Merge pull request #82 from silinternational/develop

Release - log more error detail

Author: briskt

.github/CODEOWNERS

@@ -0,0 +1,4 @@
+* @silinternational/developers
+*.tf @silinternational/tf-devs
+*.go @silinternational/go-devs
+go.* @silinternational/go-devs

.github/workflows/test-deploy-publish.yml

@@ -27,9 +27,28 @@ jobs:
       - name: Test
         run: docker compose -f actions-services.yml run --rm test ./scripts/test.sh
 
+  lint:
+    name: Lint and Vulnerability Scan
+    runs-on: ubuntu-latest
+    timeout-minutes: ${{ fromJSON(vars.DEFAULT_JOB_TIMEOUT_MINUTES) }}
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/setup-go@v5
+      with:
+        go-version-file: 'go.mod'
+        check-latest: true
+    - name: golangci-lint
+      uses: golangci/golangci-lint-action@v6
+      with:
+        version: latest
+    - name: govulncheck
+      run: |
+        go install golang.org/x/vuln/cmd/govulncheck@latest
+        govulncheck ./...
+
   deploy:
     name: Deploy to AWS Lambda
-    needs: tests
+    needs: [ 'tests', 'lint' ]
     if: github.ref_name == 'main' || github.ref_name == 'develop'
     runs-on: ubuntu-latest
     concurrency: 
@@ -59,7 +78,7 @@ jobs:
 
   build-and-publish:
     name: Build and Publish
-    needs: tests
+    needs: [ 'tests', 'lint' ]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
@@ -84,7 +103,7 @@ jobs:
         with:
           images: |
             ${{ vars.IMAGE_NAME }}
-            ghcr.io/${{ github.repository_owner }}/${{ vars.IMAGE_NAME }}
+            ghcr.io/${{ github.repository }}
           tags: |
             type=ref,event=branch
             type=semver,pattern={{version}}

.golangci.yaml

@@ -0,0 +1,19 @@
+run:
+    timeout: 2m
+linters:
+    disable-all: true
+    enable:
+#    - errcheck
+#    - gosimple
+#    - govet
+#    - ineffassign
+#    - staticcheck
+#    - unused
+    - bodyclose
+    - gocheckcompilerdirectives
+    - godox
+#    - gofmt
+#    - goimports
+#    - gosec
+#    - whitespace
+#    - usestdlibvars

user.go

@@ -284,20 +284,13 @@ func (u *DynamoUser) FinishRegistration(r *http.Request) (string, error) {
 	br := fixEncoding(body)
 	parsedResponse, err := protocol.ParseCredentialCreationResponseBody(br)
 	if err != nil {
-		var protocolError *protocol.Error
-		if errors.As(err, &protocolError) {
-			log.Printf("unable to parse body: %s", body)
-			log.Printf("ProtocolError: %s, DevInfo: %s", protocolError.Details, protocolError.DevInfo)
-		}
+		logProtocolError("unable to parse body", err)
 		return "", fmt.Errorf("unable to parse credential creation response body: %w", err)
 	}
 
 	credential, err := u.WebAuthnClient.CreateCredential(u, u.SessionData, parsedResponse)
 	if err != nil {
-		var protocolError *protocol.Error
-		if errors.As(err, &protocolError) {
-			log.Printf("ProtocolError: %s, DevInfo: %s", protocolError.Details, protocolError.DevInfo)
-		}
+		logProtocolError("unable to create credential", err)
 		return "", fmt.Errorf("unable to create credential: %w", err)
 	}
 
@@ -349,7 +342,7 @@ func (u *DynamoUser) FinishLogin(r *http.Request) (*webauthn.Credential, error)
 	br := fixEncoding(body)
 	parsedResponse, err := protocol.ParseCredentialRequestResponseBody(br)
 	if err != nil {
-		log.Printf("failed to parse credential request response body: %s", err)
+		logProtocolError(fmt.Sprintf("failed to parse credential request response body: %s", body), err)
 		return &webauthn.Credential{}, fmt.Errorf("failed to parse credential request response body: %s", err)
 	}
 
@@ -378,7 +371,7 @@ func (u *DynamoUser) FinishLogin(r *http.Request) (*webauthn.Credential, error)
 
 	credential, err := u.WebAuthnClient.ValidateLogin(u, u.SessionData, parsedResponse)
 	if err != nil {
-		log.Printf("failed to validate login: %s", err)
+		logProtocolError("failed to validate login", err)
 		return &webauthn.Credential{}, fmt.Errorf("failed to validate login: %s", err)
 	}
 
@@ -488,3 +481,13 @@ func hashAndEncodeKeyHandle(id []byte) string {
 	hash := sha256.Sum256(id)
 	return base64.RawURLEncoding.EncodeToString(hash[:])
 }
+
+// logProtocolError logs a detailed message if the given error is an Error from go-webauthn/webauthn/protocol
+func logProtocolError(msg string, err error) {
+	var protocolError *protocol.Error
+	if errors.As(err, &protocolError) {
+		log.Printf("%s, ProtocolError: %s, DevInfo: %s", msg, protocolError.Details, protocolError.DevInfo)
+	} else {
+		log.Printf("%s, Error: %s", msg, err)
+	}
+}