CI: Apply Go linter recommendations to "internal/config" packages photoprism#5330

Signed-off-by: Michael Mayer <[email protected]>

Author: lastzero

internal/config/cli_context.go

@@ -35,7 +35,7 @@ func ApplyCliContext(c interface{}, ctx *cli.Context) error {
 				if s == "" {
 					// Omit.
 				} else if sec := txt.UInt(s); sec > 0 {
-					fieldValue.Set(reflect.ValueOf(time.Duration(sec) * time.Second))
+					fieldValue.Set(reflect.ValueOf(time.Duration(sec) * time.Second)) //nolint:gosec // txt.UInt is bounded; duration uses int64 on supported platforms
 				} else if d, err := time.ParseDuration(s); err == nil {
 					fieldValue.Set(reflect.ValueOf(d))
 				}

internal/config/cli_context_test.go

@@ -0,0 +1,45 @@
+package config
+
+import (
+	"flag"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/urfave/cli/v2"
+)
+
+type durationTarget struct {
+	Interval time.Duration `flag:"interval"`
+}
+
+func TestApplyCliContext_Duration(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    string
+		expected time.Duration
+	}{
+		{name: "WithUnits", input: "1h30m", expected: 90 * time.Minute},
+		{name: "NumericSeconds", input: "30", expected: 30 * time.Second},
+		{name: "Invalid", input: "not-a-duration", expected: 0},
+	}
+
+	for _, tc := range tests {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			flags := flag.NewFlagSet("test", flag.ContinueOnError)
+			flags.String("interval", "", "doc")
+			app := cli.NewApp()
+			ctx := cli.NewContext(app, flags, nil)
+			_ = ctx.Set("interval", tc.input)
+
+			target := &durationTarget{}
+			err := ApplyCliContext(target, ctx)
+
+			assert.NoError(t, err)
+			assert.Equal(t, tc.expected, target.Interval)
+		})
+	}
+}

internal/config/cli_flag.go

@@ -99,15 +99,16 @@ func (f CliFlag) CommandFlag() string {
 
 // Usage returns the command flag usage.
 func (f CliFlag) Usage() string {
-	if list.Contains(f.Tags, EnvSponsor) {
+	switch {
+	case list.Contains(f.Tags, EnvSponsor):
 		return f.Flag.GetUsage() + " *members only*"
-	} else if list.Contains(f.Tags, Pro) {
+	case list.Contains(f.Tags, Pro):
 		return f.Flag.GetUsage() + " *pro*"
-	} else if list.Contains(f.Tags, Plus) {
+	case list.Contains(f.Tags, Plus):
 		return f.Flag.GetUsage() + " *plus*"
-	} else if list.Contains(f.Tags, Essentials) {
+	case list.Contains(f.Tags, Essentials):
 		return f.Flag.GetUsage() + " *essentials*"
-	} else {
+	default:
 		return f.Flag.GetUsage()
 	}
 }

internal/config/client_assets.go

@@ -38,7 +38,7 @@ func NewClientAssets(buildPath, baseUri string) *ClientAssets {
 
 // Load loads the frontend assets from a webpack manifest file.
 func (a *ClientAssets) Load(fileName string) error {
-	jsonFile, err := os.ReadFile(filepath.Join(a.BuildPath, fileName))
+	jsonFile, err := os.ReadFile(filepath.Join(a.BuildPath, fileName)) //nolint:gosec // path derived from configured assets directory
 
 	if err != nil {
 		return err
@@ -97,7 +97,7 @@ func (a *ClientAssets) SplashCssFile() string {
 
 // SplashCssFileContents returns the splash screen CSS file contents for embedding in HTML.
 func (a *ClientAssets) SplashCssFileContents() template.CSS {
-	return template.CSS(a.readFile(a.SplashCssFile()))
+	return template.CSS(a.readFile(a.SplashCssFile())) //nolint:gosec // assets are loaded from trusted local build output
 }
 
 // SplashJsUri returns the splash screen JS URI.
@@ -121,14 +121,14 @@ func (a *ClientAssets) SplashJsFileContents() template.JS {
 	if a.SplashJs == "" {
 		return ""
 	}
-	return template.JS(a.readFile(a.SplashJs))
+	return template.JS(a.readFile(a.SplashJs)) //nolint:gosec // assets are loaded from trusted local build output
 }
 
 // readFile reads the file contents and returns them as string.
 func (a *ClientAssets) readFile(fileName string) string {
 	if fileName == "" {
 		return ""
-	} else if css, err := os.ReadFile(filepath.Join(a.BuildPath, fileName)); err != nil {
+	} else if css, err := os.ReadFile(filepath.Join(a.BuildPath, fileName)); err != nil { //nolint:gosec // path derived from configured assets directory
 		return ""
 	} else {
 		return string(bytes.TrimSpace(css))

internal/config/client_config.go

@@ -622,7 +622,7 @@ func (c *Config) ClientUser(withSettings bool) *ClientConfig {
 
 	// Exclude pictures in review from total count.
 	if c.Settings().Features.Review {
-		cfg.Count.All = cfg.Count.All - cfg.Count.Review
+		cfg.Count.All -= cfg.Count.Review
 	}
 
 	c.Db().
@@ -742,15 +742,16 @@ func (c *Config) ClientRole(role acl.Role) *ClientConfig {
 
 // ClientSession provides the client config values for the specified session.
 func (c *Config) ClientSession(sess *entity.Session) (cfg *ClientConfig) {
-	if sess.NoUser() && sess.IsClient() {
+	switch {
+	case sess.NoUser() && sess.IsClient():
 		cfg = c.ClientUser(false).ApplyACL(acl.Rules, sess.GetClientRole())
 		cfg.Settings = c.SessionSettings(sess)
-	} else if sess.GetUser().IsVisitor() {
+	case sess.GetUser().IsVisitor():
 		cfg = c.ClientShare()
-	} else if sess.GetUser().IsRegistered() {
+	case sess.GetUser().IsRegistered():
 		cfg = c.ClientUser(false).ApplyACL(acl.Rules, sess.GetUserRole())
 		cfg.Settings = c.SessionSettings(sess)
-	} else {
+	default:
 		cfg = c.ClientPublic()
 	}
 

internal/config/config.go

@@ -40,8 +40,8 @@ import (
 
 	"github.com/dustin/go-humanize"
 	"github.com/jinzhu/gorm"
-	_ "github.com/jinzhu/gorm/dialects/mysql"
-	_ "github.com/jinzhu/gorm/dialects/sqlite"
+	_ "github.com/jinzhu/gorm/dialects/mysql"  // register mysql dialect
+	_ "github.com/jinzhu/gorm/dialects/sqlite" // register sqlite dialect
 	"github.com/klauspost/cpuid/v2"
 	gc "github.com/patrickmn/go-cache"
 	"github.com/pbnjay/memory"
@@ -69,7 +69,6 @@ import (
 
 // Config aggregates CLI flags, options.yml overrides, runtime settings, and shared resources (database, caches) for the running instance.
 type Config struct {
-	once      sync.Once
 	cliCtx    *cli.Context
 	options   *Options
 	settings  *customize.Settings
@@ -135,13 +134,14 @@ func initLogger() {
 			FullTimestamp: true,
 		})
 
-		if Env(EnvProd) {
+		switch {
+		case Env(EnvProd):
 			SetLogLevel(logrus.WarnLevel)
-		} else if Env(EnvTrace) {
+		case Env(EnvTrace):
 			SetLogLevel(logrus.TraceLevel)
-		} else if Env(EnvDebug) {
+		case Env(EnvDebug):
 			SetLogLevel(logrus.DebugLevel)
-		} else {
+		default:
 			SetLogLevel(logrus.InfoLevel)
 		}
 	})
@@ -239,7 +239,7 @@ func (c *Config) Init() error {
 	// Configure HTTPS proxy for outgoing connections.
 	if httpsProxy := c.HttpsProxy(); httpsProxy != "" {
 		http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{
-			InsecureSkipVerify: c.HttpsProxyInsecure(),
+			InsecureSkipVerify: c.HttpsProxyInsecure(), //nolint:gosec // proxy settings are user-configurable and opt-in
 		}
 
 		_ = os.Setenv("HTTPS_PROXY", httpsProxy)
@@ -454,15 +454,15 @@ func (c *Config) readSerial() string {
 	backupName := c.BackupPath(serialName)
 
 	if fs.FileExists(storageName) {
-		if data, err := os.ReadFile(storageName); err == nil && len(data) == 16 {
+		if data, err := os.ReadFile(storageName); err == nil && len(data) == 16 { //nolint:gosec // path is computed from config storage
 			return string(data)
 		} else {
 			log.Tracef("config: could not read %s (%s)", clean.Log(storageName), err)
 		}
 	}
 
 	if fs.FileExists(backupName) {
-		if data, err := os.ReadFile(backupName); err == nil && len(data) == 16 {
+		if data, err := os.ReadFile(backupName); err == nil && len(data) == 16 { //nolint:gosec // backup file path is generated internally
 			return string(data)
 		} else {
 			log.Tracef("config: could not read %s (%s)", clean.Log(backupName), err)
@@ -729,7 +729,7 @@ func (c *Config) WakeupInterval() time.Duration {
 	if c.options.WakeupInterval < MinWakeupInterval/time.Second {
 		return MinWakeupInterval
 	} else if c.options.WakeupInterval < MinWakeupInterval {
-		c.options.WakeupInterval = c.options.WakeupInterval * time.Second
+		c.options.WakeupInterval *= time.Second
 	}
 
 	// Do not run less than once per day.
@@ -786,11 +786,12 @@ func (c *Config) ResolutionLimit() int {
 
 	// Disabling or increasing the limit is at your own risk.
 	// Only sponsors receive support in case of problems.
-	if result == 0 {
+	switch {
+	case result == 0:
 		return DefaultResolutionLimit
-	} else if result < 0 {
+	case result < 0:
 		return -1
-	} else if result > 900 {
+	case result > 900:
 		result = 900
 	}
 
@@ -857,7 +858,7 @@ func (c *Config) initHub() {
 	c.hubCancel = cancel
 	c.hubLock.Unlock()
 
-	d := 23*time.Hour + time.Duration(float64(2*time.Hour)*rand.Float64())
+	d := 23*time.Hour + time.Duration(float64(2*time.Hour)*rand.Float64()) //nolint:gosec // jitter for scheduling only, crypto not required
 	ticker := time.NewTicker(d)
 
 	go func() {

internal/config/config_auth.go

@@ -14,7 +14,9 @@ import (
 )
 
 const (
+	// AuthModePublic disables authentication and runs the app in public mode.
 	AuthModePublic = "public"
+	// AuthModePasswd enables password-based authentication (default).
 	AuthModePasswd = "password"
 )
 
@@ -92,7 +94,7 @@ func (c *Config) AdminPassword() string {
 	} else if fileName := FlagFilePath("ADMIN_PASSWORD"); fileName == "" {
 		// No password set, this is not an error.
 		return ""
-	} else if b, err := os.ReadFile(fileName); err != nil || len(b) == 0 {
+	} else if b, err := os.ReadFile(fileName); err != nil || len(b) == 0 { //nolint:gosec // path is derived from config directory
 		log.Warnf("config: failed to read admin password from %s (%s)", fileName, err)
 		return ""
 	} else {
@@ -111,11 +113,12 @@ func (c *Config) AdminScope() string {
 
 // PasswordLength returns the minimum password length in characters.
 func (c *Config) PasswordLength() int {
-	if c.Public() {
+	switch {
+	case c.Public():
 		return 0
-	} else if c.options.PasswordLength < 1 {
+	case c.options.PasswordLength < 1:
 		return entity.PasswordLengthDefault
-	} else if c.options.PasswordLength > txt.ClipPassword {
+	case c.options.PasswordLength > txt.ClipPassword:
 		return txt.ClipPassword
 	}
 
@@ -194,11 +197,12 @@ func (c *Config) SessionTimeout() int64 {
 
 // SessionCache returns the default session cache duration in seconds.
 func (c *Config) SessionCache() int64 {
-	if c.options.SessionCache == 0 {
+	switch {
+	case c.options.SessionCache == 0:
 		return DefaultSessionCache
-	} else if c.options.SessionCache < 60 {
+	case c.options.SessionCache < 60:
 		return 60
-	} else if c.options.SessionCache > 3600 {
+	case c.options.SessionCache > 3600:
 		return 3600
 	}
 

internal/config/config_backup.go

@@ -8,8 +8,10 @@ import (
 )
 
 const (
+	// DefaultBackupSchedule defines the default cron schedule for backups.
 	DefaultBackupSchedule = "daily"
-	DefaultBackupRetain   = 3
+	// DefaultBackupRetain sets how many backup sets are kept by default.
+	DefaultBackupRetain = 3
 )
 
 // DisableBackups checks if database and album backups as well as YAML sidecar files should not be created.

internal/config/config_cache.go

@@ -6,10 +6,13 @@ import (
 	gc "github.com/patrickmn/go-cache"
 )
 
+// Cache stores shared config values for quick reuse across requests.
 var Cache = gc.New(time.Hour, 15*time.Minute)
 
 const (
-	CacheKeyAppManifest  = "app-manifest"
+	// CacheKeyAppManifest is the cache key for the PWA manifest.
+	CacheKeyAppManifest = "app-manifest"
+	// CacheKeyWallpaperUri is the cache key for the current wallpaper URI.
 	CacheKeyWallpaperUri = "wallpaper-uri"
 )
 

internal/config/config_cluster.go

@@ -22,7 +22,11 @@ import (
 
 // DefaultPortalUrl specifies the default portal URL with variable cluster domain.
 var DefaultPortalUrl = "https://portal.${PHOTOPRISM_CLUSTER_DOMAIN}"
+
+// DefaultNodeRole is the default node role assigned when none is configured.
 var DefaultNodeRole = cluster.RoleApp
+
+// DefaultJWTAllowedScopes lists default OAuth scopes for cluster-issued JWTs.
 var DefaultJWTAllowedScopes = "config cluster vision metrics"
 
 // ClusterDomain returns the cluster DOMAIN (lowercase DNS name; 1–63 chars).
@@ -146,7 +150,7 @@ func (c *Config) JoinToken() string {
 		}
 
 		if fs.FileExistsNotEmpty(fileName) {
-			if b, err := os.ReadFile(fileName); err != nil || len(b) == 0 {
+			if b, err := os.ReadFile(fileName); err != nil || len(b) == 0 { //nolint:gosec // path derived from config directory
 				log.Warnf("config: could not read cluster join token from %s (%s)", fileName, err)
 			} else if s := strings.TrimSpace(string(b)); rnd.IsJoinToken(s, false) {
 				if c.cache != nil {
@@ -355,7 +359,7 @@ func (c *Config) NodeClientSecret() string {
 		return ""
 	}
 
-	if b, err := os.ReadFile(fileName); err == nil && len(b) > 0 {
+	if b, err := os.ReadFile(fileName); err == nil && len(b) > 0 { //nolint:gosec // path derived from config directory
 		// Do not cache the value. Always read from the disk to ensure
 		// that updates from other processes are observed.
 		return string(b)
@@ -530,7 +534,7 @@ func (c *Config) SaveClusterUUID(uuid string) error {
 	var m Values
 
 	if fs.FileExists(fileName) {
-		if b, err := os.ReadFile(fileName); err == nil && len(b) > 0 {
+		if b, err := os.ReadFile(fileName); err == nil && len(b) > 0 { //nolint:gosec // path derived from config directory
 			_ = yaml.Unmarshal(b, &m)
 		}
 	}
@@ -573,7 +577,7 @@ func (c *Config) SaveNodeUUID(uuid string) error {
 
 	var m Values
 	if fs.FileExists(fileName) {
-		if b, err := os.ReadFile(fileName); err == nil && len(b) > 0 {
+		if b, err := os.ReadFile(fileName); err == nil && len(b) > 0 { //nolint:gosec // path derived from config directory
 			_ = yaml.Unmarshal(b, &m)
 		}
 	}