cleanup and linter

Author: metachris

.github/workflows/checks.yml

@@ -61,7 +61,7 @@ jobs:
         run: go install honnef.co/go/tools/cmd/[email protected]
 
       - name: Install golangci-lint
-        run: go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.64.8
+        run: go install github.com/golangci/golangci-lint/cmd/golangci-lint@v2.1.2
 
       - name: Install NilAway
         run: go install go.uber.org/nilaway/cmd/[email protected]

.golangci.yaml

@@ -1,3 +1,4 @@
+version: "2"
 run:
   tests: false
 linters:
@@ -6,7 +7,6 @@ linters:
     - cyclop
     - forbidigo
     - funlen
-    - gci
     - gochecknoglobals
     - gochecknoinits
     - gocritic
@@ -43,7 +43,6 @@ linters:
     #
     # Disabled because deprecated:
     #
-    - tenv
 
 linters-settings:
   #
@@ -91,3 +90,18 @@ linters-settings:
       - 'MockBeaconClient'
       - 'RelayAPI'
       - 'Webserver'
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - gofumpt
+    - goimports
+  settings:
+    gofumpt:
+      extra-rules: true
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$

Makefile

@@ -4,6 +4,11 @@
 
 VERSION := $(shell git describe --tags --always --dirty="-dev")
 
+# Admin API auth for curl examples (set ADMIN_AUTH="admin:secret" or similar. can be empty when server is run with --disable-admin-auth)
+ADMIN_AUTH ?=
+CURL ?= curl -v
+CURL_AUTH := $(if $(ADMIN_AUTH),-u $(ADMIN_AUTH),)
+
 # A few colors
 RED:=\033[0;31m
 BLUE:=\033[0;34m
@@ -92,16 +97,16 @@ db-dump: ## Dump the database contents to file 'database.dump'
 .PHONY: dev-db-setup
 dev-db-setup: ## Create the basic database entries for testing and development
 	@printf "$(BLUE)Create the allow-all measurements $(NC)\n"
-	curl -v --request POST --url http://localhost:8081/api/admin/v1/measurements --data '{"measurement_id": "test1","attestation_type": "test","measurements": {}}'
+	$(CURL) $(CURL_AUTH) --request POST --url http://localhost:8081/api/admin/v1/measurements --data '{"measurement_id": "test1","attestation_type": "test","measurements": {}}'
 
 	@printf "$(BLUE)Enable the measurements $(NC)\n"
-	curl -v --request POST --url http://localhost:8081/api/admin/v1/measurements/activation/test1 --data '{"enabled": true}'
+	$(CURL) $(CURL_AUTH) --request POST --url http://localhost:8081/api/admin/v1/measurements/activation/test1 --data '{"enabled": true}'
 
 	@printf "$(BLUE)Create the builder $(NC)\n"
-	curl -v --request POST --url http://localhost:8081/api/admin/v1/builders --data '{"name": "test_builder","ip_address": "1.2.3.4", "network": "production"}'
+	$(CURL) $(CURL_AUTH) --request POST --url http://localhost:8081/api/admin/v1/builders --data '{"name": "test_builder","ip_address": "1.2.3.4", "network": "production"}'
 
 	@printf "$(BLUE)Create the builder configuration $(NC)\n"
-	curl -v --request POST --url http://localhost:8081/api/admin/v1/builders/configuration/test_builder --data '{"dns_name": "foobar-v1.a.b.c","rbuilder": {"extra_data": "FooBar"}}'
+	$(CURL) $(CURL_AUTH) --request POST --url http://localhost:8081/api/admin/v1/builders/configuration/test_builder --data '{"dns_name": "foobar-v1.a.b.c","rbuilder": {"extra_data": "FooBar"}}'
 
 	@printf "$(BLUE)Enable the builder $(NC)\n"
-	curl -v --request POST --url http://localhost:8081/api/admin/v1/builders/activation/test_builder --data '{"enabled": true}'
+	$(CURL) $(CURL_AUTH) --request POST --url http://localhost:8081/api/admin/v1/builders/activation/test_builder --data '{"enabled": true}'

adapters/database/service.go

@@ -25,9 +25,9 @@ func NewDatabaseService(dsn string) (*Service, error) {
 		return nil, err
 	}
 
-	db.DB.SetMaxOpenConns(50)
-	db.DB.SetMaxIdleConns(10)
-	db.DB.SetConnMaxIdleTime(0)
+	db.SetMaxOpenConns(50)
+	db.SetMaxIdleConns(10)
+	db.SetConnMaxIdleTime(0)
 
 	dbService := &Service{DB: db} //nolint:exhaustruct
 	return dbService, err
@@ -117,9 +117,9 @@ func (s *Service) RegisterCredentialsForBuilder(ctx context.Context, builderName
 	}
 
 	_, err = tx.Exec(`
-        INSERT INTO service_credential_registrations 
+        INSERT INTO service_credential_registrations
         (builder_name, service, tls_cert, ecdsa_pubkey, is_active, measurement_id)
-        VALUES ($1, $2, $3, $4, true, 
+        VALUES ($1, $2, $3, $4, true,
             (SELECT id FROM measurements_whitelist WHERE name = $5 AND attestation_type = $6)
         )
     `, builderName, service, nullableTLSCert, ecdsaPubKey, measurementName, attestationType)
@@ -150,26 +150,26 @@ func (s *Service) GetActiveConfigForBuilder(ctx context.Context, builderName str
 
 func (s *Service) GetActiveBuildersWithServiceCredentials(ctx context.Context, network string) ([]domain.BuilderWithServices, error) {
 	rows, err := s.DB.QueryContext(ctx, `
-        SELECT 
+        SELECT
             b.name,
             b.ip_address,
             b.dns_name,
             scr.service,
             scr.tls_cert,
             scr.ecdsa_pubkey
-        FROM 
+        FROM
             builders b
-        LEFT JOIN 
+        LEFT JOIN
             service_credential_registrations scr ON b.name = scr.builder_name
-        WHERE 
+        WHERE
             b.is_active = true AND (scr.is_active = true OR scr.is_active IS NULL) AND b.network = $1
-        ORDER BY 
+        ORDER BY
             b.name, scr.service
     `, network)
 	if err != nil {
 		return nil, err
 	}
-	defer rows.Close()
+	defer rows.Close() //nolint:errcheck
 
 	buildersMap := make(map[string]*BuilderWithCredentials)
 
@@ -227,9 +227,9 @@ func (s *Service) GetActiveBuildersWithServiceCredentials(ctx context.Context, n
 func (s *Service) LogEvent(ctx context.Context, eventName, builderName, name string) error {
 	// Insert new event log entry with a subquery to fetch the measurement_id
 	_, err := s.DB.ExecContext(ctx, `
-        INSERT INTO event_log 
+        INSERT INTO event_log
         (event_name, builder_name, measurement_id)
-        VALUES ($1, $2, 
+        VALUES ($1, $2,
             (SELECT id FROM measurements_whitelist WHERE name = $3)
         )
     `, eventName, builderName, name)

cmd/httpserver/main.go

@@ -171,7 +171,7 @@ func runCli(cCtx *cli.Context) error {
 		log.Error("failed to create database", "err", err)
 		return err
 	}
-	defer db.Close()
+	defer db.Close() //nolint:errcheck
 
 	var sm ports.AdminSecretService
 

docker/docker-compose.yaml

@@ -41,6 +41,7 @@ services:
       ADMIN_ADDR: "0.0.0.0:8081"
       INTERNAL_ADDR: "0.0.0.0:8082"
       METRICS_ADDR: "0.0.0.0:8090"
+      DISABLE_ADMIN_AUTH: "1" # local dev only; do not use in production
 
   proxy:
     image: flashbots/builder-hub-mock-proxy

httpserver/auth_middleware_test.go

@@ -28,13 +28,13 @@ func protectedHandler(t *testing.T, user, bcryptHash string) (http.Handler, *Ser
 }
 
 func protectedHandlerDisabled(t *testing.T, disabled bool) http.Handler {
-    t.Helper()
-    srv := &Server{cfg: &HTTPServerConfig{AdminAuthDisabled: disabled}, log: testLogger()}
-    next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-        w.WriteHeader(http.StatusOK)
-        _, _ = fmt.Fprint(w, "ok")
-    })
-    return srv.basicAuthMiddleware()(next)
+	t.Helper()
+	srv := &Server{cfg: &HTTPServerConfig{AdminAuthDisabled: disabled}, log: testLogger()}
+	next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+		_, _ = fmt.Fprint(w, "ok")
+	})
+	return srv.basicAuthMiddleware()(next)
 }
 
 func Test_AdminAuth_DeniesWithoutHash(t *testing.T) {
@@ -78,17 +78,17 @@ func Test_AdminAuth_AllowsCorrectCreds(t *testing.T) {
 }
 
 func Test_AdminAuth_Disabled_AllowsWithoutCreds(t *testing.T) {
-    h := protectedHandlerDisabled(t, true)
-    req := httptest.NewRequest(http.MethodGet, "/", nil)
-    rr := httptest.NewRecorder()
-    h.ServeHTTP(rr, req)
-    require.Equal(t, http.StatusOK, rr.Code)
-
-    // When not disabled, should be unauthorized without hash/creds
-    h2 := protectedHandlerDisabled(t, false)
-    rr2 := httptest.NewRecorder()
-    h2.ServeHTTP(rr2, req)
-    require.Equal(t, http.StatusUnauthorized, rr2.Code)
+	h := protectedHandlerDisabled(t, true)
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
+	rr := httptest.NewRecorder()
+	h.ServeHTTP(rr, req)
+	require.Equal(t, http.StatusOK, rr.Code)
+
+	// When not disabled, should be unauthorized without hash/creds
+	h2 := protectedHandlerDisabled(t, false)
+	rr2 := httptest.NewRecorder()
+	h2.ServeHTTP(rr2, req)
+	require.Equal(t, http.StatusUnauthorized, rr2.Code)
 }
 
 func Test_PasswordHash(t *testing.T) {