From ff7357f889e2225d799a3ce376b0f51945fc6e91 Mon Sep 17 00:00:00 2001 From: shankar0123 Date: Sat, 18 Apr 2026 21:38:46 +0000 Subject: [PATCH] fix(lint): godoc comment on NewAuthWithNamedKeys must lead with function name (ST1020) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CI failure on master (commit 3287e17) — staticcheck ST1020: internal/api/middleware/middleware.go:125:1: ST1020: comment on exported function NewAuthWithNamedKeys should be of the form "NewAuthWithNamedKeys ..." (staticcheck) When NewAuth was renamed to NewAuthWithNamedKeys during the M-002 auth unification, the leading godoc sentence was left pointing at the old name. Rewrite the comment so its first sentence starts with the new function name, and expand the body to describe the named-key + admin-flag contract introduced in 3287e17. Also gitignore /.gopath/ — session-scoped tool install cache, same category as /.gocache/ and /.gomodcache/. Verification: go vet ./internal/api/middleware/... — clean go build ./internal/api/middleware/... — clean go test ./internal/api/middleware/... — PASS (0.245s) staticcheck -checks=all, — clean across middleware, handler, service, domain, cmd/server, scheduler Closes: CI failure on 3287e17. --- .gitignore | 1 + internal/api/middleware/middleware.go | 13 +++++++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 3fed953..a3203af 100644 --- a/.gitignore +++ b/.gitignore @@ -76,3 +76,4 @@ mcp-server # Local Go build/module caches (session-scoped, never committed) /.gocache/ /.gomodcache/ +/.gopath/ diff --git a/internal/api/middleware/middleware.go b/internal/api/middleware/middleware.go index bf1f9b6..080f6be 100644 --- a/internal/api/middleware/middleware.go +++ b/internal/api/middleware/middleware.go @@ -122,10 +122,15 @@ type AuthConfig struct { Secret string // The raw API key or comma-separated list of valid API keys } -// NewAuth creates an authentication middleware based on config. -// When Type is "none", all requests pass through (demo/development mode). -// When Type is "api-key", requests must include a valid Bearer token. -// Named keys are supported via []NamedAPIKey input. +// NewAuthWithNamedKeys creates an authentication middleware that validates +// Bearer tokens against a set of named API keys. Each key carries a name +// (propagated as the actor via context) and an admin flag (consulted by +// authorization gates such as bulk revocation). +// +// When namedKeys is empty the returned middleware is a no-op pass-through, +// which is used in demo/development mode (CERTCTL_AUTH_TYPE=none). When one +// or more keys are provided, requests must include a matching Bearer token +// or they are rejected with 401. func NewAuthWithNamedKeys(namedKeys []NamedAPIKey) func(http.Handler) http.Handler { if len(namedKeys) == 0 { return func(next http.Handler) http.Handler {