Addressed staticcheck code smells and issues

oxisto · oxisto · commit 92ecd1e73557 · 2021-08-01T13:23:13.000+02:00
diff --git a/claims.go b/claims.go
@@ -6,13 +6,13 @@ import (
 	"time"
 )
 
-// For a type to be a Claims object, it must just have a Valid method that determines
+// Claims must just have a Valid method that determines
 // if the token is invalid for any supported reason
 type Claims interface {
 	Valid() error
 }
 
-// Structured version of Claims Section, as referenced at
+// StandardClaims are a structured version of the Claims Section, as referenced at
 // https://tools.ietf.org/html/rfc7519#section-4.1
 // See examples for how to use this with your own claim types
 type StandardClaims struct {
@@ -25,8 +25,7 @@ type StandardClaims struct {
 	Subject   string `json:"sub,omitempty"`
 }
 
-// Validates time based claims "exp, iat, nbf".
-// There is no accounting for clock skew.
+// Valid validates time based claims "exp, iat, nbf". There is no accounting for clock skew.
 // As well, if any of the above claims are not in the token, it will still
 // be considered a valid claim.
 func (c StandardClaims) Valid() error {
@@ -58,31 +57,31 @@ func (c StandardClaims) Valid() error {
 	return vErr
 }
 
-// Compares the aud claim against cmp.
+// VerifyAudience compares the aud claim against cmp.
 // If required is false, this method will return true if the value matches or is unset
 func (c *StandardClaims) VerifyAudience(cmp string, req bool) bool {
 	return verifyAud([]string{c.Audience}, cmp, req)
 }
 
-// Compares the exp claim against cmp.
+// VerifyExpiresAt compares the exp claim against cmp.
 // If required is false, this method will return true if the value matches or is unset
 func (c *StandardClaims) VerifyExpiresAt(cmp int64, req bool) bool {
 	return verifyExp(c.ExpiresAt, cmp, req)
 }
 
-// Compares the iat claim against cmp.
+// VerifyIssuedAt compares the iat claim against cmp.
 // If required is false, this method will return true if the value matches or is unset
 func (c *StandardClaims) VerifyIssuedAt(cmp int64, req bool) bool {
 	return verifyIat(c.IssuedAt, cmp, req)
 }
 
-// Compares the iss claim against cmp.
+// VerifyIssuer compares the iss claim against cmp.
 // If required is false, this method will return true if the value matches or is unset
 func (c *StandardClaims) VerifyIssuer(cmp string, req bool) bool {
 	return verifyIss(c.Issuer, cmp, req)
 }
 
-// Compares the nbf claim against cmp.
+// VerifyNotBefore compares the nbf claim against cmp.
 // If required is false, this method will return true if the value matches or is unset
 func (c *StandardClaims) VerifyNotBefore(cmp int64, req bool) bool {
 	return verifyNbf(c.NotBefore, cmp, req)
diff --git a/ecdsa.go b/ecdsa.go
@@ -13,7 +13,7 @@ var (
 	ErrECDSAVerification = errors.New("crypto/ecdsa: verification error")
 )
 
-// Implements the ECDSA family of signing methods signing methods
+// SigningMethodECDSA implements the ECDSA family of signing methods.
 // Expects *ecdsa.PrivateKey for signing and *ecdsa.PublicKey for verification
 type SigningMethodECDSA struct {
 	Name      string
@@ -53,7 +53,7 @@ func (m *SigningMethodECDSA) Alg() string {
 	return m.Name
 }
 
-// Implements the Verify method from SigningMethod
+// Verify implements token verification for the SigningMethod.
 // For this verify method, key must be an ecdsa.PublicKey struct
 func (m *SigningMethodECDSA) Verify(signingString, signature string, key interface{}) error {
 	var err error
@@ -95,7 +95,7 @@ func (m *SigningMethodECDSA) Verify(signingString, signature string, key interfa
 	return ErrECDSAVerification
 }
 
-// Implements the Sign method from SigningMethod
+// Sign implements token signing for the SigningMethod.
 // For this signing method, key must be an ecdsa.PrivateKey struct
 func (m *SigningMethodECDSA) Sign(signingString string, key interface{}) (string, error) {
 	// Get the key
diff --git a/ecdsa_utils.go b/ecdsa_utils.go
@@ -8,11 +8,11 @@ import (
 )
 
 var (
-	ErrNotECPublicKey  = errors.New("Key is not a valid ECDSA public key")
-	ErrNotECPrivateKey = errors.New("Key is not a valid ECDSA private key")
+	ErrNotECPublicKey  = errors.New("key is not a valid ECDSA public key")
+	ErrNotECPrivateKey = errors.New("key is not a valid ECDSA private key")
 )
 
-// Parse PEM encoded Elliptic Curve Private Key Structure
+// ParseECPrivateKeyFromPEM parses a PEM encoded Elliptic Curve Private Key Structure
 func ParseECPrivateKeyFromPEM(key []byte) (*ecdsa.PrivateKey, error) {
 	var err error
 
@@ -39,7 +39,7 @@ func ParseECPrivateKeyFromPEM(key []byte) (*ecdsa.PrivateKey, error) {
 	return pkey, nil
 }
 
-// Parse PEM encoded PKCS1 or PKCS8 public key
+// ParseECPublicKeyFromPEM parses a PEM encoded PKCS1 or PKCS8 public key
 func ParseECPublicKeyFromPEM(key []byte) (*ecdsa.PublicKey, error) {
 	var err error
 
diff --git a/ed25519.go b/ed25519.go
@@ -10,7 +10,7 @@ var (
 	ErrEd25519Verification = errors.New("ed25519: verification error")
 )
 
-// Implements the EdDSA family
+// SigningMethodEd25519 implements the EdDSA family.
 // Expects ed25519.PrivateKey for signing and ed25519.PublicKey for verification
 type SigningMethodEd25519 struct{}
 
@@ -30,7 +30,7 @@ func (m *SigningMethodEd25519) Alg() string {
 	return "EdDSA"
 }
 
-// Implements the Verify method from SigningMethod
+// Verify implements token verification for the SigningMethod.
 // For this verify method, key must be an ed25519.PublicKey
 func (m *SigningMethodEd25519) Verify(signingString, signature string, key interface{}) error {
 	var err error
@@ -59,7 +59,7 @@ func (m *SigningMethodEd25519) Verify(signingString, signature string, key inter
 	return nil
 }
 
-// Implements the Sign method from SigningMethod
+// Sign implements token signing for the SigningMethod.
 // For this signing method, key must be an ed25519.PrivateKey
 func (m *SigningMethodEd25519) Sign(signingString string, key interface{}) (string, error) {
 	var ed25519Key ed25519.PrivateKey
diff --git a/ed25519_utils.go b/ed25519_utils.go
@@ -9,11 +9,11 @@ import (
 )
 
 var (
-	ErrNotEdPrivateKey = errors.New("Key is not a valid Ed25519 private key")
-	ErrNotEdPublicKey  = errors.New("Key is not a valid Ed25519 public key")
+	ErrNotEdPrivateKey = errors.New("key is not a valid Ed25519 private key")
+	ErrNotEdPublicKey  = errors.New("key is not a valid Ed25519 public key")
 )
 
-// Parse PEM-encoded Edwards curve private key
+// ParseEdPrivateKeyFromPEM parses a PEM-encoded Edwards curve private key
 func ParseEdPrivateKeyFromPEM(key []byte) (crypto.PrivateKey, error) {
 	var err error
 
@@ -38,7 +38,7 @@ func ParseEdPrivateKeyFromPEM(key []byte) (crypto.PrivateKey, error) {
 	return pkey, nil
 }
 
-// Parse PEM-encoded Edwards curve public key
+// ParseEdPublicKeyFromPEM parses a PEM-encoded Edwards curve public key
 func ParseEdPublicKeyFromPEM(key []byte) (crypto.PublicKey, error) {
 	var err error
 
diff --git a/errors.go b/errors.go
@@ -27,22 +27,22 @@ const (
 	ValidationErrorClaimsInvalid // Generic claims validation error
 )
 
-// Helper for constructing a ValidationError with a string error message
+// NewValidationError is a helper for constructing a ValidationError with a string error message
 func NewValidationError(errorText string, errorFlags uint32) *ValidationError {
 	return &ValidationError{
 		text:   errorText,
 		Errors: errorFlags,
 	}
 }
 
-// The error from Parse if token is not valid
+// ValidationError represents an error from Parse if token is not valid
 type ValidationError struct {
 	Inner  error  // stores the error returned by external dependencies, i.e.: KeyFunc
 	Errors uint32 // bitfield.  see ValidationError... constants
 	text   string // errors that do not have a valid error just have text
 }
 
-// Validation error is an error type
+// Error is the implementation of the err interface.
 func (e ValidationError) Error() string {
 	if e.Inner != nil {
 		return e.Inner.Error()
diff --git a/hmac.go b/hmac.go
@@ -6,7 +6,7 @@ import (
 	"errors"
 )
 
-// Implements the HMAC-SHA family of signing methods signing methods
+// SigningMethodHMAC implements the HMAC-SHA family of signing methods.
 // Expects key type of []byte for both signing and validation
 type SigningMethodHMAC struct {
 	Name string
@@ -45,7 +45,7 @@ func (m *SigningMethodHMAC) Alg() string {
 	return m.Name
 }
 
-// Verify the signature of HSXXX tokens.  Returns nil if the signature is valid.
+// Verify implements token verification for the SigningMethod. Returns nil if the signature is valid.
 func (m *SigningMethodHMAC) Verify(signingString, signature string, key interface{}) error {
 	// Verify the key is the right type
 	keyBytes, ok := key.([]byte)
@@ -77,7 +77,7 @@ func (m *SigningMethodHMAC) Verify(signingString, signature string, key interfac
 	return nil
 }
 
-// Implements the Sign method from SigningMethod for this signing method.
+// Sign implements token signing for the SigningMethod.
 // Key must be []byte
 func (m *SigningMethodHMAC) Sign(signingString string, key interface{}) (string, error) {
 	if keyBytes, ok := key.([]byte); ok {
diff --git a/http_example_test.go b/http_example_test.go
@@ -30,11 +30,6 @@ var (
 	verifyKey  *rsa.PublicKey
 	signKey    *rsa.PrivateKey
 	serverPort int
-	// storing sample username/password pairs
-	// don't do this on a real server
-	users = map[string]string{
-		"test": "known",
-	}
 )
 
 // read the key files before starting http handlers
@@ -65,8 +60,6 @@ func init() {
 	}()
 }
 
-var start func()
-
 func fatal(err error) {
 	if err != nil {
 		log.Fatal(err)
@@ -214,5 +207,4 @@ func restrictedHandler(w http.ResponseWriter, r *http.Request) {
 
 	// Token is valid
 	fmt.Fprintln(w, "Welcome,", token.Claims.(*CustomClaimsExample).Name)
-	return
 }
diff --git a/map_claims.go b/map_claims.go
@@ -6,7 +6,7 @@ import (
 	// "fmt"
 )
 
-// Claims type that uses the map[string]interface{} for JSON decoding
+// MapClaims is a claims type that uses the map[string]interface{} for JSON decoding.
 // This is the default claims type if you don't supply one
 type MapClaims map[string]interface{}
 
@@ -31,7 +31,7 @@ func (m MapClaims) VerifyAudience(cmp string, req bool) bool {
 	return verifyAud(aud, cmp, req)
 }
 
-// Compares the exp claim against cmp.
+// VerifyExpiresAt compares the exp claim against cmp.
 // If required is false, this method will return true if the value matches or is unset
 func (m MapClaims) VerifyExpiresAt(cmp int64, req bool) bool {
 	exp, ok := m["exp"]
@@ -48,7 +48,7 @@ func (m MapClaims) VerifyExpiresAt(cmp int64, req bool) bool {
 	return false
 }
 
-// Compares the iat claim against cmp.
+// VerifyIssuedAt compares the iat claim against cmp.
 // If required is false, this method will return true if the value matches or is unset
 func (m MapClaims) VerifyIssuedAt(cmp int64, req bool) bool {
 	iat, ok := m["iat"]
@@ -65,14 +65,14 @@ func (m MapClaims) VerifyIssuedAt(cmp int64, req bool) bool {
 	return false
 }
 
-// Compares the iss claim against cmp.
+// VerifyIssuer compares the iss claim against cmp.
 // If required is false, this method will return true if the value matches or is unset
 func (m MapClaims) VerifyIssuer(cmp string, req bool) bool {
 	iss, _ := m["iss"].(string)
 	return verifyIss(iss, cmp, req)
 }
 
-// Compares the nbf claim against cmp.
+// VerifyNotBefore compares the nbf claim against cmp.
 // If required is false, this method will return true if the value matches or is unset
 func (m MapClaims) VerifyNotBefore(cmp int64, req bool) bool {
 	nbf, ok := m["nbf"]
@@ -89,7 +89,7 @@ func (m MapClaims) VerifyNotBefore(cmp int64, req bool) bool {
 	return false
 }
 
-// Validates time based claims "exp, iat, nbf".
+// Valid calidates time based claims "exp, iat, nbf".
 // There is no accounting for clock skew.
 // As well, if any of the above claims are not in the token, it will still
 // be considered a valid claim.
diff --git a/none.go b/none.go
@@ -1,6 +1,6 @@
 package jwt
 
-// Implements the none signing method.  This is required by the spec
+// SigningMethodNone implements the none signing method.  This is required by the spec
 // but you probably should never use it.
 var SigningMethodNone *signingMethodNone
 
diff --git a/parser.go b/parser.go
@@ -13,7 +13,7 @@ type Parser struct {
 	SkipClaimsValidation bool     // Skip claims validation during token parsing
 }
 
-// Parse, validate, and return a token.
+// Parse parses, validates, and returns a token.
 // keyFunc will receive the parsed token and should return the key for validating.
 // If everything is kosher, err will be nil
 func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
@@ -87,12 +87,12 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
 	return token, vErr
 }
 
-// WARNING: Don't use this method unless you know what you're doing
+// ParseUnverified parses the token but doesn't validate the signature.
 //
-// This method parses the token but doesn't validate the signature. It's only
-// ever useful in cases where you know the signature is valid (because it has
-// been checked previously in the stack) and you want to extract values from
-// it.
+// WARNING: Don't use this method unless you know what you're doing.
+//
+// It's only ever useful in cases where you know the signature is valid (because it has
+// been checked previously in the stack) and you want to extract values from it.
 func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Token, parts []string, err error) {
 	parts = strings.Split(tokenString, ".")
 	if len(parts) != 3 {
diff --git a/parser_test.go b/parser_test.go
@@ -12,13 +12,13 @@ import (
 	"github.com/golang-jwt/jwt/v4/test"
 )
 
-var keyFuncError error = fmt.Errorf("error loading key")
+var errKeyFuncError error = fmt.Errorf("error loading key")
 
 var (
 	jwtTestDefaultKey *rsa.PublicKey
 	defaultKeyFunc    jwt.Keyfunc = func(t *jwt.Token) (interface{}, error) { return jwtTestDefaultKey, nil }
 	emptyKeyFunc      jwt.Keyfunc = func(t *jwt.Token) (interface{}, error) { return nil, nil }
-	errorKeyFunc      jwt.Keyfunc = func(t *jwt.Token) (interface{}, error) { return nil, keyFuncError }
+	errorKeyFunc      jwt.Keyfunc = func(t *jwt.Token) (interface{}, error) { return nil, errKeyFuncError }
 	nilKeyFunc        jwt.Keyfunc = nil
 )
 
@@ -236,8 +236,8 @@ func TestParser_Parse(t *testing.T) {
 					t.Errorf("[%v] Errors don't match expectation.  %v != %v", data.name, e, data.errors)
 				}
 
-				if err.Error() == keyFuncError.Error() && ve.Inner != keyFuncError {
-					t.Errorf("[%v] Inner error does not match expectation.  %v != %v", data.name, ve.Inner, keyFuncError)
+				if err.Error() == errKeyFuncError.Error() && ve.Inner != errKeyFuncError {
+					t.Errorf("[%v] Inner error does not match expectation.  %v != %v", data.name, ve.Inner, errKeyFuncError)
 				}
 			}
 		}
diff --git a/rsa.go b/rsa.go
@@ -6,7 +6,7 @@ import (
 	"crypto/rsa"
 )
 
-// Implements the RSA family of signing methods signing methods
+// SigningMethodRSA implements the RSA family of signing methods.
 // Expects *rsa.PrivateKey for signing and *rsa.PublicKey for validation
 type SigningMethodRSA struct {
 	Name string
@@ -44,7 +44,7 @@ func (m *SigningMethodRSA) Alg() string {
 	return m.Name
 }
 
-// Implements the Verify method from SigningMethod
+// Verify implements token verification for the SigningMethod
 // For this signing method, must be an *rsa.PublicKey structure.
 func (m *SigningMethodRSA) Verify(signingString, signature string, key interface{}) error {
 	var err error
@@ -73,7 +73,7 @@ func (m *SigningMethodRSA) Verify(signingString, signature string, key interface
 	return rsa.VerifyPKCS1v15(rsaKey, m.Hash, hasher.Sum(nil), sig)
 }
 
-// Implements the Sign method from SigningMethod
+// Sign implements token signing for the SigningMethod
 // For this signing method, must be an *rsa.PrivateKey structure.
 func (m *SigningMethodRSA) Sign(signingString string, key interface{}) (string, error) {
 	var rsaKey *rsa.PrivateKey
diff --git a/rsa_pss.go b/rsa_pss.go
diff --git a/rsa_utils.go b/rsa_utils.go
diff --git a/signing_method.go b/signing_method.go
diff --git a/token.go b/token.go

Original file line number	Diff line number	Diff line change
`@@ -8,11 +8,11 @@ import (`
`8`	`8`	`)`
`9`	`9`
`10`	`10`	`var (`
`11`		`- ErrNotECPublicKey = errors.New("Key is not a valid ECDSA public key")`
`12`		`- ErrNotECPrivateKey = errors.New("Key is not a valid ECDSA private key")`
	`11`	`+ ErrNotECPublicKey = errors.New("key is not a valid ECDSA public key")`
	`12`	`+ ErrNotECPrivateKey = errors.New("key is not a valid ECDSA private key")`
`13`	`13`	`)`
`14`	`14`
`15`		`-// Parse PEM encoded Elliptic Curve Private Key Structure`
	`15`	`+// ParseECPrivateKeyFromPEM parses a PEM encoded Elliptic Curve Private Key Structure`
`16`	`16`	`func ParseECPrivateKeyFromPEM(key []byte) (*ecdsa.PrivateKey, error) {`
`17`	`17`	`var err error`
`18`	`18`
`@@ -39,7 +39,7 @@ func ParseECPrivateKeyFromPEM(key []byte) (*ecdsa.PrivateKey, error) {`
`39`	`39`	`return pkey, nil`
`40`	`40`	`}`
`41`	`41`
`42`		`-// Parse PEM encoded PKCS1 or PKCS8 public key`
	`42`	`+// ParseECPublicKeyFromPEM parses a PEM encoded PKCS1 or PKCS8 public key`
`43`	`43`	`func ParseECPublicKeyFromPEM(key []byte) (*ecdsa.PublicKey, error) {`
`44`	`44`	`var err error`
`45`	`45`
Original file line number	Diff line number	Diff line change
`@@ -9,11 +9,11 @@ import (`
`9`	`9`	`)`
`10`	`10`
`11`	`11`	`var (`
`12`		`- ErrNotEdPrivateKey = errors.New("Key is not a valid Ed25519 private key")`
`13`		`- ErrNotEdPublicKey = errors.New("Key is not a valid Ed25519 public key")`
	`12`	`+ ErrNotEdPrivateKey = errors.New("key is not a valid Ed25519 private key")`
	`13`	`+ ErrNotEdPublicKey = errors.New("key is not a valid Ed25519 public key")`
`14`	`14`	`)`
`15`	`15`
`16`		`-// Parse PEM-encoded Edwards curve private key`
	`16`	`+// ParseEdPrivateKeyFromPEM parses a PEM-encoded Edwards curve private key`
`17`	`17`	`func ParseEdPrivateKeyFromPEM(key []byte) (crypto.PrivateKey, error) {`
`18`	`18`	`var err error`
`19`	`19`
`@@ -38,7 +38,7 @@ func ParseEdPrivateKeyFromPEM(key []byte) (crypto.PrivateKey, error) {`
`38`	`38`	`return pkey, nil`
`39`	`39`	`}`
`40`	`40`
`41`		`-// Parse PEM-encoded Edwards curve public key`
	`41`	`+// ParseEdPublicKeyFromPEM parses a PEM-encoded Edwards curve public key`
`42`	`42`	`func ParseEdPublicKeyFromPEM(key []byte) (crypto.PublicKey, error) {`
`43`	`43`	`var err error`
`44`	`44`
Original file line number	Diff line number	Diff line change
`@@ -27,22 +27,22 @@ const (`
`27`	`27`	`ValidationErrorClaimsInvalid // Generic claims validation error`
`28`	`28`	`)`
`29`	`29`
`30`		`-// Helper for constructing a ValidationError with a string error message`
	`30`	`+// NewValidationError is a helper for constructing a ValidationError with a string error message`
`31`	`31`	`func NewValidationError(errorText string, errorFlags uint32) *ValidationError {`
`32`	`32`	`return &ValidationError{`
`33`	`33`	`text: errorText,`
`34`	`34`	`Errors: errorFlags,`
`35`	`35`	`}`
`36`	`36`	`}`
`37`	`37`
`38`		`-// The error from Parse if token is not valid`
	`38`	`+// ValidationError represents an error from Parse if token is not valid`
`39`	`39`	`type ValidationError struct {`
`40`	`40`	`Inner error // stores the error returned by external dependencies, i.e.: KeyFunc`
`41`	`41`	`Errors uint32 // bitfield. see ValidationError... constants`
`42`	`42`	`text string // errors that do not have a valid error just have text`
`43`	`43`	`}`
`44`	`44`
`45`		`-// Validation error is an error type`
	`45`	`+// Error is the implementation of the err interface.`
`46`	`46`	`func (e ValidationError) Error() string {`
`47`	`47`	`if e.Inner != nil {`
`48`	`48`	`return e.Inner.Error()`