diff --git a/auth/api/auth/v1/api.go b/auth/api/auth/v1/api.go index a608669f1b..0d79c9d4a5 100644 --- a/auth/api/auth/v1/api.go +++ b/auth/api/auth/v1/api.go @@ -271,7 +271,7 @@ func (w Wrapper) CreateJwtGrant(ctx context.Context, request CreateJwtGrantReque response, err := w.Auth.RelyingParty().CreateJwtGrant(ctx, req) if err != nil { - return nil, core.InvalidInputError(err.Error()) + return nil, core.InvalidInputError("%w", err) } return CreateJwtGrant200JSONResponse{BearerToken: response.BearerToken, AuthorizationServerEndpoint: response.AuthorizationServerEndpoint}, nil @@ -289,7 +289,7 @@ func (w Wrapper) RequestAccessToken(ctx context.Context, request RequestAccessTo jwtGrant, err := w.Auth.RelyingParty().CreateJwtGrant(ctx, req) if err != nil { - return nil, core.InvalidInputError(err.Error()) + return nil, core.InvalidInputError("%w", err) } authServerEndpoint, err := url.Parse(jwtGrant.AuthorizationServerEndpoint) @@ -299,7 +299,7 @@ func (w Wrapper) RequestAccessToken(ctx context.Context, request RequestAccessTo accessTokenResult, err := w.Auth.RelyingParty().RequestRFC003AccessToken(ctx, jwtGrant.BearerToken, *authServerEndpoint) if err != nil { - return nil, core.Error(http.StatusServiceUnavailable, err.Error()) + return nil, core.Error(http.StatusServiceUnavailable, "%w", err) } return RequestAccessToken200JSONResponse(*accessTokenResult), nil } @@ -401,7 +401,7 @@ func (w Wrapper) IntrospectAccessToken(ctx context.Context, request IntrospectAc introspectionResponse.AssuranceLevel = &level } - if claims.Credentials != nil && len(claims.Credentials) > 0 { + if len(claims.Credentials) > 0 { introspectionResponse.Vcs = &claims.Credentials var resolvedVCs []VerifiableCredential diff --git a/auth/api/iam/dpop.go b/auth/api/iam/dpop.go index 1e8e7ef120..6de6e379bb 100644 --- a/auth/api/iam/dpop.go +++ b/auth/api/iam/dpop.go @@ -49,7 +49,7 @@ func (r Wrapper) CreateDPoPProof(ctx context.Context, request CreateDPoPProofReq // create new DPoP header httpRequest, err := http.NewRequest(request.Body.Htm, request.Body.Htu, nil) if err != nil { - return nil, core.InvalidInputError(err.Error()) + return nil, core.InvalidInputError("%w", err) } token := dpop.New(*httpRequest) token.GenerateProof(request.Body.Token) @@ -58,7 +58,7 @@ func (r Wrapper) CreateDPoPProof(ctx context.Context, request CreateDPoPProofReq // unescape manually here kid, err := url.PathUnescape(request.Kid) if err != nil { - return nil, core.InvalidInputError(err.Error()) + return nil, core.InvalidInputError("%w", err) } dpop, err := r.jwtSigner.SignDPoP(ctx, *token, kid) diff --git a/auth/api/iam/jar.go b/auth/api/iam/jar.go index 8c98ebeb94..8660a86b27 100644 --- a/auth/api/iam/jar.go +++ b/auth/api/iam/jar.go @@ -196,7 +196,7 @@ func compareThumbprint(configurationKey jwk.Key, publicKey crypto.PublicKey) err if err != nil { return err } - if bytes.Compare(thumbprintLeft, thumbprintRight) != 0 { + if !bytes.Equal(thumbprintLeft, thumbprintRight) { return errors.New("key thumbprints do not match") } return nil diff --git a/auth/client/iam/openid4vp.go b/auth/client/iam/openid4vp.go index 5fc02e0841..0f9e370601 100644 --- a/auth/client/iam/openid4vp.go +++ b/auth/client/iam/openid4vp.go @@ -364,16 +364,6 @@ func (c *OpenID4VPClient) VerifiableCredentials(ctx context.Context, credentialE return rsp, nil } -func (c *OpenID4VPClient) walletWithExtraCredentials(ctx context.Context, subject did.DID, credentials []vc.VerifiableCredential) (holder.Wallet, error) { - walletCredentials, err := c.wallet.List(ctx, subject) - if err != nil { - return nil, err - } - return holder.NewMemoryWallet(c.ldDocumentLoader, c.keyResolver, c.jwtSigner, map[did.DID][]vc.VerifiableCredential{ - subject: append(walletCredentials, credentials...), - }), nil -} - func (c *OpenID4VPClient) dpop(ctx context.Context, requester did.DID, request http.Request) (string, string, error) { // find the key to sign the DPoP token with keyID, _, err := c.keyResolver.ResolveKey(requester, nil, resolver.AssertionMethod) diff --git a/crypto/storage/vault/vault.go b/crypto/storage/vault/vault.go index 4e19509512..62555de586 100644 --- a/crypto/storage/vault/vault.go +++ b/crypto/storage/vault/vault.go @@ -34,7 +34,6 @@ import ( const privateKeyPathName = "nuts-private-keys" const defaultPathPrefix = "kv" -const keyName = "key" // StorageType is the name of this storage type, used in health check reports and configuration. const StorageType = "vaultkv" diff --git a/discovery/client_test.go b/discovery/client_test.go index 511bf20962..76e147d1ae 100644 --- a/discovery/client_test.go +++ b/discovery/client_test.go @@ -370,8 +370,7 @@ func Test_defaultClientRegistrationManager_refresh(t *testing.T) { assert.EqualError(t, err, errStr) // check for presentationRefreshError - refreshError, err := store.getPresentationRefreshError(testServiceID, bobSubject) - require.NoError(t, err) + refreshError := getPresentationRefreshError(t, store.db, testServiceID, bobSubject) assert.Contains(t, refreshError.Error, errStr) }) t.Run("deactivate unknown subject", func(t *testing.T) { @@ -431,8 +430,7 @@ func Test_defaultClientRegistrationManager_refresh(t *testing.T) { require.NoError(t, err) // check for presentationRefreshError - refreshError, err := store.getPresentationRefreshError(testServiceID, aliceSubject) - require.NoError(t, err) + refreshError := getPresentationRefreshError(t, store.db, testServiceID, aliceSubject) assert.Nil(t, refreshError) }) } diff --git a/discovery/store.go b/discovery/store.go index dc1b4a1c3c..87bb940899 100644 --- a/discovery/store.go +++ b/discovery/store.go @@ -384,17 +384,6 @@ func (s *sqlStore) getSubjectsToBeRefreshed(now time.Time) ([]refreshCandidate, return result, nil } -func (s *sqlStore) getPresentationRefreshError(serviceID string, subjectID string) (*presentationRefreshError, error) { - var row presentationRefreshError - if err := s.db.Find(&row, "service_id = ? AND subject_id = ?", serviceID, subjectID).Error; err != nil { - return nil, err - } - if row.LastOccurrence == 0 { - return nil, nil - } - return &row, nil -} - func (s *sqlStore) setPresentationRefreshError(serviceID string, subjectID string, refreshErr error) error { return s.db.Transaction(func(tx *gorm.DB) error { if err := tx.Delete(&presentationRefreshError{}, "service_id = ? AND subject_id = ?", serviceID, subjectID).Error; err != nil { diff --git a/discovery/store_test.go b/discovery/store_test.go index 0e6dae97ca..d675905a63 100644 --- a/discovery/store_test.go +++ b/discovery/store_test.go @@ -305,9 +305,8 @@ func Test_sqlStore_setPresentationRefreshError(t *testing.T) { require.NoError(t, c.setPresentationRefreshError(testServiceID, aliceSubject, assert.AnError)) // Check if the error is stored - refreshError, err := c.getPresentationRefreshError(testServiceID, aliceSubject) + refreshError := getPresentationRefreshError(t, c.db, testServiceID, aliceSubject) - require.NoError(t, err) assert.Equal(t, refreshError.Error, assert.AnError.Error()) assert.True(t, refreshError.LastOccurrence > int(time.Now().Add(-1*time.Second).Unix())) }) @@ -317,9 +316,8 @@ func Test_sqlStore_setPresentationRefreshError(t *testing.T) { require.NoError(t, c.setPresentationRefreshError(testServiceID, aliceSubject, assert.AnError)) require.NoError(t, c.setPresentationRefreshError(testServiceID, aliceSubject, nil)) - refreshError, err := c.getPresentationRefreshError(testServiceID, aliceSubject) + refreshError := getPresentationRefreshError(t, c.db, testServiceID, aliceSubject) - require.NoError(t, err) assert.Nil(t, refreshError) }) } @@ -370,3 +368,13 @@ func resetStore(t *testing.T, db *gorm.DB) { require.NoError(t, db.Exec("DELETE FROM "+tableName).Error) } } + +func getPresentationRefreshError(t *testing.T, db *gorm.DB, serviceID string, subjectID string) *presentationRefreshError { + var row presentationRefreshError + err := db.Find(&row, "service_id = ? AND subject_id = ?", serviceID, subjectID).Error + require.NoError(t, err) + if row.LastOccurrence == 0 { + return nil + } + return &row +} diff --git a/http/user/session.go b/http/user/session.go index d000a43f6a..0830762caa 100644 --- a/http/user/session.go +++ b/http/user/session.go @@ -36,7 +36,7 @@ import ( "time" ) -var userSessionContextKey = struct{}{} +type userSessionContextKey = struct{} // userSessionCookieName is the name of the cookie used to store the user session. // It uses the __Secure prefix, that instructs the user agent to treat it as a secure cookie: @@ -94,7 +94,7 @@ func (u SessionMiddleware) Handle(next echo.HandlerFunc) echo.HandlerFunc { return u.Store.Put(sessionID, sessionData) } // Session data is put in request context for access by API handlers - echoCtx.SetRequest(echoCtx.Request().WithContext(context.WithValue(echoCtx.Request().Context(), userSessionContextKey, sessionData))) + echoCtx.SetRequest(echoCtx.Request().WithContext(context.WithValue(echoCtx.Request().Context(), userSessionContextKey{}, sessionData))) return next(echoCtx) } @@ -166,7 +166,7 @@ func (u SessionMiddleware) createUserSessionCookie(sessionID string, path string // GetSession retrieves the user session from the request context. // If the user session is not found, an error is returned. func GetSession(ctx context.Context) (*Session, error) { - result, ok := ctx.Value(userSessionContextKey).(*Session) + result, ok := ctx.Value(userSessionContextKey{}).(*Session) if !ok { return nil, errors.New("no user session found") } diff --git a/http/user/test.go b/http/user/test.go index b7b3e96852..39c13ec4cd 100644 --- a/http/user/test.go +++ b/http/user/test.go @@ -28,5 +28,5 @@ func CreateTestSession(ctx context.Context, subjectID string) (context.Context, session.Save = func() error { return nil } - return context.WithValue(ctx, userSessionContextKey, session), session + return context.WithValue(ctx, userSessionContextKey{}, session), session } diff --git a/makefile b/makefile index 5e81448a69..a9d8fed06e 100644 --- a/makefile +++ b/makefile @@ -7,7 +7,7 @@ install-tools: go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.34.2 go install go.uber.org/mock/mockgen@v0.4.0 go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.5.1 - go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.57.2 + go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.61.0 gen-mocks: mockgen -destination=auth/mock.go -package=auth -source=auth/interface.go diff --git a/network/dag/parser.go b/network/dag/parser.go index 90d5300089..e1be15758f 100644 --- a/network/dag/parser.go +++ b/network/dag/parser.go @@ -97,7 +97,7 @@ func parsePayload(transaction *transaction, _ jws.Headers, message *jws.Message) func parseContentType(transaction *transaction, headers jws.Headers, _ *jws.Message) error { contentType := headers.ContentType() if !ValidatePayloadType(contentType) { - return transactionValidationError(errInvalidPayloadType.Error()) + return transactionValidationError("%w", errInvalidPayloadType) } transaction.payloadType = contentType return nil diff --git a/policy/local.go b/policy/local.go index 0b88facf57..eb18c7399a 100644 --- a/policy/local.go +++ b/policy/local.go @@ -41,8 +41,7 @@ func New() *LocalPDP { // It loads a file with the mapping from oauth scope to PEX Policy. // It allows access when the requester can present a submission according to the Presentation Definition. type LocalPDP struct { - backend PDPBackend - config Config + config Config // mapping holds the oauth scope to PEX Policy mapping mapping map[string]validatingWalletOwnerMapping } diff --git a/vcr/api/vcr/v2/api.go b/vcr/api/vcr/v2/api.go index 10c9275a70..1105838ea5 100644 --- a/vcr/api/vcr/v2/api.go +++ b/vcr/api/vcr/v2/api.go @@ -429,7 +429,7 @@ func (w *Wrapper) LoadVC(ctx context.Context, request LoadVCRequestObject) (Load // validate credential if err = w.VCR.Verifier().Verify(*request.Body, true, true, nil); err != nil { if errors.Is(err, verifier.VerificationError{}) { - return nil, core.InvalidInputError(err.Error()) + return nil, core.InvalidInputError("%w", err) } return nil, err } diff --git a/vdr/didsubject/manager.go b/vdr/didsubject/manager.go index 992cea0642..a74825a00e 100644 --- a/vdr/didsubject/manager.go +++ b/vdr/didsubject/manager.go @@ -733,6 +733,9 @@ func (r *SqlManager) MigrateAddWebToNuts(ctx context.Context, id did.DID) error // check if subject has a did:web subjectDIDs, err := r.ListDIDs(ctx, subject) + if err != nil { + return err + } for _, subjectDID := range subjectDIDs { if subjectDID.Method == "web" { // already has a did:web diff --git a/vdr/vdr.go b/vdr/vdr.go index 1924a369c2..13f23fcca6 100644 --- a/vdr/vdr.go +++ b/vdr/vdr.go @@ -160,7 +160,6 @@ func (r *Module) Configure(config core.ServerConfig) error { r.networkAmbassador = didnuts.NewAmbassador(r.network, r.store, r.eventManager) db := r.storageInstance.GetSQLDatabase() - methodManagers := make(map[string]didsubject.MethodManager) r.didResolver.(*resolver.DIDResolverRouter).Register(didjwk.MethodName, didjwk.NewResolver()) r.didResolver.(*resolver.DIDResolverRouter).Register(didkey.MethodName, didkey.NewResolver()) @@ -175,7 +174,7 @@ func (r *Module) Configure(config core.ServerConfig) error { } // Methods we can produce from the Nuts node - methodManagers = map[string]didsubject.MethodManager{} + methodManagers := map[string]didsubject.MethodManager{} // did:nuts nutsManager := didnuts.NewManager(r.keyStore, r.network, r.store, r.didResolver, db)