ci: enhance code quality and testing for secure.go and GitHub workflows

appleboy · appleboy · commit 10929f6ab0c5 · 2025-04-07T10:18:41.000+08:00
- Update golangci-lint-action to version 7 in GitHub workflow
- Add version specification for golangci-lint-action in GitHub workflow
- Create a new .golangci.yml file with specific linter configurations and exclusions
- Split long comments in secure.go for better readability
- Add context package import in secure_test.go
- Replace hardcoded host and scheme strings with constants in secure_test.go
- Use http.NewRequestWithContext instead of http.NewRequest in secure_test.go
- Remove gin.SetMode initialization in secure_test.go

Signed-off-by: Bo-Yi Wu &lt;appleboy.tw@gmail.com&gt;
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -23,8 +23,9 @@ jobs:
           go-version-file: go.mod
           check-latest: true
       - name: Setup golangci-lint
-        uses: golangci/golangci-lint-action@v6
+        uses: golangci/golangci-lint-action@v7
         with:
+          version: v2.0
           args: --verbose
   test:
     strategy:
diff --git a/.golangci.yml b/.golangci.yml
@@ -0,0 +1,50 @@
+version: "2"
+linters:
+  default: none
+  enable:
+    - bodyclose
+    - dogsled
+    - dupl
+    - errcheck
+    - exhaustive
+    - gochecknoinits
+    - goconst
+    - gocritic
+    - gocyclo
+    - goprintffuncname
+    - gosec
+    - govet
+    - ineffassign
+    - lll
+    - misspell
+    - nakedret
+    - noctx
+    - nolintlint
+    - rowserrcheck
+    - staticcheck
+    - unconvert
+    - unparam
+    - unused
+    - whitespace
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  enable:
+    - gofmt
+    - gofumpt
+    - goimports
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
diff --git a/secure.go b/secure.go
@@ -42,7 +42,8 @@ type Config struct {
 	// ContentSecurityPolicy allows the Content-Security-Policy header value
 	// to be set with a custom value. Default is "".
 	ContentSecurityPolicy string
-	// HTTP header "Referrer-Policy" governs which referrer information, sent in the Referrer header, should be included with requests made.
+	// HTTP header "Referrer-Policy" governs which referrer information, sent in the Referrer header,
+	// should be included with requests made.
 	ReferrerPolicy string
 	// When true, the whole security policy applied by the middleware is disabled completely.
 	IsDevelopment bool
@@ -57,8 +58,10 @@ type Config struct {
 	// to succeed.
 	DontRedirectIPV4Hostnames bool
 
-	// If the request is insecure, treat it as secure if any of the headers in this dict are set to their corresponding value
-	// This is useful when your app is running behind a secure proxy that forwards requests to your app over http (such as on Heroku).
+	// If the request is insecure, treat it as secure if any of the headers
+	// in this dict are set to their corresponding value.
+	// This is useful when your app is running behind a secure proxy that forwards requests to your app over http
+	// (such as on Heroku).
 	SSLProxyHeaders map[string]string
 }
 
diff --git a/secure_test.go b/secure_test.go
@@ -1,6 +1,7 @@
 package secure
 
 import (
+	"context"
 	"net/http"
 	"net/http/httptest"
 	"testing"
@@ -11,12 +12,10 @@ import (
 
 const (
 	testResponse = "bar"
+	exampleHost  = "www.example.com"
+	httpScheme   = "http"
 )
 
-func init() {
-	gin.SetMode(gin.TestMode)
-}
-
 func newServer(options Config) *gin.Engine {
 	router := gin.New()
 	router.Use(New(options))
@@ -28,7 +27,7 @@ func newServer(options Config) *gin.Engine {
 
 func performRequest(router *gin.Engine, path string) *httptest.ResponseRecorder {
 	w := httptest.NewRecorder()
-	req, _ := http.NewRequest("GET", path, nil)
+	req, _ := http.NewRequestWithContext(context.Background(), "GET", path, nil)
 	router.ServeHTTP(w, req)
 	return w
 }
@@ -47,12 +46,12 @@ func TestNoConfig(t *testing.T) {
 func TestDefaultConfig(t *testing.T) {
 	router := newServer(DefaultConfig())
 
-	w := performRequest(router, "https://www.example.com/foo")
+	w := performRequest(router, "https://"+exampleHost+"/foo")
 
 	assert.Equal(t, http.StatusOK, w.Code)
 	assert.Equal(t, "bar", w.Body.String())
 
-	w = performRequest(router, "http://www.example.com/foo")
+	w = performRequest(router, "http://"+exampleHost+"/foo")
 
 	assert.Equal(t, http.StatusMovedPermanently, w.Code)
 	assert.Equal(t, "https://www.example.com/foo", w.Header().Get("Location"))
@@ -63,18 +62,18 @@ func TestNoAllowHosts(t *testing.T) {
 		AllowedHosts: []string{},
 	})
 
-	w := performRequest(router, "http://www.example.com/foo")
+	w := performRequest(router, "http://"+exampleHost+"/foo")
 
 	assert.Equal(t, http.StatusOK, w.Code)
 	assert.Equal(t, "bar", w.Body.String())
 }
 
 func TestGoodSingleAllowHosts(t *testing.T) {
 	router := newServer(Config{
-		AllowedHosts: []string{"www.example.com"},
+		AllowedHosts: []string{exampleHost},
 	})
 
-	w := performRequest(router, "http://www.example.com/foo")
+	w := performRequest(router, "http://"+exampleHost+"/foo")
 
 	assert.Equal(t, http.StatusOK, w.Code)
 	assert.Equal(t, "bar", w.Body.String())
@@ -92,7 +91,7 @@ func TestBadSingleAllowHosts(t *testing.T) {
 
 func TestGoodMultipleAllowHosts(t *testing.T) {
 	router := newServer(Config{
-		AllowedHosts: []string{"www.example.com", "sub.example.com"},
+		AllowedHosts: []string{exampleHost, "sub.example.com"},
 	})
 
 	w := performRequest(router, "http://sub.example.com/foo")
@@ -179,7 +178,7 @@ func TestDontRedirectIPV4Hostnames(t *testing.T) {
 		DontRedirectIPV4Hostnames: true,
 	})
 
-	w1 := performRequest(router, "http://www.example.com/foo")
+	w1 := performRequest(router, "http://"+exampleHost+"/foo")
 	assert.Equal(t, http.StatusMovedPermanently, w1.Code)
 
 	w2 := performRequest(router, "http://127.0.0.1/foo")
@@ -192,7 +191,7 @@ func TestBasicSSLWithHost(t *testing.T) {
 		SSLHost:     "secure.example.com",
 	})
 
-	w := performRequest(router, "http://www.example.com/foo")
+	w := performRequest(router, "http://"+exampleHost+"/foo")
 
 	assert.Equal(t, http.StatusMovedPermanently, w.Code)
 	assert.Equal(t, "https://secure.example.com/foo", w.Header().Get("Location"))
@@ -204,9 +203,9 @@ func TestBadProxySSL(t *testing.T) {
 	})
 
 	w := httptest.NewRecorder()
-	req, _ := http.NewRequest("GET", "/foo", nil)
-	req.Host = "www.example.com"
-	req.URL.Scheme = "http"
+	req, _ := http.NewRequestWithContext(context.Background(), "GET", "/foo", nil)
+	req.Host = exampleHost
+	req.URL.Scheme = httpScheme
 	req.Header.Add("X-Forwarded-Proto", "https")
 
 	router.ServeHTTP(w, req)
@@ -222,8 +221,8 @@ func TestProxySSLWithHeaderOption(t *testing.T) {
 	})
 
 	w := httptest.NewRecorder()
-	req, _ := http.NewRequest("GET", "/foo", nil)
-	req.Host = "www.example.com"
+	req, _ := http.NewRequestWithContext(context.Background(), "GET", "/foo", nil)
+	req.Host = exampleHost
 	req.URL.Scheme = "http"
 	req.Header.Add("X-Arbitrary-Header", "arbitrary-value")
 
@@ -239,7 +238,7 @@ func TestProxySSLWithWrongHeaderValue(t *testing.T) {
 	})
 
 	w := httptest.NewRecorder()
-	req, _ := http.NewRequest("GET", "/foo", nil)
+	req, _ := http.NewRequestWithContext(context.Background(), "GET", "/foo", nil)
 	req.Host = "www.example.com"
 	req.URL.Scheme = "http"
 	req.Header.Add("X-Arbitrary-Header", "wrong-value")
