Tools: golangci lint (#3434)

* Tools: upgrade golangci-lint + fixes

auth/api/auth/v1/api.go

@@ -271,7 +271,7 @@ func (w Wrapper) CreateJwtGrant(ctx context.Context, request CreateJwtGrantReque
 
 	response, err := w.Auth.RelyingParty().CreateJwtGrant(ctx, req)
 	if err != nil {
-		return nil, core.InvalidInputError(err.Error())
+		return nil, core.InvalidInputError("%w", err)
 	}
 
 	return CreateJwtGrant200JSONResponse{BearerToken: response.BearerToken, AuthorizationServerEndpoint: response.AuthorizationServerEndpoint}, nil
@@ -289,7 +289,7 @@ func (w Wrapper) RequestAccessToken(ctx context.Context, request RequestAccessTo
 
 	jwtGrant, err := w.Auth.RelyingParty().CreateJwtGrant(ctx, req)
 	if err != nil {
-		return nil, core.InvalidInputError(err.Error())
+		return nil, core.InvalidInputError("%w", err)
 	}
 
 	authServerEndpoint, err := url.Parse(jwtGrant.AuthorizationServerEndpoint)
@@ -299,7 +299,7 @@ func (w Wrapper) RequestAccessToken(ctx context.Context, request RequestAccessTo
 
 	accessTokenResult, err := w.Auth.RelyingParty().RequestRFC003AccessToken(ctx, jwtGrant.BearerToken, *authServerEndpoint)
 	if err != nil {
-		return nil, core.Error(http.StatusServiceUnavailable, err.Error())
+		return nil, core.Error(http.StatusServiceUnavailable, "%w", err)
 	}
 	return RequestAccessToken200JSONResponse(*accessTokenResult), nil
 }
@@ -401,7 +401,7 @@ func (w Wrapper) IntrospectAccessToken(ctx context.Context, request IntrospectAc
 		introspectionResponse.AssuranceLevel = &level
 	}
 
-	if claims.Credentials != nil && len(claims.Credentials) > 0 {
+	if len(claims.Credentials) > 0 {
 		introspectionResponse.Vcs = &claims.Credentials
 
 		var resolvedVCs []VerifiableCredential

auth/api/iam/dpop.go

@@ -49,7 +49,7 @@ func (r Wrapper) CreateDPoPProof(ctx context.Context, request CreateDPoPProofReq
 	// create new DPoP header
 	httpRequest, err := http.NewRequest(request.Body.Htm, request.Body.Htu, nil)
 	if err != nil {
-		return nil, core.InvalidInputError(err.Error())
+		return nil, core.InvalidInputError("%w", err)
 	}
 	token := dpop.New(*httpRequest)
 	token.GenerateProof(request.Body.Token)
@@ -58,7 +58,7 @@ func (r Wrapper) CreateDPoPProof(ctx context.Context, request CreateDPoPProofReq
 	// unescape manually here
 	kid, err := url.PathUnescape(request.Kid)
 	if err != nil {
-		return nil, core.InvalidInputError(err.Error())
+		return nil, core.InvalidInputError("%w", err)
 	}
 
 	dpop, err := r.jwtSigner.SignDPoP(ctx, *token, kid)

auth/api/iam/jar.go

@@ -196,7 +196,7 @@ func compareThumbprint(configurationKey jwk.Key, publicKey crypto.PublicKey) err
 	if err != nil {
 		return err
 	}
-	if bytes.Compare(thumbprintLeft, thumbprintRight) != 0 {
+	if !bytes.Equal(thumbprintLeft, thumbprintRight) {
 		return errors.New("key thumbprints do not match")
 	}
 	return nil

auth/client/iam/openid4vp.go

@@ -364,16 +364,6 @@ func (c *OpenID4VPClient) VerifiableCredentials(ctx context.Context, credentialE
 	return rsp, nil
 }
 
-func (c *OpenID4VPClient) walletWithExtraCredentials(ctx context.Context, subject did.DID, credentials []vc.VerifiableCredential) (holder.Wallet, error) {
-	walletCredentials, err := c.wallet.List(ctx, subject)
-	if err != nil {
-		return nil, err
-	}
-	return holder.NewMemoryWallet(c.ldDocumentLoader, c.keyResolver, c.jwtSigner, map[did.DID][]vc.VerifiableCredential{
-		subject: append(walletCredentials, credentials...),
-	}), nil
-}
-
 func (c *OpenID4VPClient) dpop(ctx context.Context, requester did.DID, request http.Request) (string, string, error) {
 	// find the key to sign the DPoP token with
 	keyID, _, err := c.keyResolver.ResolveKey(requester, nil, resolver.AssertionMethod)

crypto/storage/vault/vault.go

@@ -34,7 +34,6 @@ import (
 
 const privateKeyPathName = "nuts-private-keys"
 const defaultPathPrefix = "kv"
-const keyName = "key"
 
 // StorageType is the name of this storage type, used in health check reports and configuration.
 const StorageType = "vaultkv"

discovery/client_test.go

@@ -370,8 +370,7 @@ func Test_defaultClientRegistrationManager_refresh(t *testing.T) {
 		assert.EqualError(t, err, errStr)
 
 		// check for presentationRefreshError
-		refreshError, err := store.getPresentationRefreshError(testServiceID, bobSubject)
-		require.NoError(t, err)
+		refreshError := getPresentationRefreshError(t, store.db, testServiceID, bobSubject)
 		assert.Contains(t, refreshError.Error, errStr)
 	})
 	t.Run("deactivate unknown subject", func(t *testing.T) {
@@ -431,8 +430,7 @@ func Test_defaultClientRegistrationManager_refresh(t *testing.T) {
 		require.NoError(t, err)
 
 		// check for presentationRefreshError
-		refreshError, err := store.getPresentationRefreshError(testServiceID, aliceSubject)
-		require.NoError(t, err)
+		refreshError := getPresentationRefreshError(t, store.db, testServiceID, aliceSubject)
 		assert.Nil(t, refreshError)
 	})
 }

discovery/store.go

@@ -384,17 +384,6 @@ func (s *sqlStore) getSubjectsToBeRefreshed(now time.Time) ([]refreshCandidate,
 	return result, nil
 }
 
-func (s *sqlStore) getPresentationRefreshError(serviceID string, subjectID string) (*presentationRefreshError, error) {
-	var row presentationRefreshError
-	if err := s.db.Find(&row, "service_id = ? AND subject_id = ?", serviceID, subjectID).Error; err != nil {
-		return nil, err
-	}
-	if row.LastOccurrence == 0 {
-		return nil, nil
-	}
-	return &row, nil
-}
-
 func (s *sqlStore) setPresentationRefreshError(serviceID string, subjectID string, refreshErr error) error {
 	return s.db.Transaction(func(tx *gorm.DB) error {
 		if err := tx.Delete(&presentationRefreshError{}, "service_id = ? AND subject_id = ?", serviceID, subjectID).Error; err != nil {

discovery/store_test.go

@@ -305,9 +305,8 @@ func Test_sqlStore_setPresentationRefreshError(t *testing.T) {
 		require.NoError(t, c.setPresentationRefreshError(testServiceID, aliceSubject, assert.AnError))
 
 		// Check if the error is stored
-		refreshError, err := c.getPresentationRefreshError(testServiceID, aliceSubject)
+		refreshError := getPresentationRefreshError(t, c.db, testServiceID, aliceSubject)
 
-		require.NoError(t, err)
 		assert.Equal(t, refreshError.Error, assert.AnError.Error())
 		assert.True(t, refreshError.LastOccurrence > int(time.Now().Add(-1*time.Second).Unix()))
 	})
@@ -317,9 +316,8 @@ func Test_sqlStore_setPresentationRefreshError(t *testing.T) {
 		require.NoError(t, c.setPresentationRefreshError(testServiceID, aliceSubject, assert.AnError))
 		require.NoError(t, c.setPresentationRefreshError(testServiceID, aliceSubject, nil))
 
-		refreshError, err := c.getPresentationRefreshError(testServiceID, aliceSubject)
+		refreshError := getPresentationRefreshError(t, c.db, testServiceID, aliceSubject)
 
-		require.NoError(t, err)
 		assert.Nil(t, refreshError)
 	})
 }
@@ -370,3 +368,13 @@ func resetStore(t *testing.T, db *gorm.DB) {
 		require.NoError(t, db.Exec("DELETE FROM "+tableName).Error)
 	}
 }
+
+func getPresentationRefreshError(t *testing.T, db *gorm.DB, serviceID string, subjectID string) *presentationRefreshError {
+	var row presentationRefreshError
+	err := db.Find(&row, "service_id = ? AND subject_id = ?", serviceID, subjectID).Error
+	require.NoError(t, err)
+	if row.LastOccurrence == 0 {
+		return nil
+	}
+	return &row
+}

http/user/session.go

@@ -36,7 +36,7 @@ import (
 	"time"
 )
 
-var userSessionContextKey = struct{}{}
+type userSessionContextKey = struct{}
 
 // userSessionCookieName is the name of the cookie used to store the user session.
 // It uses the __Secure prefix, that instructs the user agent to treat it as a secure cookie:
@@ -94,7 +94,7 @@ func (u SessionMiddleware) Handle(next echo.HandlerFunc) echo.HandlerFunc {
 			return u.Store.Put(sessionID, sessionData)
 		}
 		// Session data is put in request context for access by API handlers
-		echoCtx.SetRequest(echoCtx.Request().WithContext(context.WithValue(echoCtx.Request().Context(), userSessionContextKey, sessionData)))
+		echoCtx.SetRequest(echoCtx.Request().WithContext(context.WithValue(echoCtx.Request().Context(), userSessionContextKey{}, sessionData)))
 
 		return next(echoCtx)
 	}
@@ -166,7 +166,7 @@ func (u SessionMiddleware) createUserSessionCookie(sessionID string, path string
 // GetSession retrieves the user session from the request context.
 // If the user session is not found, an error is returned.
 func GetSession(ctx context.Context) (*Session, error) {
-	result, ok := ctx.Value(userSessionContextKey).(*Session)
+	result, ok := ctx.Value(userSessionContextKey{}).(*Session)
 	if !ok {
 		return nil, errors.New("no user session found")
 	}

http/user/test.go

@@ -28,5 +28,5 @@ func CreateTestSession(ctx context.Context, subjectID string) (context.Context,
 	session.Save = func() error {
 		return nil
 	}
-	return context.WithValue(ctx, userSessionContextKey, session), session
+	return context.WithValue(ctx, userSessionContextKey{}, session), session
 }

makefile

@@ -7,7 +7,7 @@ install-tools:
 	go install google.golang.org/protobuf/cmd/[email protected]
 	go install go.uber.org/mock/[email protected]
 	go install google.golang.org/grpc/cmd/[email protected]
-	go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.57.2
+	go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.61.0
 
 gen-mocks:
 	mockgen -destination=auth/mock.go -package=auth -source=auth/interface.go

network/dag/parser.go

@@ -97,7 +97,7 @@ func parsePayload(transaction *transaction, _ jws.Headers, message *jws.Message)
 func parseContentType(transaction *transaction, headers jws.Headers, _ *jws.Message) error {
 	contentType := headers.ContentType()
 	if !ValidatePayloadType(contentType) {
-		return transactionValidationError(errInvalidPayloadType.Error())
+		return transactionValidationError("%w", errInvalidPayloadType)
 	}
 	transaction.payloadType = contentType
 	return nil

policy/local.go

@@ -41,8 +41,7 @@ func New() *LocalPDP {
 // It loads a file with the mapping from oauth scope to PEX Policy.
 // It allows access when the requester can present a submission according to the Presentation Definition.
 type LocalPDP struct {
-	backend PDPBackend
-	config  Config
+	config Config
 	// mapping holds the oauth scope to PEX Policy mapping
 	mapping map[string]validatingWalletOwnerMapping
 }

vcr/api/vcr/v2/api.go

@@ -429,7 +429,7 @@ func (w *Wrapper) LoadVC(ctx context.Context, request LoadVCRequestObject) (Load
 	// validate credential
 	if err = w.VCR.Verifier().Verify(*request.Body, true, true, nil); err != nil {
 		if errors.Is(err, verifier.VerificationError{}) {
-			return nil, core.InvalidInputError(err.Error())
+			return nil, core.InvalidInputError("%w", err)
 		}
 		return nil, err
 	}

vdr/didsubject/manager.go

@@ -733,6 +733,9 @@ func (r *SqlManager) MigrateAddWebToNuts(ctx context.Context, id did.DID) error
 
 	// check if subject has a did:web
 	subjectDIDs, err := r.ListDIDs(ctx, subject)
+	if err != nil {
+		return err
+	}
 	for _, subjectDID := range subjectDIDs {
 		if subjectDID.Method == "web" {
 			// already has a did:web

vdr/vdr.go

@@ -160,7 +160,6 @@ func (r *Module) Configure(config core.ServerConfig) error {
 
 	r.networkAmbassador = didnuts.NewAmbassador(r.network, r.store, r.eventManager)
 	db := r.storageInstance.GetSQLDatabase()
-	methodManagers := make(map[string]didsubject.MethodManager)
 
 	r.didResolver.(*resolver.DIDResolverRouter).Register(didjwk.MethodName, didjwk.NewResolver())
 	r.didResolver.(*resolver.DIDResolverRouter).Register(didkey.MethodName, didkey.NewResolver())
@@ -175,7 +174,7 @@ func (r *Module) Configure(config core.ServerConfig) error {
 	}
 
 	// Methods we can produce from the Nuts node
-	methodManagers = map[string]didsubject.MethodManager{}
+	methodManagers := map[string]didsubject.MethodManager{}
 
 	// did:nuts
 	nutsManager := didnuts.NewManager(r.keyStore, r.network, r.store, r.didResolver, db)