cleanup warnings, mostly from gostaticcheck

Author: bnfinet

go.mod

@@ -1,56 +1,50 @@
 module github.com/vouch/vouch-proxy
 
-go 1.23
+go 1.23.0
+
+toolchain go1.23.2
 
 require (
+	github.com/go-viper/mapstructure/v2 v2.4.0
 	github.com/golang-jwt/jwt v3.2.2+incompatible
-	github.com/google/go-cmp v0.6.0
-	github.com/gorilla/sessions v1.2.2
+	github.com/google/go-cmp v0.7.0
+	github.com/gorilla/sessions v1.4.0
 	github.com/julienschmidt/httprouter v1.3.0
 	github.com/karupanerura/go-mock-http-response v0.0.0-20171201120521-7c242a447d45
 	github.com/kelseyhightower/envconfig v1.4.0
-	github.com/mitchellh/mapstructure v1.5.0
 	github.com/nirasan/go-oauth-pkce-code-verifier v0.0.0-20220510032225-4f9f17eaec4c
 	github.com/patrickmn/go-cache v2.1.0+incompatible
-	github.com/spf13/viper v1.18.2
-	github.com/stretchr/testify v1.9.0
+	github.com/spf13/viper v1.20.1
+	github.com/stretchr/testify v1.10.0
 	github.com/theckman/go-securerandom v0.1.1
 	github.com/tsenart/vegeta v12.7.0+incompatible
 	go.uber.org/zap v1.27.0
-	golang.org/x/net v0.22.0
-	golang.org/x/oauth2 v0.18.0
+	golang.org/x/net v0.42.0
+	golang.org/x/oauth2 v0.30.0
 )
 
 require (
-	cloud.google.com/go/compute v1.25.1 // indirect
-	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	cloud.google.com/go/compute/metadata v0.7.0 // indirect
 	github.com/bmizerany/perks v0.0.0-20141205001514-d9a9656a3a4b // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dgryski/go-gk v0.0.0-20200319235926-a69029f61654 // indirect
-	github.com/fsnotify/fsnotify v1.7.0 // indirect
-	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/fsnotify/fsnotify v1.9.0 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
-	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/influxdata/tdigest v0.0.1 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
-	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/pelletier/go-toml/v2 v2.2.0 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/sagikazarmark/locafero v0.4.0 // indirect
-	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
+	github.com/sagikazarmark/locafero v0.9.0 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
-	github.com/spf13/afero v1.11.0 // indirect
-	github.com/spf13/cast v1.6.0 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/spf13/afero v1.14.0 // indirect
+	github.com/spf13/cast v1.9.2 // indirect
+	github.com/spf13/pflag v1.0.7 // indirect
 	github.com/streadway/quantile v0.0.0-20150917103942-b0c588724d25 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 // indirect
-	golang.org/x/sys v0.18.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
-	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/protobuf v1.33.0 // indirect
-	gopkg.in/ini.v1 v1.67.0 // indirect
+	golang.org/x/exp v0.0.0-20250718183923-645b1fa84792 // indirect
+	golang.org/x/sys v0.34.0 // indirect
+	golang.org/x/text v0.27.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -50,6 +50,9 @@ func TestCallbackHandlerDocumentRoot(t *testing.T) {
 			// grab the state from the session cookie to
 			session, err := sessstore.Get(reqLogin, cfg.Cfg.Session.Name)
 			state := session.Values["state"].(string)
+			if err != nil {
+				t.Fatal(err)
+			}
 
 			// now mimic an IdP returning the state variable back to us
 			reqAuth, err := http.NewRequest("GET", cfg.Cfg.DocumentRoot+"/auth?state="+state, nil)

handlers/auth_test.go

@@ -17,7 +17,6 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
-	"golang.org/x/oauth2"
 
 	"github.com/vouch/vouch-proxy/pkg/cfg"
 	"github.com/vouch/vouch-proxy/pkg/cookie"
@@ -27,9 +26,9 @@ import (
 	"github.com/vouch/vouch-proxy/pkg/structs"
 )
 
-var (
-	token = &oauth2.Token{AccessToken: "123"}
-)
+// var (
+// 	token = &oauth2.Token{AccessToken: "123"}
+// )
 
 // setUp load config file and then call Configure() for dependent packages
 func setUp(configFile string) {

handlers/handlers_test.go

@@ -29,7 +29,7 @@ import (
 )
 
 // see https://github.com/vouch/vouch-proxy/issues/282
-var errTooManyRedirects = errors.New("Too many unsuccessful authorization attempts for the requested URL")
+var errTooManyRedirects = errors.New("too many unsuccessful authorization attempts for the requested URL")
 
 const failCountLimit = 6
 
@@ -204,7 +204,7 @@ func getValidRequestedURL(r *http.Request) (string, error) {
 	}
 
 	if err != nil {
-		return "", fmt.Errorf("Not a valid login URL: %w %s", errInvalidURL, err)
+		return "", fmt.Errorf("not a valid login URL: %w %s", errInvalidURL, err)
 	}
 
 	if u == nil || u.String() == "" {
@@ -301,10 +301,9 @@ func appendCodeChallenge(session sessions.Session) {
 	switch strings.ToUpper(cfg.GenOAuth.CodeChallengeMethod) {
 	case "S256":
 		codeChallenge = CodeVerifier.CodeChallengeS256()
-		break
 	case "PLAIN":
-		codeChallenge = CodeVerifier.CodeChallengePlain()
 		// TODO support plain text code challenge
+		//codeChallenge = CodeVerifier.CodeChallengePlain()
 		log.Fatal("plain code challenge method is not supported")
 		return
 	default:

handlers/login.go

@@ -22,12 +22,12 @@ import (
 // and then pull it out later for logging
 // https://play.golang.org/p/wPHaX9DH-Ik
 
-var logger *zap.SugaredLogger
+// var logger *zap.SugaredLogger
 var log *zap.Logger
 
 // Configure see main.go configure()
 func Configure() {
-	logger = cfg.Logging.Logger
+	// logger = cfg.Logging.Logger
 	log = cfg.Logging.FastLogger
 }
 

pkg/capturewriter/capturewriter.go

@@ -16,8 +16,8 @@ import (
 	"errors"
 	"flag"
 	"fmt"
+	"io"
 	"io/fs"
-	"io/ioutil"
 	"net/http"
 	"os"
 	"os/user"
@@ -26,9 +26,9 @@ import (
 	"reflect"
 	"strings"
 
+	"github.com/go-viper/mapstructure/v2"
 	"github.com/golang-jwt/jwt"
 	"github.com/kelseyhightower/envconfig"
-	"github.com/go-viper/mapstructure/v2"
 	"github.com/spf13/viper"
 	securerandom "github.com/theckman/go-securerandom"
 	"go.uber.org/zap"
@@ -633,7 +633,7 @@ func DecryptionKey() (interface{}, error) {
 		return nil, fmt.Errorf("error opening Key %s: %s", Cfg.JWT.PublicKeyFile, err)
 	}
 
-	keyBytes, err := ioutil.ReadAll(f)
+	keyBytes, err := io.ReadAll(f)
 	if err != nil {
 		return nil, fmt.Errorf("error reading Key: %s", err)
 	}
@@ -666,7 +666,7 @@ func SigningKey() (interface{}, error) {
 		return nil, fmt.Errorf("error opening RSA Key %s: %s", Cfg.JWT.PrivateKeyFile, err)
 	}
 
-	keyBytes, err := ioutil.ReadAll(f)
+	keyBytes, err := io.ReadAll(f)
 	if err != nil {
 		return nil, fmt.Errorf("error reading Key: %s", err)
 	}

pkg/cfg/cfg.go

@@ -11,13 +11,13 @@ OR CONDITIONS OF ANY KIND, either express or implied.
 package cfg
 
 import (
-	"io/ioutil"
+	"os"
 
 	securerandom "github.com/theckman/go-securerandom"
 )
 
 func getOrGenerateJWTSecret() string {
-	b, err := ioutil.ReadFile(secretFile)
+	b, err := os.ReadFile(secretFile)
 	if err == nil {
 		log.Info("jwt.secret read from " + secretFile)
 	} else {
@@ -33,7 +33,7 @@ func getOrGenerateJWTSecret() string {
 			log.Fatal(err)
 		}
 		b = []byte(rstr)
-		err = ioutil.WriteFile(secretFile, b, 0600)
+		err = os.WriteFile(secretFile, b, 0600)
 		if err != nil {
 			log.Error(err)
 			logSysInfo()

pkg/cfg/jwt.go

@@ -11,7 +11,6 @@ OR CONDITIONS OF ANY KIND, either express or implied.
 package cfg
 
 import (
-	"fmt"
 	"os"
 	"strconv"
 
@@ -106,7 +105,7 @@ func (logging) configure() {
 	// then we weren't configured via command line, check the config file
 	if !viper.IsSet(Branding.LCName + ".logLevel") {
 		// then we weren't configured via the config file, set the default
-		Cfg.LogLevel = fmt.Sprintf("%s", Logging.DefaultLogLevel)
+		Cfg.LogLevel = Logging.DefaultLogLevel.String()
 	}
 
 	if Cfg.LogLevel != Logging.AtomicLogLevel.Level().String() {

pkg/cfg/logging.go

@@ -186,7 +186,7 @@ func SameSite() http.SameSite {
 		case "strict":
 			sameSite = http.SameSiteStrictMode
 		case "none":
-			if cfg.Cfg.Cookie.Secure == false {
+			if !cfg.Cfg.Cookie.Secure {
 				log.Error("SameSite cookie attribute with sameSite=none should also be specified with secure=true.")
 			}
 			sameSite = http.SameSiteNoneMode