Added golangci-lint and multiple fixes for all kind of checks

The most important:
* Added golangci to github workflow
* Bumped version of go to 1.22 to fix for loops vars
* Removed cluster logic since dead code and better one in #30
* Fixed unauthorized access to application resource
* Fixed not checked user struct type conversion in API
* Multiple security and style fixes

.github/workflows/main.yml

@@ -46,6 +46,24 @@ jobs:
           swagger-editor-url: http://localhost/
           definition-file: docs/openapi.yaml
 
+  GolangCI:
+    runs-on: ubuntu-latest
+    name: Code Lint
+    permissions:
+      # Required: allow read access to the content for analysis.
+      contents: read
+      # Optional: allow write access to checks to allow the action to annotate code in the PR.
+      checks: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: stable  # Linter will use go.mod file to adjust the rules properly
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: v1.60
+
   Build:
     runs-on: ubuntu-latest
     steps:

.golangci.yml

@@ -0,0 +1,128 @@
+run:
+  concurrency: 4
+  timeout: 10m
+  tests: false
+  allow-parallel-runners: true
+  allow-serial-runners: true
+
+output:
+  show-stats: true
+
+linters:
+  # Disable all linters.
+  # Default: false
+  disable-all: true
+  # Enable specific linter
+  # https://golangci-lint.run/usage/linters/#enabled-by-default
+  enable:
+    - asasalint
+    - asciicheck
+    - bidichk
+    - bodyclose
+    - canonicalheader
+    - containedctx
+    - contextcheck
+    - copyloopvar
+    #- cyclop
+    - decorder
+    #- depguard
+    - dogsled
+    #- dupl
+    - dupword
+    - durationcheck
+    #- err113
+    #- errcheck  # Maybe in the future?
+    - errchkjson
+    - errname
+    #- errorlint
+    - exhaustive
+    #- exhaustruct
+    - fatcontext
+    #- forbidigo
+    - forcetypeassert
+    #- funlen
+    #- gci
+    - ginkgolinter
+    - gocheckcompilerdirectives
+    #- gochecknoglobals
+    #- gochecknoinits
+    - gochecksumtype
+    #- gocognit
+    #- goconst
+    #- gocritic
+    #- gocyclo
+    #- godot
+    #- godox
+    - gofmt
+    #- gofumpt
+    - goheader
+    - goimports
+    - gomoddirectives
+    - gomodguard
+    - goprintffuncname
+    - gosec
+    - gosimple
+    - gosmopolitan
+    - govet
+    - grouper
+    - importas
+    - inamedparam
+    - ineffassign
+    - interfacebloat
+    - intrange
+    #- ireturn
+    #- lll
+    - loggercheck
+    #- maintidx
+    - makezero
+    - mirror
+    - misspell
+    #- mnd
+    - musttag
+    #- nakedret
+    #- nestif
+    - nilerr
+    #- nilnil
+    #- nlreturn
+    - noctx
+    - nolintlint
+    #- nonamedreturns
+    - nosprintfhostport
+    - paralleltest
+    #- perfsprint
+    #- prealloc
+    - predeclared
+    - promlinter
+    - protogetter
+    - reassign
+    #- revive  # not supporting snake_case for vars
+    - rowserrcheck
+    - sloglint
+    - spancheck
+    - sqlclosecheck
+    - staticcheck
+    #- stylecheck
+    - tagalign
+    #- tagliatelle
+    - tenv
+    - testableexamples
+    - testifylint
+    - testpackage
+    - thelper
+    - tparallel
+    - typecheck
+    - unconvert
+    - unparam
+    - unused
+    - usestdlibvars
+    #- varnamelen
+    - wastedassign
+    - whitespace
+    #- wrapcheck
+    #- wsl
+    - zerologlint
+
+linters-settings:
+  gosec:
+    excludes:
+      - G115  # integer overflow conversion - disabled due to found no proper way to fix those

check.sh

@@ -32,9 +32,9 @@ done
 echo
 echo '---------------------- GoFmt verify ----------------------'
 echo
-reformat=$(gofmt -l . 2>&1)
+reformat=$(gofmt -l -s . 2>&1)
 if [ "${reformat}" ]; then
-    echo "Please run 'gofmt -w .': \n${reformat}"
+    echo "Please run 'gofmt -s -w .': \n${reformat}"
     errors=$((${errors}+$(echo "${reformat}" | wc -l)))
 fi
 

cmd/fish/fish.go

@@ -27,7 +27,6 @@ import (
 	"gorm.io/gorm/logger"
 
 	"github.com/adobe/aquarium-fish/lib/build"
-	"github.com/adobe/aquarium-fish/lib/cluster"
 	"github.com/adobe/aquarium-fish/lib/crypt"
 	"github.com/adobe/aquarium-fish/lib/fish"
 	"github.com/adobe/aquarium-fish/lib/log"
@@ -44,7 +43,6 @@ func main() {
 	var proxy_socks_address string
 	var proxy_ssh_address string
 	var node_address string
-	var cluster_join *[]string
 	var cfg_path string
 	var dir string
 	var cpu_limit string
@@ -83,9 +81,6 @@ func main() {
 			if node_address != "" {
 				cfg.NodeAddress = node_address
 			}
-			if len(*cluster_join) > 0 {
-				cfg.ClusterJoin = *cluster_join
-			}
 			if dir != "" {
 				cfg.Directory = dir
 			}
@@ -174,14 +169,8 @@ func main() {
 				return err
 			}
 
-			log.Info("Fish joining cluster...")
-			cl, err := cluster.New(fish, cfg.ClusterJoin, ca_path, cert_path, key_path)
-			if err != nil {
-				return err
-			}
-
 			log.Info("Fish starting API...")
-			srv, err := openapi.Init(fish, cl, cfg.APIAddress, ca_path, cert_path, key_path)
+			srv, err := openapi.Init(fish, cfg.APIAddress, ca_path, cert_path, key_path)
 			if err != nil {
 				return err
 			}
@@ -199,7 +188,6 @@ func main() {
 
 			log.Info("Fish stopping...")
 
-			cl.Stop()
 			fish.Close()
 
 			log.Info("Fish stopped")
@@ -213,7 +201,6 @@ func main() {
 	flags.StringVar(&proxy_socks_address, "socks_proxy", "", "address used to expose the SOCKS5 proxy")
 	flags.StringVar(&proxy_ssh_address, "ssh_proxy", "", "address used to expose the SSH proxy")
 	flags.StringVarP(&node_address, "node", "n", "", "node external endpoint to connect to tell the other nodes")
-	cluster_join = flags.StringSliceP("join", "j", nil, "addresses of existing cluster nodes to join, comma separated")
 	flags.StringVarP(&cfg_path, "cfg", "c", "", "yaml configuration file")
 	flags.StringVarP(&dir, "dir", "D", "", "database and other fish files directory")
 	flags.StringVar(&cpu_limit, "cpu", "", "max amount of threads fish node will be able to utilize, default - no limit")

go.mod

@@ -1,6 +1,6 @@
 module github.com/adobe/aquarium-fish
 
-go 1.21.0
+go 1.22.2
 
 require (
 	github.com/alessio/shellescape v1.4.1
@@ -14,7 +14,6 @@ require (
 	github.com/ghodss/yaml v1.0.0
 	github.com/glebarez/sqlite v1.7.0
 	github.com/google/uuid v1.5.0
-	github.com/gorilla/websocket v1.4.0
 	github.com/hpcloud/tail v1.0.0
 	github.com/labstack/echo/v4 v4.11.4
 	github.com/mostlygeek/arp v0.0.0-20170424181311-541a2129847a

go.sum

@@ -59,8 +59,6 @@ github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26 h1:Xim43kblpZXfIBQsbu
 github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo=
 github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=
 github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/gorilla/websocket v1.4.0 h1:WDFjx/TMzVgy9VdMMQi2K2Emtwi2QcUQsztZ/zLaH/Q=
-github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=