Update Go version to 1.23, enhance Makefile for multi-OS builds, and improve authentication handling

- Updated Go version in CI and release workflows
- Added Makefile targets for building binaries for different OS/architectures
- Enhanced AuthService to support configurable token refresh and path for tests
- Updated ProxyService to validate tokens and handle errors more effectively
- Improved error handling in API requests and tests for better coverage

Author: jxu3

.github/workflows/ci.yml

@@ -20,7 +20,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: '1.21'
+          go-version: '1.23'
 
       - name: Cache Go modules
         uses: actions/cache@v3
@@ -62,7 +62,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: '1.21'
+          go-version: '1.23'
 
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
@@ -79,7 +79,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: '1.21'
+          go-version: '1.23'
 
       - name: Run Go Security Checks
         run: |
@@ -99,11 +99,11 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: '1.21'
+          go-version: '1.23'
 
       - name: Build binary
         run: |
-          go build -ldflags="-s -w -X main.version=ci-${{ github.sha }}" -o github-copilot-svcs .
+          go build -ldflags="-s -w -X main.version=ci-${{ github.sha }}" -o github-copilot-svcs ./cmd/github-copilot-svcs
 
       - name: Upload build artifact
         uses: actions/upload-artifact@v4

.github/workflows/release.yml

@@ -23,7 +23,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: '1.21'
+          go-version: '1.23'
 
       - name: Get next version
         id: version
@@ -91,7 +91,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: '1.21'
+          go-version: '1.23'
 
       - name: Build binary
         env:
@@ -100,7 +100,7 @@ jobs:
           CGO_ENABLED: 0
         run: |
           BINARY_NAME="github-copilot-svcs-${{ matrix.goos }}-${{ matrix.goarch }}${{ matrix.suffix }}"
-          go build -ldflags="-s -w -X main.version=${{ needs.release.outputs.version }}" -o "$BINARY_NAME" .
+          go build -ldflags="-s -w -X main.version=${{ needs.release.outputs.version }}" -o "$BINARY_NAME" ./cmd/github-copilot-svcs
           
           # Make the binary executable (important for Unix systems)
           chmod +x "$BINARY_NAME"

Dockerfile

@@ -1,9 +1,11 @@
-FROM golang:1.21-alpine AS builder
+FROM golang:1.23-alpine AS builder
 
 WORKDIR /app
 
 # Install git and ca-certificates for building
 RUN apk add --no-cache git ca-certificates
+# Diagnostic: Print Go version in build environment
+RUN go version
 
 # Copy go mod and sum files
 COPY go.mod go.sum ./

Makefile

@@ -8,6 +8,25 @@ VERSION?=dev
 build:
 	go build -ldflags="-s -w -X main.version=$(VERSION)" -o $(BINARY) $(CMD_PATH)
 
+# Build for specific OS/ARCH
+build-linux-amd64:
+	GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X main.version=$(VERSION)" -o $(BINARY)-linux-amd64 $(CMD_PATH)
+
+build-linux-arm64:
+	GOOS=linux GOARCH=arm64 go build -ldflags="-s -w -X main.version=$(VERSION)" -o $(BINARY)-linux-arm64 $(CMD_PATH)
+
+build-darwin-amd64:
+	GOOS=darwin GOARCH=amd64 go build -ldflags="-s -w -X main.version=$(VERSION)" -o $(BINARY)-darwin-amd64 $(CMD_PATH)
+
+build-darwin-arm64:
+	GOOS=darwin GOARCH=arm64 go build -ldflags="-s -w -X main.version=$(VERSION)" -o $(BINARY)-darwin-arm64 $(CMD_PATH)
+
+build-windows-amd64:
+	GOOS=windows GOARCH=amd64 go build -ldflags="-s -w -X main.version=$(VERSION)" -o $(BINARY)-windows-amd64.exe $(CMD_PATH)
+
+build-windows-arm64:
+	GOOS=windows GOARCH=arm64 go build -ldflags="-s -w -X main.version=$(VERSION)" -o $(BINARY)-windows-arm64.exe $(CMD_PATH)
+
 # Run the application
 run: build
 	./$(BINARY) start
@@ -97,25 +116,31 @@ docker-run:
 # Help
 help:
 	@echo "Available targets:"
-	@echo "  build            Build the binary"
-	@echo "  run              Build and run the application"
-	@echo "  dev              Run development server with hot reload"
-	@echo "  test             Run unit tests (default)"
-	@echo "  test-unit        Run only unit tests"
-	@echo "  test-integration Run only integration tests"
-	@echo "  test-e2e         Run only e2e tests"
-	@echo "  test-all         Run all tests"
-	@echo "  test-coverage    Run tests with coverage report"
-	@echo "  test-short       Run tests (skip integration tests)"
-	@echo "  test-verbose     Run tests with verbose output"
-	@echo "  lint             Lint the code"
-	@echo "  fmt              Format the code"
-	@echo "  vet              Vet the code"
-	@echo "  clean            Clean build artifacts and test cache"
-	@echo "  deps             Install dependencies"
-	@echo "  update-deps      Update dependencies"
-	@echo "  security         Run security checks"
-	@echo "  mocks            Generate mocks"
-	@echo "  docker-build     Build Docker image"
-	@echo "  docker-run       Run Docker container"
-	@echo "  help             Show this help message"
+	@echo "  build                  Build the binary"
+	@echo "  build-linux-amd64      Build for Linux amd64"
+	@echo "  build-linux-arm64      Build for Linux arm64"
+	@echo "  build-darwin-amd64     Build for macOS amd64"
+	@echo "  build-darwin-arm64     Build for macOS arm64"
+	@echo "  build-windows-amd64    Build for Windows amd64"
+	@echo "  build-windows-arm64    Build for Windows arm64"
+	@echo "  run                    Build and run the application"
+	@echo "  dev                    Run development server with hot reload"
+	@echo "  test                   Run unit tests (default)"
+	@echo "  test-unit              Run only unit tests"
+	@echo "  test-integration       Run only integration tests"
+	@echo "  test-e2e               Run only e2e tests"
+	@echo "  test-all               Run all tests"
+	@echo "  test-coverage          Run tests with coverage report"
+	@echo "  test-short             Run tests (skip integration tests)"
+	@echo "  test-verbose           Run tests with verbose output"
+	@echo "  lint                   Lint the code"
+	@echo "  fmt                    Format the code"
+	@echo "  vet                    Vet the code"
+	@echo "  clean                  Clean build artifacts and test cache"
+	@echo "  deps                   Install dependencies"
+	@echo "  update-deps            Update dependencies"
+	@echo "  security               Run security checks"
+	@echo "  mocks                  Generate mocks"
+	@echo "  docker-build           Build Docker image"
+	@echo "  docker-run             Run Docker container"
+	@echo "  help                   Show this help message"

README.md

@@ -106,6 +106,19 @@ make docker-build       # Build Docker image
 make docker-run         # Run Docker container
 ```
 
+## Building for Different OS/Architectures
+
+You can build binaries for different platforms using the following Makefile targets:
+
+- `make build-linux-amd64`      Build for Linux amd64
+- `make build-linux-arm64`      Build for Linux arm64
+- `make build-darwin-amd64`     Build for macOS amd64
+- `make build-darwin-arm64`     Build for macOS arm64
+- `make build-windows-amd64`    Build for Windows amd64
+- `make build-windows-arm64`    Build for Windows arm64
+
+The output binaries will be named accordingly (e.g., `github-copilot-svcs-windows-arm64.exe`).
+
 ## Installation & Usage
 
 ### 1. Build the Application

internal/auth.go

@@ -47,13 +47,37 @@ type copilotTokenResponse struct {
 // Service provides authentication operations
 type AuthService struct {
 	httpClient *http.Client
+
+	// For testability: override config save path
+	configPath string
+
+	// For testability: optional custom token refresh function
+	refreshFunc func(cfg *Config) error
 }
 
 // NewAuthService creates a new auth service
-func NewAuthService(httpClient *http.Client) *AuthService {
-	return &AuthService{
+func NewAuthService(httpClient *http.Client, opts ...func(*AuthService)) *AuthService {
+	svc := &AuthService{
 		httpClient: httpClient,
 	}
+	for _, opt := range opts {
+		opt(svc)
+	}
+	return svc
+}
+
+// Option to set config path for tests
+func WithConfigPath(path string) func(*AuthService) {
+	return func(s *AuthService) {
+		s.configPath = path
+	}
+}
+
+// Option to set custom refresh function for tests
+func WithRefreshFunc(f func(cfg *Config) error) func(*AuthService) {
+	return func(s *AuthService) {
+		s.refreshFunc = f
+	}
 }
 
 // Authenticate performs the full GitHub Copilot authentication flow
@@ -95,8 +119,14 @@ func (s *AuthService) Authenticate(cfg *Config) error {
 	cfg.ExpiresAt = expiresAt
 	cfg.RefreshIn = refreshIn
 
-	if err := cfg.SaveConfig(); err != nil {
-		return fmt.Errorf("failed to save config: %w", err)
+	var saveErr error
+	if s.configPath != "" {
+		saveErr = cfg.SaveConfig(s.configPath)
+	} else {
+		saveErr = cfg.SaveConfig()
+	}
+	if saveErr != nil {
+		return fmt.Errorf("failed to save config: %w", saveErr)
 	}
 
 	fmt.Println("Authentication successful!")
@@ -109,6 +139,19 @@ func (s *AuthService) RefreshToken(cfg *Config) error {
 }
 
 func (s *AuthService) RefreshTokenWithContext(ctx context.Context, cfg *Config) error {
+	if s.refreshFunc != nil {
+		// Use injected refresh function for tests
+		err := s.refreshFunc(cfg)
+		if err != nil {
+			return err
+		}
+		// Save config to injected path if set
+		if s.configPath != "" {
+			return cfg.SaveConfig(s.configPath)
+		}
+		return cfg.SaveConfig()
+	}
+
 	if cfg.GitHubToken == "" {
 		Warn("Cannot refresh token: no GitHub token available")
 		return NewAuthError("no GitHub token available for refresh", nil)

internal/config.go

@@ -406,10 +406,16 @@ func (c *Config) validateCORS() error {
 }
 
 // SaveConfig saves the configuration to file
-func (c *Config) SaveConfig() error {
-	path, err := GetConfigPath()
-	if err != nil {
-		return err
+func (c *Config) SaveConfig(pathOverride ...string) error {
+	var path string
+	var err error
+	if len(pathOverride) > 0 && pathOverride[0] != "" {
+		path = pathOverride[0]
+	} else {
+		path, err = GetConfigPath()
+		if err != nil {
+			return err
+		}
 	}
 	f, err := os.Create(path)
 	if err != nil {

internal/logger.go

@@ -35,7 +35,7 @@ func NewLogger(level string) *Logger {
 		Level: logLevel,
 	}
 
-	handler := slog.NewJSONHandler(os.Stdout, opts)
+	handler := slog.NewTextHandler(os.Stdout, opts)
 	return &Logger{slog.New(handler)}
 }
 

internal/proxy.go

@@ -5,6 +5,7 @@ import (
 	"context"
 	"crypto/sha256"
 	"encoding/hex"
+	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
@@ -71,6 +72,7 @@ type CoalescingCache struct {
 type ProxyService struct {
 	config         *Config
 	httpClient     *http.Client
+	authService    *AuthService
 	workerPool     WorkerPoolInterface
 	circuitBreaker *CircuitBreaker
 	bufferPool     *sync.Pool
@@ -139,7 +141,7 @@ func (cc *CoalescingCache) CoalesceRequest(key string, fn func() interface{}) in
 }
 
 // NewProxyService creates a new proxy service
-func NewProxyService(cfg *Config, httpClient *http.Client, workerPool WorkerPoolInterface) *ProxyService {
+func NewProxyService(cfg *Config, httpClient *http.Client, authService *AuthService, workerPool WorkerPoolInterface) *ProxyService {
 	circuitBreaker := &CircuitBreaker{
 		state:   CircuitClosed,
 		timeout: time.Duration(cfg.Timeouts.CircuitBreaker) * time.Second,
@@ -154,6 +156,7 @@ func NewProxyService(cfg *Config, httpClient *http.Client, workerPool WorkerPool
 	return &ProxyService{
 		config:         cfg,
 		httpClient:     httpClient,
+		authService:    authService,
 		workerPool:     workerPool,
 		circuitBreaker: circuitBreaker,
 		bufferPool:     bufferPool,
@@ -203,7 +206,18 @@ func (s *ProxyService) Handler() http.HandlerFunc {
 				Error("Worker error", "error", err)
 				// Only write error if headers haven't been sent
 				if !respWrapper.headersSent {
-					http.Error(w, err.Error(), http.StatusInternalServerError)
+					switch {
+					case strings.Contains(err.Error(), "authentication error"):
+						http.Error(w, err.Error(), http.StatusUnauthorized)
+					case strings.Contains(err.Error(), "token validation failed"):
+						http.Error(w, err.Error(), http.StatusUnauthorized)
+					case strings.Contains(err.Error(), "bad request"):
+						http.Error(w, err.Error(), http.StatusBadRequest)
+					case strings.Contains(err.Error(), "method not allowed"):
+						http.Error(w, err.Error(), http.StatusMethodNotAllowed)
+					default:
+						http.Error(w, err.Error(), http.StatusInternalServerError)
+					}
 				}
 			}
 		case <-ctx.Done():
@@ -279,14 +293,40 @@ func (cb *CircuitBreaker) onFailure() {
 func (s *ProxyService) processProxyRequest(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
 	Debug("Starting proxy request", "method", r.Method, "path", r.URL.Path)
 
+	// Validate method
+	if r.Method != http.MethodPost {
+		return fmt.Errorf("method not allowed: %s", r.Method)
+	}
+
 	// Read the request body
 	body, err := io.ReadAll(r.Body)
 	if err != nil {
 		Error("Error reading request body", "error", err)
-		return NewProxyError("read_request_body", "failed to read request body", err)
+		// Check for "http: request body too large" error and return 413
+		if strings.Contains(err.Error(), "http: request body too large") {
+			return fmt.Errorf("payload too large: %w", err)
+		}
+		return fmt.Errorf("bad request: failed to read request body: %w", err)
 	}
 	defer r.Body.Close()
 
+	// Basic body validation (for demonstration: consider empty body an error)
+	if len(body) == 0 {
+		return fmt.Errorf("bad request: empty request body")
+	}
+
+	// Strict JSON validation before authentication
+	var js json.RawMessage
+	if jsonErr := json.Unmarshal(body, &js); jsonErr != nil {
+		return fmt.Errorf("bad request: invalid JSON: %w", jsonErr)
+	}
+
+	// Ensure we have a valid token before making the request
+	if tokenErr := s.authService.EnsureValidToken(s.config); tokenErr != nil {
+		Error("Failed to ensure valid token", "error", tokenErr)
+		return NewAuthError("token validation failed", tokenErr)
+	}
+
 	// Create new request to GitHub Copilot
 	targetURL := copilotAPIBase + chatCompletionsPath
 	Debug("Sending request to target", "url", targetURL, "body_length", len(body))

internal/server.go

@@ -104,12 +104,15 @@ func CreateHTTPClient(cfg *Config) *http.Client {
 func NewServer(cfg *Config, httpClient *http.Client) *Server {
 	workerPool := NewWorkerPool(runtime.NumCPU() * workerMultiplier)
 
+	// Create auth service
+	authService := NewAuthService(httpClient)
+
 	// Create coalescing cache for models
 	coalescingCache := NewCoalescingCache()
 	modelsService := NewModelsService(coalescingCache, httpClient)
 
 	// Create proxy service
-	proxyService := NewProxyService(cfg, httpClient, workerPool)
+	proxyService := NewProxyService(cfg, httpClient, authService, workerPool)
 
 	// Create health checker
 	healthChecker := NewHealthChecker(httpClient, "dev") // TODO: get version from build