wdevs/ResolveSpec
3
0
Fork 0
mirror of https://github.com/bitechdev/ResolveSpec.git synced 2026-01-31 23:14:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(security): 🐛 handle errors in OAuth2 examples and passkey methods
Some checks failed
Build , Vet Test, and Lint / Run Vet Tests (1.24.x) (push) Successful in -22m52s
Details
Build , Vet Test, and Lint / Run Vet Tests (1.23.x) (push) Successful in -22m42s
Details
Build , Vet Test, and Lint / Build (push) Successful in -26m19s
Details
Build , Vet Test, and Lint / Lint Code (push) Successful in -25m40s
Details
Tests / Unit Tests (push) Successful in -26m33s
Details
Tests / Integration Tests (push) Failing after -26m55s
Details

Browse Source 
* Add error handling for JSON encoding and HTTP server calls.
* Update passkey examples to improve readability and maintainability.
* Ensure consistent use of error handling across all examples.
This commit is contained in:
Warky
2026-01-31 22:58:52 +02:00
parent 2e7b3e7abd
commit 7600a6d1fb
4 changed files with 48 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
pkg/security/oauth2_examples.go
View File

@@ -54,10 +54,10 @@ func ExampleOAuth2Google() {
})
// Return user info as JSON
json.NewEncoder(w).Encode(loginResp)
_ = json.NewEncoder(w).Encode(loginResp)
})
http.ListenAndServe(":8080", router)
_ = http.ListenAndServe(":8080", router)
}
// Example: OAuth2 Authentication with GitHub
@@ -89,10 +89,10 @@ func ExampleOAuth2GitHub() {
return
}
json.NewEncoder(w).Encode(loginResp)
_ = json.NewEncoder(w).Encode(loginResp)
})
http.ListenAndServe(":8080", router)
_ = http.ListenAndServe(":8080", router)
}
// Example: Custom OAuth2 Provider
@@ -142,10 +142,10 @@ func ExampleOAuth2Custom() {
return
}
json.NewEncoder(w).Encode(loginResp)
_ = json.NewEncoder(w).Encode(loginResp)
})
http.ListenAndServe(":8080", router)
_ = http.ListenAndServe(":8080", router)
}
// Example: Multi-Provider OAuth2 with Security Integration
@@ -240,10 +240,10 @@ func ExampleOAuth2MultiProvider() {
protectedRouter.HandleFunc("/profile", func(w http.ResponseWriter, r *http.Request) {
userCtx, _ := GetUserContext(r.Context())
json.NewEncoder(w).Encode(userCtx)
_ = json.NewEncoder(w).Encode(userCtx)
})
http.ListenAndServe(":8080", router)
_ = http.ListenAndServe(":8080", router)
}
// Example: OAuth2 with Token Refresh
@@ -294,10 +294,10 @@ func ExampleOAuth2TokenRefresh() {
SameSite: http.SameSiteLaxMode,
})
json.NewEncoder(w).Encode(loginResp)
_ = json.NewEncoder(w).Encode(loginResp)
})
http.ListenAndServe(":8080", router)
_ = http.ListenAndServe(":8080", router)
}
// Example: OAuth2 Logout
@@ -326,7 +326,7 @@ func ExampleOAuth2Logout() {
// Get user ID from session
userCtx, err := oauth2Auth.Authenticate(r)
if err == nil {
oauth2Auth.Logout(r.Context(), LogoutRequest{
_ = oauth2Auth.Logout(r.Context(), LogoutRequest{
Token: token,
UserID: userCtx.UserID,
})
@@ -343,10 +343,10 @@ func ExampleOAuth2Logout() {
})
w.WriteHeader(http.StatusOK)
w.Write([]byte("Logged out successfully"))
_, _ = w.Write([]byte("Logged out successfully"))
})
http.ListenAndServe(":8080", router)
_ = http.ListenAndServe(":8080", router)
}
// Example: Complete OAuth2 Integration with Database Setup
@@ -374,7 +374,7 @@ func ExampleOAuth2Complete() {
// Public routes
router.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("Welcome! <a href='/auth/google/login'>Login with Google</a>"))
_, _ = w.Write([]byte("Welcome! <a href='/auth/google/login'>Login with Google</a>"))
})
router.HandleFunc("/auth/google/login", func(w http.ResponseWriter, r *http.Request) {
@@ -411,17 +411,17 @@ func ExampleOAuth2Complete() {
protectedRouter.HandleFunc("/dashboard", func(w http.ResponseWriter, r *http.Request) {
userCtx, _ := GetUserContext(r.Context())
w.Write([]byte(fmt.Sprintf("Welcome, %s! Your email: %s", userCtx.UserName, userCtx.Email)))
_, _ = fmt.Fprintf(w, "Welcome, %s! Your email: %s", userCtx.UserName, userCtx.Email)
})
protectedRouter.HandleFunc("/api/profile", func(w http.ResponseWriter, r *http.Request) {
userCtx, _ := GetUserContext(r.Context())
json.NewEncoder(w).Encode(userCtx)
_ = json.NewEncoder(w).Encode(userCtx)
})
protectedRouter.HandleFunc("/auth/logout", func(w http.ResponseWriter, r *http.Request) {
userCtx, _ := GetUserContext(r.Context())
oauth2Auth.Logout(r.Context(), LogoutRequest{
_ = oauth2Auth.Logout(r.Context(), LogoutRequest{
Token: userCtx.SessionID,
UserID: userCtx.UserID,
})
@@ -437,7 +437,7 @@ func ExampleOAuth2Complete() {
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
})
http.ListenAndServe(":8080", router)
_ = http.ListenAndServe(":8080", router)
}
func setupOAuth2Tables(db *sql.DB) {
@@ -446,7 +446,7 @@ func setupOAuth2Tables(db *sql.DB) {
ctx := context.Background()
// Create users table if not exists
db.ExecContext(ctx, `
_, _ = db.ExecContext(ctx, `
CREATE TABLE IF NOT EXISTS users (
id SERIAL PRIMARY KEY,
username VARCHAR(255) NOT NULL UNIQUE,
@@ -464,7 +464,7 @@ func setupOAuth2Tables(db *sql.DB) {
`)
// Create user_sessions table (used for both regular and OAuth2 sessions)
db.ExecContext(ctx, `
_, _ = db.ExecContext(ctx, `
CREATE TABLE IF NOT EXISTS user_sessions (
id SERIAL PRIMARY KEY,
session_token VARCHAR(500) NOT NULL UNIQUE,
@@ -547,7 +547,7 @@ func ExampleOAuth2AllProviders() {
http.Error(w, err.Error(), http.StatusUnauthorized)
return
}
json.NewEncoder(w).Encode(loginResp)
_ = json.NewEncoder(w).Encode(loginResp)
})
// GitHub routes
@@ -562,7 +562,7 @@ func ExampleOAuth2AllProviders() {
http.Error(w, err.Error(), http.StatusUnauthorized)
return
}
json.NewEncoder(w).Encode(loginResp)
_ = json.NewEncoder(w).Encode(loginResp)
})
// Microsoft routes
@@ -577,7 +577,7 @@ func ExampleOAuth2AllProviders() {
http.Error(w, err.Error(), http.StatusUnauthorized)
return
}
json.NewEncoder(w).Encode(loginResp)
_ = json.NewEncoder(w).Encode(loginResp)
})
// Facebook routes
@@ -592,7 +592,7 @@ func ExampleOAuth2AllProviders() {
http.Error(w, err.Error(), http.StatusUnauthorized)
return
}
json.NewEncoder(w).Encode(loginResp)
_ = json.NewEncoder(w).Encode(loginResp)
})
// Create security list for protected routes
@@ -608,8 +608,8 @@ func ExampleOAuth2AllProviders() {
protectedRouter.HandleFunc("/profile", func(w http.ResponseWriter, r *http.Request) {
userCtx, _ := GetUserContext(r.Context())
json.NewEncoder(w).Encode(userCtx)
_ = json.NewEncoder(w).Encode(userCtx)
})
http.ListenAndServe(":8080", router)
_ = http.ListenAndServe(":8080", router)
}

1
pkg/security/oauth2_methods.go
View File

@@ -570,6 +570,7 @@ func NewFacebookAuthenticator(clientID, clientSecret, redirectURL string, db *sq
func NewMultiProviderAuthenticator(db *sql.DB, configs map[string]OAuth2Config) *DatabaseAuthenticator {
auth := NewDatabaseAuthenticator(db)
//nolint:gocritic // OAuth2Config is copied but kept for API simplicity
for _, cfg := range configs {
auth.WithOAuth2(cfg)
}

31
pkg/security/passkey_examples.go
View File

@@ -22,12 +22,13 @@ func PasskeyAuthenticationExample() {
})
// Create authenticator with passkey support
auth := NewDatabaseAuthenticatorWithOptions(db, DatabaseAuthenticatorOptions{
// Option 1: Pass during creation
_ = NewDatabaseAuthenticatorWithOptions(db, DatabaseAuthenticatorOptions{
PasskeyProvider: passkeyProvider,
})
// Or use WithPasskey method
auth = NewDatabaseAuthenticator(db).WithPasskey(passkeyProvider)
// Option 2: Use WithPasskey method
auth := NewDatabaseAuthenticator(db).WithPasskey(passkeyProvider)
ctx := context.Background()
@@ -106,9 +107,9 @@ func PasskeyAuthenticationExample() {
// Get all credentials for a user
credentials, _ := auth.GetPasskeyCredentials(ctx, 1)
for _, cred := range credentials {
for i := range credentials {
fmt.Printf("Credential: %s (created: %s, last used: %s)\n",
cred.Name, cred.CreatedAt, cred.LastUsedAt)
credentials[i].Name, credentials[i].CreatedAt, credentials[i].LastUsedAt)
}
// Update credential name
@@ -130,7 +131,7 @@ func PasskeyHTTPHandlersExample(auth *DatabaseAuthenticator) {
Username string `json:"username"`
DisplayName string `json:"display_name"`
}
json.NewDecoder(r.Body).Decode(&req)
_ = json.NewDecoder(r.Body).Decode(&req)
options, err := auth.BeginPasskeyRegistration(r.Context(), PasskeyBeginRegistrationRequest{
UserID: req.UserID,
@@ -147,7 +148,7 @@ func PasskeyHTTPHandlersExample(auth *DatabaseAuthenticator) {
challenges[sessionID] = options.Challenge
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(options)
_ = json.NewEncoder(w).Encode(options)
})
// Complete registration endpoint
@@ -157,7 +158,7 @@ func PasskeyHTTPHandlersExample(auth *DatabaseAuthenticator) {
Response PasskeyRegistrationResponse `json:"response"`
CredentialName string `json:"credential_name"`
}
json.NewDecoder(r.Body).Decode(&req)
_ = json.NewDecoder(r.Body).Decode(&req)
// Get stored challenge (from session in production)
sessionID := "session-123"
@@ -176,7 +177,7 @@ func PasskeyHTTPHandlersExample(auth *DatabaseAuthenticator) {
}
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(credential)
_ = json.NewEncoder(w).Encode(credential)
})
// Begin authentication endpoint
@@ -184,7 +185,7 @@ func PasskeyHTTPHandlersExample(auth *DatabaseAuthenticator) {
var req struct {
Username string `json:"username"` // Optional
}
json.NewDecoder(r.Body).Decode(&req)
_ = json.NewDecoder(r.Body).Decode(&req)
options, err := auth.BeginPasskeyAuthentication(r.Context(), PasskeyBeginAuthenticationRequest{
Username: req.Username,
@@ -199,7 +200,7 @@ func PasskeyHTTPHandlersExample(auth *DatabaseAuthenticator) {
challenges[sessionID] = options.Challenge
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(options)
_ = json.NewEncoder(w).Encode(options)
})
// Complete authentication endpoint
@@ -207,7 +208,7 @@ func PasskeyHTTPHandlersExample(auth *DatabaseAuthenticator) {
var req struct {
Response PasskeyAuthenticationResponse `json:"response"`
}
json.NewDecoder(r.Body).Decode(&req)
_ = json.NewDecoder(r.Body).Decode(&req)
// Get stored challenge (from session in production)
sessionID := "session-456"
@@ -238,7 +239,7 @@ func PasskeyHTTPHandlersExample(auth *DatabaseAuthenticator) {
})
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(loginResponse)
_ = json.NewEncoder(w).Encode(loginResponse)
})
// List credentials endpoint
@@ -257,7 +258,7 @@ func PasskeyHTTPHandlersExample(auth *DatabaseAuthenticator) {
}
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(credentials)
_ = json.NewEncoder(w).Encode(credentials)
})
// Delete credential endpoint
@@ -271,7 +272,7 @@ func PasskeyHTTPHandlersExample(auth *DatabaseAuthenticator) {
var req struct {
CredentialID string `json:"credential_id"`
}
json.NewDecoder(r.Body).Decode(&req)
_ = json.NewDecoder(r.Body).Decode(&req)
err = auth.DeletePasskeyCredential(r.Context(), userCtx.UserID, req.CredentialID)
if err != nil {

9
pkg/security/passkey_provider.go
View File

@@ -61,11 +61,11 @@ func (p *DatabasePasskeyProvider) BeginRegistration(ctx context.Context, userID
}
excludeCredentials := make([]PasskeyCredentialDescriptor, 0, len(credentials))
for _, cred := range credentials {
for i := range credentials {
excludeCredentials = append(excludeCredentials, PasskeyCredentialDescriptor{
Type: "public-key",
ID: cred.CredentialID,
Transports: cred.Transports,
ID: credentials[i].CredentialID,
Transports: credentials[i].Transports,
})
}
@@ -319,7 +319,8 @@ func (p *DatabasePasskeyProvider) GetCredentials(ctx context.Context, userID int
}
credentials := make([]PasskeyCredential, 0, len(rawCreds))
for _, raw := range rawCreds {
for i := range rawCreds {
raw := rawCreds[i]
credID, err := base64.StdEncoding.DecodeString(raw.CredentialID)
if err != nil {
continue