Updated CI

.github/workflows/ci.yml

@@ -0,0 +1,51 @@
+name: ci
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  tests:
+    name: Tests
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.23.0"
+
+      - name: Run unit tests
+        run: go test -cover ./...
+
+      - name: Install gosec
+        run: go install github.com/securego/gosec/v2/cmd/gosec@latest
+
+      - name: Check Gosec 
+        run: gosec ./... 
+
+  style:
+    name: Style
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.23.0"
+
+      - name: Install staticcheck
+        run: go install honnef.co/go/tools/cmd/staticcheck@latest
+
+      - name: Check formatting
+        run: test -z "$(go fmt ./...)"
+
+      - name: Run staticcheck
+        if: ${{ always() }}   
+        run: staticcheck ./...

README.md

@@ -1,3 +1,5 @@
+[![ci](https://github.com/manonmission88/CICD-Project/actions/workflows/ci.yml/badge.svg)](https://github.com/manonmission88/CICD-Project/actions/workflows/ci.yml)
+
 # learn-cicd-starter (Notely)
 
 This repo contains the starter code for the "Notely" application for the "Learn CICD" course on [Boot.dev](https://boot.dev).
@@ -21,3 +23,5 @@ go build -o notely && ./notely
 *This starts the server in non-database mode.* It will serve a simple webpage at `http://localhost:8080`.
 
 You do *not* need to set up a database or any interactivity on the webpage yet. Instructions for that will come later in the course!
+
+ManishNiure's version of Boot.dev's Notely app.

internal/auth/getapikey_test.go

@@ -0,0 +1,118 @@
+package auth
+
+import (
+	"net/http"
+	"testing"
+)
+
+func TestGetApiKey(t *testing.T) {
+	tests := []struct {
+		name            string
+		headers         http.Header
+		expectedKey     string
+		expectedError   error
+		shouldHaveError bool
+	}{
+		{
+			name: "Valid API key",
+			headers: http.Header{
+				"Authorization": []string{"ApiKey my-secret-api-key"},
+			},
+			expectedKey:     "my-secret-api-key",
+			expectedError:   nil,
+			shouldHaveError: false,
+		},
+		{
+			name:            "No authorization header",
+			headers:         http.Header{},
+			expectedKey:     "",
+			expectedError:   ErrNoAuthHeaderIncluded,
+			shouldHaveError: true,
+		},
+		{
+			name: "Empty authorization header",
+			headers: http.Header{
+				"Authorization": []string{""},
+			},
+			expectedKey:     "",
+			expectedError:   ErrNoAuthHeaderIncluded,
+			shouldHaveError: true,
+		},
+		{
+			name: "Malformed header - only ApiKey",
+			headers: http.Header{
+				"Authorization": []string{"ApiKey"},
+			},
+			expectedKey:     "",
+			expectedError:   nil, // We'll check error message instead
+			shouldHaveError: true,
+		},
+		{
+			name: "Malformed header - wrong prefix",
+			headers: http.Header{
+				"Authorization": []string{"Bearer my-token"},
+			},
+			expectedKey:     "",
+			expectedError:   nil, // We'll check error message instead
+			shouldHaveError: true,
+		},
+		{
+			name: "Malformed header - no space",
+			headers: http.Header{
+				"Authorization": []string{"ApiKeymy-secret-key"},
+			},
+			expectedKey:     "",
+			expectedError:   nil, // We'll check error message instead
+			shouldHaveError: true,
+		},
+		{
+			name: "API key with extra spaces - returns empty string",
+			headers: http.Header{
+				"Authorization": []string{"ApiKey  my-secret-api-key"},
+			},
+			expectedKey:     "", // Split results in empty string at index 1
+			expectedError:   nil,
+			shouldHaveError: false, // No error is actually thrown
+		},
+		{
+			name: "API key with multiple parts",
+			headers: http.Header{
+				"Authorization": []string{"ApiKey my-secret-api-key-with-dashes"},
+			},
+			expectedKey:     "my-secret-api-key-with-dashes",
+			expectedError:   nil,
+			shouldHaveError: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			key, err := GetAPIKey(tt.headers)
+
+			if tt.shouldHaveError {
+				if err == nil {
+					t.Errorf("Expected an error but got none")
+					return
+				}
+
+				// Check for specific error types
+				if tt.expectedError != nil && err != tt.expectedError {
+					t.Errorf("Expected error %v, got %v", tt.expectedError, err)
+				}
+
+				// For malformed header errors, check the error message
+				if tt.expectedError == nil && err.Error() != "malformed authorization header" {
+					t.Errorf("Expected 'malformed authorization header' error, got %v", err)
+				}
+			} else {
+				if err != nil {
+					t.Errorf("Expected no error but got: %v", err)
+				}
+			}
+
+			if key != tt.expectedKey {
+				t.Errorf("Expected key %q, got %q", tt.expectedKey, key)
+			}
+		})
+	}
+}

json.go

@@ -30,5 +30,7 @@ func respondWithJSON(w http.ResponseWriter, code int, payload interface{}) {
 		return
 	}
 	w.WriteHeader(code)
-	w.Write(dat)
+	if _, err := w.Write(dat); err != nil {
+		log.Printf("Error writing response: %v", err)
+	}
 }

main.go

@@ -7,6 +7,7 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"time"
 
 	"github.com/go-chi/chi"
 	"github.com/go-chi/cors"
@@ -89,8 +90,9 @@ func main() {
 
 	router.Mount("/v1", v1Router)
 	srv := &http.Server{
-		Addr:    ":" + port,
-		Handler: router,
+		Addr:              ":" + port,
+		Handler:           router,
+		ReadHeaderTimeout: 10 * time.Second, // Prevents Slowloris Attack
 	}
 
 	log.Printf("Serving on port: %s\n", port)