chore: add golangci-lint config and fix all lint issues

Enable 15 additional linters (gosec, errorlint, gocritic, modernize, misspell, bodyclose, sqlclosecheck, nilerr, unconvert, durationcheck, sloglint, wastedassign, usestdlibvars) with sensible exclusion rules. Fix all findings: errors.Is for error comparisons, run() pattern in main to avoid exitAfterDefer, ReadHeaderTimeout for Slowloris protection, bounds check in escape sequence reader, WaitGroup.Go, slices.Contains, range-over-int loops, and http.MethodGet constants. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-14 21:43:49 +01:00
parent 0ad6f4cb6a
commit d4380c0aea
10 changed files with 134 additions and 62 deletions
--- a/internal/auth/auth_test.go
+++ b/internal/auth/auth_test.go
@@ -36,7 +36,7 @@ func TestStaticCredentialsWrongPassword(t *testing.T) {

 func TestRejectionBeforeThreshold(t *testing.T) {
 	a := newTestAuth(3, time.Hour)
-	for i := 0; i < 2; i++ {
+	for i := range 2 {
 		d := a.Authenticate("1.2.3.4", "user", "pass")
 		if d.Accepted {
 			t.Fatalf("attempt %d should be rejected", i+1)
@@ -49,7 +49,7 @@ func TestRejectionBeforeThreshold(t *testing.T) {

 func TestThresholdAcceptance(t *testing.T) {
 	a := newTestAuth(3, time.Hour)
-	for i := 0; i < 2; i++ {
+	for i := range 2 {
 		d := a.Authenticate("1.2.3.4", "user", "pass")
 		if d.Accepted {
 			t.Fatalf("attempt %d should be rejected", i+1)
@@ -65,7 +65,7 @@ func TestPerIPIsolation(t *testing.T) {
 	a := newTestAuth(3, time.Hour)

 	// IP1 gets 2 failures.
-	for i := 0; i < 2; i++ {
+	for range 2 {
 		a.Authenticate("1.1.1.1", "user", "pass")
 	}

@@ -157,12 +157,10 @@ func TestConcurrentAccess(t *testing.T) {
 	a := newTestAuth(5, time.Hour)
 	var wg sync.WaitGroup

-	for i := 0; i < 100; i++ {
-		wg.Add(1)
-		go func() {
-			defer wg.Done()
+	for range 100 {
+		wg.Go(func() {
 			a.Authenticate("1.2.3.4", "user", "pass")
-		}()
+		})
 	}
 	wg.Wait()
 }