From 55a72604cf9e098c0007afef16957c0b21a1fdc4 Mon Sep 17 00:00:00 2001 From: manonmission88 Date: Wed, 6 Aug 2025 23:43:24 -0400 Subject: [PATCH 01/17] updated readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index c2bec0368b..f6492aa8e3 100644 --- a/README.md +++ b/README.md @@ -21,3 +21,5 @@ go build -o notely && ./notely *This starts the server in non-database mode.* It will serve a simple webpage at `http://localhost:8080`. You do *not* need to set up a database or any interactivity on the webpage yet. Instructions for that will come later in the course! + +ManishNiure's version of Boot.dev's Notely app. \ No newline at end of file From 78504de7bdec8a4522d973532e84fefae619b84f Mon Sep 17 00:00:00 2001 From: manonmission88 Date: Tue, 12 Aug 2025 23:41:59 -0400 Subject: [PATCH 02/17] added ci --- .github/workflows/ci.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000000..f48b49e05b --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,22 @@ +name: ci + +on: + pull_request: + branches: [main] + +jobs: + tests: + name: Tests + runs-on: ubuntu-latest + + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: "1.23.0" + + - name: Force Failure + run: (exit 1) \ No newline at end of file From 56d9e0d3809bda3f01b250318676e97b4eb9b0cd Mon Sep 17 00:00:00 2001 From: manonmission88 Date: Tue, 12 Aug 2025 23:45:59 -0400 Subject: [PATCH 03/17] updated ci --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f48b49e05b..c5c6ab5034 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,4 +19,4 @@ jobs: go-version: "1.23.0" - name: Force Failure - run: (exit 1) \ No newline at end of file + run: go version \ No newline at end of file From 4864061143448225e9990d12961a9d57f0ffb613 Mon Sep 17 00:00:00 2001 From: manonmission88 Date: Wed, 13 Aug 2025 00:03:54 -0400 Subject: [PATCH 04/17] added test cases --- internal/auth/getapikey_test.go | 118 ++++++++++++++++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 internal/auth/getapikey_test.go diff --git a/internal/auth/getapikey_test.go b/internal/auth/getapikey_test.go new file mode 100644 index 0000000000..95e0619f86 --- /dev/null +++ b/internal/auth/getapikey_test.go @@ -0,0 +1,118 @@ +package auth + +import ( + "net/http" + "testing" +) + +func TestGetApiKey(t *testing.T) { + tests := []struct { + name string + headers http.Header + expectedKey string + expectedError error + shouldHaveError bool + }{ + { + name: "Valid API key", + headers: http.Header{ + "Authorization": []string{"ApiKey my-secret-api-key"}, + }, + expectedKey: "my-secret-api-key", + expectedError: nil, + shouldHaveError: false, + }, + { + name: "No authorization header", + headers: http.Header{}, + expectedKey: "", + expectedError: ErrNoAuthHeaderIncluded, + shouldHaveError: true, + }, + { + name: "Empty authorization header", + headers: http.Header{ + "Authorization": []string{""}, + }, + expectedKey: "", + expectedError: ErrNoAuthHeaderIncluded, + shouldHaveError: true, + }, + { + name: "Malformed header - only ApiKey", + headers: http.Header{ + "Authorization": []string{"ApiKey"}, + }, + expectedKey: "", + expectedError: nil, // We'll check error message instead + shouldHaveError: true, + }, + { + name: "Malformed header - wrong prefix", + headers: http.Header{ + "Authorization": []string{"Bearer my-token"}, + }, + expectedKey: "", + expectedError: nil, // We'll check error message instead + shouldHaveError: true, + }, + { + name: "Malformed header - no space", + headers: http.Header{ + "Authorization": []string{"ApiKeymy-secret-key"}, + }, + expectedKey: "", + expectedError: nil, // We'll check error message instead + shouldHaveError: true, + }, + { + name: "API key with extra spaces - returns empty string", + headers: http.Header{ + "Authorization": []string{"ApiKey my-secret-api-key"}, + }, + expectedKey: "", // Split results in empty string at index 1 + expectedError: nil, + shouldHaveError: false, // No error is actually thrown + }, + { + name: "API key with multiple parts", + headers: http.Header{ + "Authorization": []string{"ApiKey my-secret-api-key-with-dashes"}, + }, + expectedKey: "my-secret-api-key-with-dashes", + expectedError: nil, + shouldHaveError: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + key, err := GetAPIKey(tt.headers) + + if tt.shouldHaveError { + if err == nil { + t.Errorf("Expected an error but got none") + return + } + + // Check for specific error types + if tt.expectedError != nil && err != tt.expectedError { + t.Errorf("Expected error %v, got %v", tt.expectedError, err) + } + + // For malformed header errors, check the error message + if tt.expectedError == nil && err.Error() != "malformed authorization header" { + t.Errorf("Expected 'malformed authorization header' error, got %v", err) + } + } else { + if err != nil { + t.Errorf("Expected no error but got: %v", err) + } + } + + if key != tt.expectedKey { + t.Errorf("Expected key %q, got %q", tt.expectedKey, key) + } + }) + } +} From 33ff399062b826cce7d30c5d10993a2ecdf6893a Mon Sep 17 00:00:00 2001 From: manonmission88 Date: Wed, 13 Aug 2025 21:50:38 -0400 Subject: [PATCH 05/17] updated ci yaml --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c5c6ab5034..3e644c67ad 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,4 +19,4 @@ jobs: go-version: "1.23.0" - name: Force Failure - run: go version \ No newline at end of file + run: go test ./... \ No newline at end of file From e171b30039bb9c26fac5054a1f99c6c288a980ed Mon Sep 17 00:00:00 2001 From: manonmission88 Date: Wed, 13 Aug 2025 22:15:44 -0400 Subject: [PATCH 06/17] updated --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3e644c67ad..3296c269d8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,5 +18,5 @@ jobs: with: go-version: "1.23.0" - - name: Force Failure + - name: Run unit tests run: go test ./... \ No newline at end of file From 184eb9b65fdd86ddb81e2fe30ba6e005041b75f7 Mon Sep 17 00:00:00 2001 From: manonmission88 Date: Wed, 13 Aug 2025 22:27:56 -0400 Subject: [PATCH 07/17] added cover flag --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3296c269d8..7b8180136f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,4 +19,4 @@ jobs: go-version: "1.23.0" - name: Run unit tests - run: go test ./... \ No newline at end of file + run: go test -cover ./... \ No newline at end of file From 431c13e94bd3372dc27c2647f56daacbc944f58c Mon Sep 17 00:00:00 2001 From: manonmission88 Date: Wed, 13 Aug 2025 22:34:50 -0400 Subject: [PATCH 08/17] updated readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index f6492aa8e3..a5b476cd31 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +[![ci](https://github.com/manonmission88/CICD-Project/actions/workflows/ci.yml/badge.svg)](https://github.com/manonmission88/CICD-Project/actions/workflows/ci.yml) + # learn-cicd-starter (Notely) This repo contains the starter code for the "Notely" application for the "Learn CICD" course on [Boot.dev](https://boot.dev). From b2163a790a6d37895d8db2a5eb9d87bbfaacc1f4 Mon Sep 17 00:00:00 2001 From: manonmission88 Date: Fri, 15 Aug 2025 20:57:14 -0400 Subject: [PATCH 09/17] added style --- .github/workflows/ci.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7b8180136f..1ac320be37 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,4 +19,8 @@ jobs: go-version: "1.23.0" - name: Run unit tests - run: go test -cover ./... \ No newline at end of file + run: go test -cover ./... + style: + steps: + - name: Style + run: test -z $(go fmt ./...) \ No newline at end of file From 1675dc5915f0b068c33097bdae8fb978731a191b Mon Sep 17 00:00:00 2001 From: manonmission88 Date: Fri, 15 Aug 2025 21:05:01 -0400 Subject: [PATCH 10/17] added style --- .github/workflows/ci.yml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1ac320be37..e2f8a191c7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,8 +19,20 @@ jobs: go-version: "1.23.0" - name: Run unit tests - run: go test -cover ./... + run: go test -cover ./... + style: + name: Style + runs-on: ubuntu-latest + steps: - - name: Style + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: "1.23.0" + + - name: Check formatting run: test -z $(go fmt ./...) \ No newline at end of file From 3ec86bef06d5500b055c58e7d064c222d47cf200 Mon Sep 17 00:00:00 2001 From: manonmission88 Date: Wed, 20 Aug 2025 00:14:08 -0400 Subject: [PATCH 11/17] added static check lint --- .github/workflows/ci.yml | 10 +++++++++- main.go | 5 +++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e2f8a191c7..5671d9b272 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,6 +33,14 @@ jobs: uses: actions/setup-go@v5 with: go-version: "1.23.0" + + - name: Install staticcheck + run: go install honnef.co/go/tools/cmd/staticcheck@latest - name: Check formatting - run: test -z $(go fmt ./...) \ No newline at end of file + run: test -z $(go fmt ./...) + + - name: Check staticcheck + run: staticcheck ./... + + \ No newline at end of file diff --git a/main.go b/main.go index 19d7366c5f..e546112a05 100644 --- a/main.go +++ b/main.go @@ -96,3 +96,8 @@ func main() { log.Printf("Serving on port: %s\n", port) log.Fatal(srv.ListenAndServe()) } + +func unused() { + // this function does nothing + // and is called nowhere +} \ No newline at end of file From 2a96d3527815abbab8fe39336e2449c49c144ad0 Mon Sep 17 00:00:00 2001 From: manonmission88 Date: Wed, 20 Aug 2025 00:18:32 -0400 Subject: [PATCH 12/17] updated --- .github/workflows/ci.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5671d9b272..5538acecc0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -38,9 +38,7 @@ jobs: run: go install honnef.co/go/tools/cmd/staticcheck@latest - name: Check formatting - run: test -z $(go fmt ./...) - - - name: Check staticcheck - run: staticcheck ./... + run: test -z "$(go fmt ./...)" - \ No newline at end of file + - name: Run staticcheck + run: staticcheck ./... From be0ead73f1f95e84ccdd876f4cfd50883e5bcfc3 Mon Sep 17 00:00:00 2001 From: manonmission88 Date: Wed, 20 Aug 2025 00:22:47 -0400 Subject: [PATCH 13/17] updated ci --- .github/workflows/ci.yml | 3 ++- main.go | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5538acecc0..6434445b5a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -40,5 +40,6 @@ jobs: - name: Check formatting run: test -z "$(go fmt ./...)" - - name: Run staticcheck + - name: Run staticcheck + if: ${{ always() }} run: staticcheck ./... diff --git a/main.go b/main.go index e546112a05..a621713c2b 100644 --- a/main.go +++ b/main.go @@ -98,6 +98,6 @@ func main() { } func unused() { - // this function does nothing - // and is called nowhere -} \ No newline at end of file + // this function does nothing + // and is called nowhere +} From 259d080073481b95622dea4f7835c4c3f63ef0d5 Mon Sep 17 00:00:00 2001 From: manonmission88 Date: Wed, 20 Aug 2025 00:25:26 -0400 Subject: [PATCH 14/17] updated ci 1 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6434445b5a..afc5222061 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -40,6 +40,6 @@ jobs: - name: Check formatting run: test -z "$(go fmt ./...)" - - name: Run staticcheck + - name: Run staticcheck if: ${{ always() }} run: staticcheck ./... From 725957258c41cf5a57a54de767abfe96dbe0a5e0 Mon Sep 17 00:00:00 2001 From: manonmission88 Date: Wed, 20 Aug 2025 00:28:17 -0400 Subject: [PATCH 15/17] fixed lint --- main.go | 5 ----- 1 file changed, 5 deletions(-) diff --git a/main.go b/main.go index a621713c2b..19d7366c5f 100644 --- a/main.go +++ b/main.go @@ -96,8 +96,3 @@ func main() { log.Printf("Serving on port: %s\n", port) log.Fatal(srv.ListenAndServe()) } - -func unused() { - // this function does nothing - // and is called nowhere -} From 5c451b12cbf647f4693bce1fd4283255bcf5c218 Mon Sep 17 00:00:00 2001 From: manonmission88 Date: Wed, 20 Aug 2025 00:46:18 -0400 Subject: [PATCH 16/17] added gosec check --- .github/workflows/ci.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index afc5222061..2a6d1d7d47 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,6 +21,12 @@ jobs: - name: Run unit tests run: go test -cover ./... + - name: Install gosec + run: go install github.com/securego/gosec/v2/cmd/gosec@latest + + - name: Check Gosec + run: gosec ./... + style: name: Style runs-on: ubuntu-latest From ae359af5bbdcb9723a1f07778d995926fa47adec Mon Sep 17 00:00:00 2001 From: manonmission88 Date: Wed, 20 Aug 2025 01:02:51 -0400 Subject: [PATCH 17/17] fixed the security issues --- json.go | 4 +++- main.go | 6 ++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/json.go b/json.go index 1e6e7985e1..6e505b3849 100644 --- a/json.go +++ b/json.go @@ -30,5 +30,7 @@ func respondWithJSON(w http.ResponseWriter, code int, payload interface{}) { return } w.WriteHeader(code) - w.Write(dat) + if _, err := w.Write(dat); err != nil { + log.Printf("Error writing response: %v", err) + } } diff --git a/main.go b/main.go index 19d7366c5f..eccfd6aff8 100644 --- a/main.go +++ b/main.go @@ -7,6 +7,7 @@ import ( "log" "net/http" "os" + "time" "github.com/go-chi/chi" "github.com/go-chi/cors" @@ -89,8 +90,9 @@ func main() { router.Mount("/v1", v1Router) srv := &http.Server{ - Addr: ":" + port, - Handler: router, + Addr: ":" + port, + Handler: router, + ReadHeaderTimeout: 10 * time.Second, // Prevents Slowloris Attack } log.Printf("Serving on port: %s\n", port)