644 --- a/backend/internal/api/handlers/security_handler.go +++ b/backend/internal/api/handlers/security_handler.go @@ -688,8 +688,8 @@ func (h *SecurityHandler) AddWAFExclusion(c *gin.Context) { // Parse existing exclusions var exclusions []WAFExclusion if cfg.WAFExclusions != "" { - if err := json.Unmarshal([]byte(cfg.WAFExclusions), &exclusions); err != nil { - log.WithError(err).Warn("Failed to parse existing WAF exclusions") + if unmarshalErr := json.Unmarshal([]byte(cfg.WAFExclusions), &exclusions); unmarshalErr != nil { + log.WithError(unmarshalErr).Warn("Failed to parse existing WAF exclusions") exclusions = []WAFExclusion{} } } @@ -770,7 +770,7 @@ func (h *SecurityHandler) DeleteWAFExclusion(c *gin.Context) { // Parse existing exclusions var exclusions []WAFExclusion if cfg.WAFExclusions != "" { - if err := json.Unmarshal([]byte(cfg.WAFExclusions), &exclusions); err != nil { + if unmarshalErr := json.Unmarshal([]byte(cfg.WAFExclusions), &exclusions); unmarshalErr != nil { c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to parse exclusions"}) return } diff --git a/backend/internal/api/handlers/settings_handler_test.go b/backend/internal/api/handlers/settings_handler_test.go index 57ef549b..1d1ead74 100644 --- a/backend/internal/api/handlers/settings_handler_test.go +++ b/backend/internal/api/handlers/settings_handler_test.go @@ -35,8 +35,8 @@ func startTestSMTPServer(t *testing.T) (host string, port int) { go func() { defer close(acceptDone) for { - conn, err := ln.Accept() - if err != nil { + conn, acceptErr := ln.Accept() + if acceptErr != nil { return } wg.Add(1) diff --git a/backend/internal/api/handlers/user_handler.go b/backend/internal/api/handlers/user_handler.go index 21707657..9f523238 100644 --- a/backend/internal/api/handlers/user_handler.go +++ b/backend/internal/api/handlers/user_handler.go @@ -451,23 +451,23 @@ func (h *UserHandler) InviteUser(c *gin.Context) { } err = h.DB.Transaction(func(tx *gorm.DB) error { - if err := tx.Create(&user).Error; err != nil { - return err + if txErr := tx.Create(&user).Error; txErr != nil { + return txErr } // Explicitly disable user (bypass GORM's default:true) - if err := tx.Model(&user).Update("enabled", false).Error; err != nil { - return err + if txErr := tx.Model(&user).Update("enabled", false).Error; txErr != nil { + return txErr } // Add permitted hosts if specified if len(req.PermittedHosts) > 0 { var hosts []models.ProxyHost - if err := tx.Where("id IN ?", req.PermittedHosts).Find(&hosts).Error; err != nil { - return err + if findErr := tx.Where("id IN ?", req.PermittedHosts).Find(&hosts).Error; findErr != nil { + return findErr } - if err := tx.Model(&user).Association("PermittedHosts").Replace(hosts); err != nil { - return err + if assocErr := tx.Model(&user).Association("PermittedHosts").Replace(hosts); assocErr != nil { + return assocErr } } @@ -622,7 +622,7 @@ func (h *UserHandler) UpdateUser(c *gin.Context) { } var user models.User - if err := h.DB.First(&user, id).Error; err != nil { + if findErr := h.DB.First(&user, id).Error; findErr != nil { c.JSON(http.StatusNotFound, gin.H{"error": "User not found"}) return } @@ -702,7 +702,7 @@ func (h *UserHandler) DeleteUser(c *gin.Context) { } var user models.User - if err := h.DB.First(&user, id).Error; err != nil { + if findErr := h.DB.First(&user, id).Error; findErr != nil { c.JSON(http.StatusNotFound, gin.H{"error": "User not found"}) return } @@ -743,7 +743,7 @@ func (h *UserHandler) ResendInvite(c *gin.Context) { } var user models.User - if err := h.DB.First(&user, id).Error; err != nil { + if findErr := h.DB.First(&user, id).Error; findErr != nil { c.JSON(http.StatusNotFound, gin.H{"error": "User not found"}) return } @@ -812,33 +812,33 @@ func (h *UserHandler) UpdateUserPermissions(c *gin.Context) { } var user models.User - if err := h.DB.First(&user, id).Error; err != nil { + if findErr := h.DB.First(&user, id).Error; findErr != nil { c.JSON(http.StatusNotFound, gin.H{"error": "User not found"}) return } var req UpdateUserPermissionsRequest - if err := c.ShouldBindJSON(&req); err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) + if bindErr := c.ShouldBindJSON(&req); bindErr != nil { + c.JSON(http.StatusBadRequest, gin.H{"error": bindErr.Error()}) return } err = h.DB.Transaction(func(tx *gorm.DB) error { // Update permission mode - if err := tx.Model(&user).Update("permission_mode", req.PermissionMode).Error; err != nil { - return err + if txErr := tx.Model(&user).Update("permission_mode", req.PermissionMode).Error; txErr != nil { + return txErr } // Update permitted hosts var hosts []models.ProxyHost if len(req.PermittedHosts) > 0 { - if err := tx.Where("id IN ?", req.PermittedHosts).Find(&hosts).Error; err != nil { - return err + if findErr := tx.Where("id IN ?", req.PermittedHosts).Find(&hosts).Error; findErr != nil { + return findErr } } - if err := tx.Model(&user).Association("PermittedHosts").Replace(hosts); err != nil { - return err + if assocErr := tx.Model(&user).Association("PermittedHosts").Replace(hosts); assocErr != nil { + return assocErr } return nil diff --git a/backend/internal/api/routes/routes.go b/backend/internal/api/routes/routes.go index eb51e555..c2164763 100644 --- a/backend/internal/api/routes/routes.go +++ b/backend/internal/api/routes/routes.go @@ -376,8 +376,8 @@ func RegisterWithDeps(router *gin.Engine, db *gorm.DB, cfg config.Config, caddyM dockerHandler.RegisterRoutes(protected) // Uptime Service - uptimeService := services.NewUptimeService(db, notificationService) - uptimeHandler := handlers.NewUptimeHandler(uptimeService) + uptimeSvc := services.NewUptimeService(db, notificationService) + uptimeHandler := handlers.NewUptimeHandler(uptimeSvc) protected.GET("/uptime/monitors", uptimeHandler.List) protected.POST("/uptime/monitors", uptimeHandler.Create) protected.GET("/uptime/monitors/:id/history", uptimeHandler.GetHistory) @@ -551,8 +551,8 @@ func RegisterWithDeps(router *gin.Engine, db *gorm.DB, cfg config.Config, caddyM if _, err := os.Stat(accessLogPath); os.IsNotExist(err) { // #nosec G304 -- Creating access log file, path is application-controlled if f, err := os.Create(accessLogPath); err == nil { - if err := f.Close(); err != nil { - logger.Log().WithError(err).Warn("Failed to close log file") + if closeErr := f.Close(); closeErr != nil { + logger.Log().WithError(closeErr).Warn("Failed to close log file") } logger.Log().WithError(err).WithField("path", accessLogPath).Warn("Failed to create log file for LogWatcher") } diff --git a/backend/internal/caddy/config.go b/backend/internal/caddy/config.go index bc9bb0fa..60008607 100644 --- a/backend/internal/caddy/config.go +++ b/backend/internal/caddy/config.go @@ -143,8 +143,8 @@ func GenerateConfig(hosts []models.ProxyHost, storageDir, acmeEmail, frontendDir // If provider uses multi-credentials, create separate policies per domain if dnsConfig.UseMultiCredentials && len(dnsConfig.ZoneCredentials) > 0 { // Get provider plugin from registry - provider, ok := dnsprovider.Global().Get(dnsConfig.ProviderType) - if !ok { + provider, providerOK := dnsprovider.Global().Get(dnsConfig.ProviderType) + if !providerOK { logger.Log().WithField("provider_type", dnsConfig.ProviderType).Warn("DNS provider type not found in registry") continue } diff --git a/backend/internal/caddy/importer.go b/backend/internal/caddy/importer.go index a5a651f3..5dd6c1f3 100644 --- a/backend/internal/caddy/importer.go +++ b/backend/internal/caddy/importer.go @@ -137,11 +137,11 @@ func (i *Importer) NormalizeCaddyfile(content string) (string, error) { // Note: These OS-level temp file error paths (WriteString/Close failures) // require disk fault injection to test and are impractical to cover in unit tests. // They are defensive error handling for rare I/O failures. - if _, err := tmpFile.WriteString(content); err != nil { - return "", fmt.Errorf("failed to write temp file: %w", err) + if _, writeErr := tmpFile.WriteString(content); writeErr != nil { + return "", fmt.Errorf("failed to write temp file: %w", writeErr) } - if err := tmpFile.Close(); err != nil { - return "", fmt.Errorf("failed to close temp file: %w", err) + if closeErr := tmpFile.Close(); closeErr != nil { + return "", fmt.Errorf("failed to close temp file: %w", closeErr) } // Run: caddy fmt --overwrite diff --git a/backend/internal/caddy/manager.go b/backend/internal/caddy/manager.go index 97462583..01cf5447 100644 --- a/backend/internal/caddy/manager.go +++ b/backend/internal/caddy/manager.go @@ -384,8 +384,8 @@ func (m *Manager) ApplyConfig(ctx context.Context) error { } } if !isActive { - if err := removeFileFunc(filePath); err != nil { - logger.Log().WithError(err).WithField("path", filePath).Warn("failed to remove stale ruleset file") + if removeErr := removeFileFunc(filePath); removeErr != nil { + logger.Log().WithError(removeErr).WithField("path", filePath).Warn("failed to remove stale ruleset file") } else { logger.Log().WithField("path", filePath).Info("removed stale ruleset file") } @@ -424,8 +424,8 @@ func (m *Manager) ApplyConfig(ctx context.Context) error { } // Validate before applying - if err := validateConfigFunc(generatedConfig); err != nil { - return fmt.Errorf("validation failed: %w", err) + if validateErr := validateConfigFunc(generatedConfig); validateErr != nil { + return fmt.Errorf("validation failed: %w", validateErr) } // Save snapshot for rollback diff --git a/backend/internal/crowdsec/console_enroll.go b/backend/internal/crowdsec/console_enroll.go index 962740d5..0a73f3fe 100644 --- a/backend/internal/crowdsec/console_enroll.go +++ b/backend/internal/crowdsec/console_enroll.go @@ -139,12 +139,12 @@ func (s *ConsoleEnrollmentService) Enroll(ctx context.Context, req ConsoleEnroll // CRITICAL: Check that LAPI is running before attempting enrollment // Console enrollment requires an active LAPI connection to register with crowdsec.net - if err := s.checkLAPIAvailable(ctx); err != nil { - return ConsoleEnrollmentStatus{}, err + if checkErr := s.checkLAPIAvailable(ctx); checkErr != nil { + return ConsoleEnrollmentStatus{}, checkErr } - if err := s.ensureCAPIRegistered(ctx); err != nil { - return ConsoleEnrollmentStatus{}, err + if ensureErr := s.ensureCAPIRegistered(ctx); ensureErr != nil { + return ConsoleEnrollmentStatus{}, ensureErr } s.mu.Lock() diff --git a/backend/internal/crowdsec/hub_sync.go b/backend/internal/crowdsec/hub_sync.go index 7de185cd..71573211 100644 --- a/backend/internal/crowdsec/hub_sync.go +++ b/backend/internal/crowdsec/hub_sync.go @@ -449,8 +449,8 @@ func (s *HubService) fetchIndexHTTPFromURL(ctx context.Context, target string) ( return HubIndex{}, fmt.Errorf("fetch hub index: %w", err) } defer func() { - if err := resp.Body.Close(); err != nil { - logger.Log().WithError(err).Warn("Failed to close response body") + if closeErr := resp.Body.Close(); closeErr != nil { + logger.Log().WithError(closeErr).Warn("Failed to close response body") } }() if resp.StatusCode != http.StatusOK { @@ -550,11 +550,11 @@ func (s *HubService) Pull(ctx context.Context, slug string) (PullResult, error) Mode: 0o644, Size: int64(len(archiveBytes)), } - if err := tw.WriteHeader(hdr); err != nil { - return PullResult{}, fmt.Errorf("create tar header: %w", err) + if writeHeaderErr := tw.WriteHeader(hdr); writeHeaderErr != nil { + return PullResult{}, fmt.Errorf("create tar header: %w", writeHeaderErr) } - if _, err := tw.Write(archiveBytes); err != nil { - return PullResult{}, fmt.Errorf("write tar content: %w", err) + if _, writeErr := tw.Write(archiveBytes); writeErr != nil { + return PullResult{}, fmt.Errorf("write tar content: %w", writeErr) } _ = tw.Close() _ = gw.Close() @@ -748,8 +748,8 @@ func (s *HubService) fetchWithLimitFromURL(ctx context.Context, url string) ([]b return nil, fmt.Errorf("request %s: %w", url, err) } defer func() { - if err := resp.Body.Close(); err != nil { - logger.Log().WithError(err).Warn("Failed to close response body") + if closeErr := resp.Body.Close(); closeErr != nil { + logger.Log().WithError(closeErr).Warn("Failed to close response body") } }() if resp.StatusCode != http.StatusOK { @@ -938,8 +938,8 @@ func emptyDir(dir string) error { return err } defer func() { - if err := d.Close(); err != nil { - logger.Log().WithError(err).Warn("Failed to close directory") + if closeErr := d.Close(); closeErr != nil { + logger.Log().WithError(closeErr).Warn("Failed to close directory") } }() names, err := d.Readdirnames(-1) @@ -1000,14 +1000,14 @@ func (s *HubService) extractTarGz(ctx context.Context, archive []byte, targetDir } if hdr.FileInfo().IsDir() { - if err := os.MkdirAll(destPath, hdr.FileInfo().Mode()); err != nil { - return fmt.Errorf("mkdir %s: %w", destPath, err) + if mkdirErr := os.MkdirAll(destPath, hdr.FileInfo().Mode()); mkdirErr != nil { + return fmt.Errorf("mkdir %s: %w", destPath, mkdirErr) } continue } - if err := os.MkdirAll(filepath.Dir(destPath), 0o700); err != nil { - return fmt.Errorf("mkdir parent: %w", err) + if mkdirErr := os.MkdirAll(filepath.Dir(destPath), 0o700); mkdirErr != nil { + return fmt.Errorf("mkdir parent: %w", mkdirErr) } f, err := os.OpenFile(destPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, hdr.FileInfo().Mode()) // #nosec G304 -- Dest path from tar archive extraction // #nosec G304 -- Dest path from tar archive extraction if err != nil { @@ -1075,8 +1075,8 @@ func copyFile(src, dst string) error { return fmt.Errorf("open src: %w", err) } defer func() { - if err := srcFile.Close(); err != nil { - logger.Log().WithError(err).Warn("Failed to close source file") + if closeErr := srcFile.Close(); closeErr != nil { + logger.Log().WithError(closeErr).Warn("Failed to close source file") } }() diff --git a/backend/internal/crowdsec/registration.go b/backend/internal/crowdsec/registration.go index e7ad7723..50f7bdd9 100644 --- a/backend/internal/crowdsec/registration.go +++ b/backend/internal/crowdsec/registration.go @@ -147,8 +147,8 @@ func CheckLAPIHealth(lapiURL string) bool { return checkDecisionsEndpoint(ctx, lapiURL) } defer func() { - if err := resp.Body.Close(); err != nil { - logger.Log().WithError(err).Warn("Failed to close response body") + if closeErr := resp.Body.Close(); closeErr != nil { + logger.Log().WithError(closeErr).Warn("Failed to close response body") } }() @@ -194,8 +194,8 @@ func GetLAPIVersion(ctx context.Context, lapiURL string) (string, error) { return "", fmt.Errorf("version request failed: %w", err) } defer func() { - if err := resp.Body.Close(); err != nil { - logger.Log().WithError(err).Warn("Failed to close response body") + if closeErr := resp.Body.Close(); closeErr != nil { + logger.Log().WithError(closeErr).Warn("Failed to close response body") } }() diff --git a/backend/internal/crypto/rotation_service.go b/backend/internal/crypto/rotation_service.go index 4b7afc36..8db8d71e 100644 --- a/backend/internal/crypto/rotation_service.go +++ b/backend/internal/crypto/rotation_service.go @@ -227,8 +227,8 @@ func (rs *RotationService) rotateProviderCredentials(ctx context.Context, provid // Validate that decrypted data is valid JSON var credentials map[string]string - if err := json.Unmarshal(plaintext, &credentials); err != nil { - return fmt.Errorf("invalid credential format after decryption: %w", err) + if unmarshalErr := json.Unmarshal(plaintext, &credentials); unmarshalErr != nil { + return fmt.Errorf("invalid credential format after decryption: %w", unmarshalErr) } // Re-encrypt with next key diff --git a/backend/internal/security/url_validator.go b/backend/internal/security/url_validator.go index 26a95947..bb56adb5 100644 --- a/backend/internal/security/url_validator.go +++ b/backend/internal/security/url_validator.go @@ -225,9 +225,9 @@ func ValidateExternalURL(rawURL string, options ...ValidationOption) (string, er // ENHANCEMENT: Port Range Validation if port := u.Port(); port != "" { - portNum, err := parsePort(port) - if err != nil { - return "", fmt.Errorf("invalid port: %w", err) + portNum, parseErr := parsePort(port) + if parseErr != nil { + return "", fmt.Errorf("invalid port: %w", parseErr) } if portNum < 1 || portNum > 65535 { return "", fmt.Errorf("port out of range: %d", portNum) diff --git a/backend/internal/services/backup_service.go b/backend/internal/services/backup_service.go index 743eeb7b..3f0d3a9c 100644 --- a/backend/internal/services/backup_service.go +++ b/backend/internal/services/backup_service.go @@ -262,8 +262,8 @@ func (s *BackupService) addToZip(w *zip.Writer, srcPath, zipPath string) error { return err } defer func() { - if err := file.Close(); err != nil { - logger.Log().WithError(err).Warn("failed to close file after adding to zip") + if closeErr := file.Close(); closeErr != nil { + logger.Log().WithError(closeErr).Warn("failed to close file after adding to zip") } }() @@ -365,8 +365,8 @@ func (s *BackupService) unzip(src, dest string) error { } // Use 0700 for parent directories - if err := os.MkdirAll(filepath.Dir(fpath), 0o700); err != nil { - return err + if mkdirErr := os.MkdirAll(filepath.Dir(fpath), 0o700); mkdirErr != nil { + return mkdirErr } outFile, err := os.OpenFile(fpath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, f.Mode()) // #nosec G304 -- File path from validated backup @@ -376,8 +376,8 @@ func (s *BackupService) unzip(src, dest string) error { rc, err := f.Open() if err != nil { - if err := outFile.Close(); err != nil { - logger.Log().WithError(err).Warn("failed to close temporary output file after f.Open() error") + if closeErr := outFile.Close(); closeErr != nil { + logger.Log().WithError(closeErr).Warn("failed to close temporary output file after f.Open() error") } return err } @@ -396,8 +396,8 @@ func (s *BackupService) unzip(src, dest string) error { if closeErr := outFile.Close(); closeErr != nil && err == nil { err = closeErr } - if err := rc.Close(); err != nil { - logger.Log().WithError(err).Warn("Failed to close reader") + if closeErr := rc.Close(); closeErr != nil { + logger.Log().WithError(closeErr).Warn("Failed to close reader") } if err != nil { diff --git a/backend/internal/services/certificate_service_test.go b/backend/internal/services/certificate_service_test.go index d8ad918b..c0336b92 100644 --- a/backend/internal/services/certificate_service_test.go +++ b/backend/internal/services/certificate_service_test.go @@ -94,7 +94,7 @@ func TestCertificateService_GetCertificateInfo(t *testing.T) { if err != nil { t.Fatalf("Failed to connect to database: %v", err) } - if err := db.AutoMigrate(&models.SSLCertificate{}); err != nil { + if err = db.AutoMigrate(&models.SSLCertificate{}); err != nil { t.Fatalf("Failed to migrate database: %v", err) } diff --git a/backend/internal/services/credential_service.go b/backend/internal/services/credential_service.go index 2cdb9b03..8f059819 100644 --- a/backend/internal/services/credential_service.go +++ b/backend/internal/services/credential_service.go @@ -230,8 +230,8 @@ func (s *credentialService) Update(ctx context.Context, providerID, credentialID // Fetch provider for validation and audit logging var provider models.DNSProvider - if err := s.db.WithContext(ctx).Where("id = ?", providerID).First(&provider).Error; err != nil { - return nil, err + if findErr := s.db.WithContext(ctx).Where("id = ?", providerID).First(&provider).Error; findErr != nil { + return nil, findErr } // Track changed fields for audit log @@ -389,8 +389,8 @@ func (s *credentialService) Test(ctx context.Context, providerID, credentialID u } var provider models.DNSProvider - if err := s.db.WithContext(ctx).Where("id = ?", providerID).First(&provider).Error; err != nil { - return nil, err + if findErr := s.db.WithContext(ctx).Where("id = ?", providerID).First(&provider).Error; findErr != nil { + return nil, findErr } // Decrypt credentials diff --git a/backend/internal/services/crowdsec_startup.go b/backend/internal/services/crowdsec_startup.go index 477caab3..2f00fe93 100644 --- a/backend/internal/services/crowdsec_startup.go +++ b/backend/internal/services/crowdsec_startup.go @@ -90,7 +90,7 @@ func ReconcileCrowdSecOnStartup(db *gorm.DB, executor CrowdsecProcessManager, bi // Check if user has already enabled CrowdSec via Settings table (from toggle or legacy config) var settingOverride struct{ Value string } crowdSecEnabledInSettings := false - if err := db.Raw("SELECT value FROM settings WHERE key = ? LIMIT 1", "security.crowdsec.enabled").Scan(&settingOverride).Error; err == nil && settingOverride.Value != "" { + if rawErr := db.Raw("SELECT value FROM settings WHERE key = ? LIMIT 1", "security.crowdsec.enabled").Scan(&settingOverride).Error; rawErr == nil && settingOverride.Value != "" { crowdSecEnabledInSettings = strings.EqualFold(settingOverride.Value, "true") logger.Log().WithFields(map[string]any{ "setting_value": settingOverride.Value, @@ -117,8 +117,8 @@ func ReconcileCrowdSecOnStartup(db *gorm.DB, executor CrowdsecProcessManager, bi RateLimitWindowSec: 60, } - if err := db.Create(&defaultCfg).Error; err != nil { - logger.Log().WithError(err).Error("CrowdSec reconciliation: failed to create default SecurityConfig") + if createErr := db.Create(&defaultCfg).Error; createErr != nil { + logger.Log().WithError(createErr).Error("CrowdSec reconciliation: failed to create default SecurityConfig") return } diff --git a/backend/internal/services/docker_service.go b/backend/internal/services/docker_service.go index b84c247a..dd25f6b9 100644 --- a/backend/internal/services/docker_service.go +++ b/backend/internal/services/docker_service.go @@ -92,8 +92,8 @@ func (s *DockerService) ListContainers(ctx context.Context, host string) ([]Dock return nil, fmt.Errorf("failed to create remote client: %w", err) } defer func() { - if err := cli.Close(); err != nil { - logger.Log().WithError(err).Warn("failed to close docker client") + if closeErr := cli.Close(); closeErr != nil { + logger.Log().WithError(closeErr).Warn("failed to close docker client") } }() } diff --git a/backend/internal/services/mail_service.go b/backend/internal/services/mail_service.go index eb07c0b0..d717c9bc 100644 --- a/backend/internal/services/mail_service.go +++ b/backend/internal/services/mail_service.go @@ -441,8 +441,8 @@ func (s *MailService) sendSSL(addr string, config *SMTPConfig, auth smtp.Auth, f return fmt.Errorf("SSL connection failed: %w", err) } defer func() { - if err := conn.Close(); err != nil { - logger.Log().WithError(err).Warn("failed to close tls conn") + if closeErr := conn.Close(); closeErr != nil { + logger.Log().WithError(closeErr).Warn("failed to close tls conn") } }() @@ -451,23 +451,23 @@ func (s *MailService) sendSSL(addr string, config *SMTPConfig, auth smtp.Auth, f return fmt.Errorf("failed to create SMTP client: %w", err) } defer func() { - if err := client.Close(); err != nil { - logger.Log().WithError(err).Warn("failed to close smtp client") + if closeErr := client.Close(); closeErr != nil { + logger.Log().WithError(closeErr).Warn("failed to close smtp client") } }() if auth != nil { - if err := client.Auth(auth); err != nil { - return fmt.Errorf("authentication failed: %w", err) + if authErr := client.Auth(auth); authErr != nil { + return fmt.Errorf("authentication failed: %w", authErr) } } - if err := client.Mail(fromEnvelope); err != nil { - return fmt.Errorf("MAIL FROM failed: %w", err) + if mailErr := client.Mail(fromEnvelope); mailErr != nil { + return fmt.Errorf("MAIL FROM failed: %w", mailErr) } - if err := client.Rcpt(toEnvelope); err != nil { - return fmt.Errorf("RCPT TO failed: %w", err) + if rcptErr := client.Rcpt(toEnvelope); rcptErr != nil { + return fmt.Errorf("RCPT TO failed: %w", rcptErr) } w, err := client.Data() @@ -477,8 +477,8 @@ func (s *MailService) sendSSL(addr string, config *SMTPConfig, auth smtp.Auth, f // Security Note: msg built by buildEmail() with header/body sanitization // See buildEmail() for injection protection details - if _, err := w.Write(msg); err != nil { - return fmt.Errorf("failed to write message: %w", err) + if _, writeErr := w.Write(msg); writeErr != nil { + return fmt.Errorf("failed to write message: %w", writeErr) } if err := w.Close(); err != nil { @@ -495,8 +495,8 @@ func (s *MailService) sendSTARTTLS(addr string, config *SMTPConfig, auth smtp.Au return fmt.Errorf("SMTP connection failed: %w", err) } defer func() { - if err := client.Close(); err != nil { - logger.Log().WithError(err).Warn("failed to close smtp client") + if closeErr := client.Close(); closeErr != nil { + logger.Log().WithError(closeErr).Warn("failed to close smtp client") } }() @@ -505,22 +505,22 @@ func (s *MailService) sendSTARTTLS(addr string, config *SMTPConfig, auth smtp.Au MinVersion: tls.VersionTLS12, } - if err := client.StartTLS(tlsConfig); err != nil { - return fmt.Errorf("STARTTLS failed: %w", err) + if startTLSErr := client.StartTLS(tlsConfig); startTLSErr != nil { + return fmt.Errorf("STARTTLS failed: %w", startTLSErr) } if auth != nil { - if err := client.Auth(auth); err != nil { - return fmt.Errorf("authentication failed: %w", err) + if authErr := client.Auth(auth); authErr != nil { + return fmt.Errorf("authentication failed: %w", authErr) } } - if err := client.Mail(fromEnvelope); err != nil { - return fmt.Errorf("MAIL FROM failed: %w", err) + if mailErr := client.Mail(fromEnvelope); mailErr != nil { + return fmt.Errorf("MAIL FROM failed: %w", mailErr) } - if err := client.Rcpt(toEnvelope); err != nil { - return fmt.Errorf("RCPT TO failed: %w", err) + if rcptErr := client.Rcpt(toEnvelope); rcptErr != nil { + return fmt.Errorf("RCPT TO failed: %w", rcptErr) } w, err := client.Data() diff --git a/backend/internal/services/notification_service.go b/backend/internal/services/notification_service.go index d5ee5191..99b5a3bf 100644 --- a/backend/internal/services/notification_service.go +++ b/backend/internal/services/notification_service.go @@ -235,9 +235,9 @@ func (s *NotificationService) sendJSONPayload(ctx context.Context, p models.Noti }() select { - case err := <-execDone: - if err != nil { - return fmt.Errorf("failed to execute webhook template: %w", err) + case execErr := <-execDone: + if execErr != nil { + return fmt.Errorf("failed to execute webhook template: %w", execErr) } case <-time.After(5 * time.Second): return fmt.Errorf("template execution timeout after 5 seconds") @@ -245,8 +245,8 @@ func (s *NotificationService) sendJSONPayload(ctx context.Context, p models.Noti // Service-specific JSON validation var jsonPayload map[string]any - if err := json.Unmarshal(body.Bytes(), &jsonPayload); err != nil { - return fmt.Errorf("invalid JSON payload: %w", err) + if unmarshalErr := json.Unmarshal(body.Bytes(), &jsonPayload); unmarshalErr != nil { + return fmt.Errorf("invalid JSON payload: %w", unmarshalErr) } // Validate service-specific requirements diff --git a/backend/internal/services/plugin_loader_test.go b/backend/internal/services/plugin_loader_test.go index 91198dca..164a5fbf 100644 --- a/backend/internal/services/plugin_loader_test.go +++ b/backend/internal/services/plugin_loader_test.go @@ -700,8 +700,8 @@ func TestSignatureWorkflowEndToEnd(t *testing.T) { } // Step 4: Modify the plugin file (simulating tampering) - if err := os.WriteFile(pluginFile, []byte("TAMPERED CONTENT"), 0o600); err != nil { // #nosec G306 -- test fixture - t.Fatalf("failed to tamper plugin: %v", err) + if writeErr := os.WriteFile(pluginFile, []byte("TAMPERED CONTENT"), 0o600); writeErr != nil { // #nosec G306 -- test fixture + t.Fatalf("failed to tamper plugin: %v", writeErr) } // Step 5: Try to load again - should fail signature check now diff --git a/backend/internal/services/security_headers_service.go b/backend/internal/services/security_headers_service.go index 94aaca25..d00b4c96 100644 --- a/backend/internal/services/security_headers_service.go +++ b/backend/internal/services/security_headers_service.go @@ -118,16 +118,16 @@ func (s *SecurityHeadersService) EnsurePresetsExist() error { switch { case err == gorm.ErrRecordNotFound: // Create preset with a fresh UUID for the ID field - if err := s.db.Create(&preset).Error; err != nil { - return fmt.Errorf("failed to create preset %s: %w", preset.Name, err) + if createErr := s.db.Create(&preset).Error; createErr != nil { + return fmt.Errorf("failed to create preset %s: %w", preset.Name, createErr) } case err != nil: return fmt.Errorf("failed to check preset %s: %w", preset.Name, err) default: // Update existing preset to ensure it has latest values preset.ID = existing.ID // Keep the existing ID - if err := s.db.Save(&preset).Error; err != nil { - return fmt.Errorf("failed to update preset %s: %w", preset.Name, err) + if saveErr := s.db.Save(&preset).Error; saveErr != nil { + return fmt.Errorf("failed to update preset %s: %w", preset.Name, saveErr) } } } diff --git a/backend/internal/services/security_service.go b/backend/internal/services/security_service.go index 1f0bd826..2ba9e153 100644 --- a/backend/internal/services/security_service.go +++ b/backend/internal/services/security_service.go @@ -175,8 +175,8 @@ func (s *SecurityService) GenerateBreakGlassToken(name string) (string, error) { if err := s.db.Where("name = ?", name).First(&cfg).Error; err != nil { if errors.Is(err, gorm.ErrRecordNotFound) { cfg = models.SecurityConfig{Name: name, BreakGlassHash: string(hash)} - if err := s.db.Create(&cfg).Error; err != nil { - return "", err + if createErr := s.db.Create(&cfg).Error; createErr != nil { + return "", createErr } return token, nil } diff --git a/backend/internal/services/uptime_service.go b/backend/internal/services/uptime_service.go index f74c605b..ec2ba371 100644 --- a/backend/internal/services/uptime_service.go +++ b/backend/internal/services/uptime_service.go @@ -491,8 +491,8 @@ func (s *UptimeService) checkHost(ctx context.Context, host *models.UptimeHost) dialer := net.Dialer{Timeout: s.config.TCPTimeout} conn, err := dialer.DialContext(ctx, "tcp", addr) if err == nil { - if err := conn.Close(); err != nil { - logger.Log().WithError(err).Warn("failed to close tcp connection") + if closeErr := conn.Close(); closeErr != nil { + logger.Log().WithError(closeErr).Warn("failed to close tcp connection") } success = true msg = fmt.Sprintf("TCP connection to %s successful (retry %d)", addr, retry) @@ -723,8 +723,8 @@ func (s *UptimeService) checkMonitor(monitor models.UptimeMonitor) { resp, err := client.Do(req) if err == nil { defer func() { - if err := resp.Body.Close(); err != nil { - logger.Log().WithError(err).Warn("failed to close uptime service response body") + if closeErr := resp.Body.Close(); closeErr != nil { + logger.Log().WithError(closeErr).Warn("failed to close uptime service response body") } }() // Accept 2xx, 3xx, and 401/403 (Unauthorized/Forbidden often means the service is up but protected) @@ -740,8 +740,8 @@ func (s *UptimeService) checkMonitor(monitor models.UptimeMonitor) { case "tcp": conn, err := net.DialTimeout("tcp", monitor.URL, 10*time.Second) if err == nil { - if err := conn.Close(); err != nil { - logger.Log().WithError(err).Warn("failed to close tcp connection") + if closeErr := conn.Close(); closeErr != nil { + logger.Log().WithError(closeErr).Warn("failed to close tcp connection") } success = true msg = "Connection successful" diff --git a/backend/internal/services/uptime_service_test.go b/backend/internal/services/uptime_service_test.go index 663413e5..2630b750 100644 --- a/backend/internal/services/uptime_service_test.go +++ b/backend/internal/services/uptime_service_test.go @@ -88,8 +88,8 @@ func TestUptimeService_CheckAll(t *testing.T) { // Wait for HTTP server to be ready by making a test request for i := 0; i < 10; i++ { - conn, err := net.DialTimeout("tcp", addr.String(), 100*time.Millisecond) - if err == nil { + conn, dialErr := net.DialTimeout("tcp", addr.String(), 100*time.Millisecond) + if dialErr == nil { _ = conn.Close() break }