diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000000..f8192fc72b --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,48 @@ +name: ci + +on: + pull_request: + branches: [main] + +jobs: + tests: + name: Tests + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: "1.25.1" + - name: Run unit tests with coverage + run: go test -cover ./... + + # --- Security scan (intentionally fail first run) --- + - name: Install gosec + run: go install github.com/securego/gosec/v2/cmd/gosec@latest + + - name: Run gosec + run: gosec ./... + + style: + name: Style + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: "1.25.1" + + # Fail if any files need formatting + - name: Check formatting + run: test -z "$(go fmt ./...)" + + # Install and run staticcheck + - name: Install staticcheck + run: go install honnef.co/go/tools/cmd/staticcheck@latest + - name: Lint with staticcheck + run: staticcheck ./... + diff --git a/README.md b/README.md index c2bec0368b..dcb6586933 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,6 @@ +[![CI](https://github.com/bentu578/learn-cicd-starter/actions/workflows/ci.yml/badge.svg)](https://github.com/bentu578/learn-cicd-starter/actions/workflows/ci.yml) + + # learn-cicd-starter (Notely) This repo contains the starter code for the "Notely" application for the "Learn CICD" course on [Boot.dev](https://boot.dev). @@ -21,3 +24,6 @@ go build -o notely && ./notely *This starts the server in non-database mode.* It will serve a simple webpage at `http://localhost:8080`. You do *not* need to set up a database or any interactivity on the webpage yet. Instructions for that will come later in the course! + + +bentu578's version of Boot.dev's Notely app. \ No newline at end of file diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go new file mode 100644 index 0000000000..8fd86f3c52 --- /dev/null +++ b/internal/auth/auth_test.go @@ -0,0 +1,76 @@ +package auth + +import ( + "errors" + "net/http" + "testing" +) + +func TestGetAPIKey_TableDriven(t *testing.T) { + makeHdr := func(v string) http.Header { + h := http.Header{} + if v != "" { + h.Set("Authorization", v) + } + return h + } + + tests := []struct { + name string + header string + wantKey string + wantErr bool + wantNoHdr bool // specifically expect ErrNoAuthHeaderIncluded + }{ + { + name: "success", + header: "ApiKey abc123", + wantKey: "abc123", + }, + { + name: "missing header", + header: "", + wantErr: true, + wantNoHdr: true, + }, + { + name: "wrong scheme", + header: "Bearer abc123", + wantErr: true, + }, + { + name: "empty key allowed by implementation", + header: "ApiKey ", + wantKey: "", + }, + { + name: "key with spaces returns first token only", + header: "ApiKey too many parts", + wantKey: "too", + }, + } + + for _, tc := range tests { + tc := tc + t.Run(tc.name, func(t *testing.T) { + key, err := GetAPIKey(makeHdr(tc.header)) + + if tc.wantErr { + if err == nil { + t.Fatalf("expected error, got nil (key=%q)", key) + } + if tc.wantNoHdr && !errors.Is(err, ErrNoAuthHeaderIncluded) { + t.Fatalf("expected ErrNoAuthHeaderIncluded, got %v", err) + } + return + } + + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if key != tc.wantKey { + t.Fatalf("want key %q, got %q", tc.wantKey, key) + } + }) + } +} diff --git a/json.go b/json.go index 1e6e7985e1..ee92a78a23 100644 --- a/json.go +++ b/json.go @@ -29,6 +29,11 @@ func respondWithJSON(w http.ResponseWriter, code int, payload interface{}) { w.WriteHeader(500) return } + w.WriteHeader(code) - w.Write(dat) + if _, err := w.Write(dat); err != nil { + // just log a warning — no need to panic + log.Printf("warning: failed to write response: %v", err) + } + } diff --git a/main.go b/main.go index 19d7366c5f..92c8f1540b 100644 --- a/main.go +++ b/main.go @@ -7,6 +7,7 @@ import ( "log" "net/http" "os" + "time" "github.com/go-chi/chi" "github.com/go-chi/cors" @@ -74,6 +75,7 @@ func main() { if _, err := io.Copy(w, f); err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) } + }) v1Router := chi.NewRouter() @@ -89,8 +91,12 @@ func main() { router.Mount("/v1", v1Router) srv := &http.Server{ - Addr: ":" + port, - Handler: router, + Addr: ":" + port, + Handler: router, + ReadHeaderTimeout: 5 * time.Second, + ReadTimeout: 10 * time.Second, + WriteTimeout: 15 * time.Second, + IdleTimeout: 60 * time.Second, } log.Printf("Serving on port: %s\n", port)