all: fix full-tree golangci-lint findings

The new full-tree golangci-lint check reports issues the --new-from-rev
diff lint hid: nine wsl_v5 whitespace gaps, a prealloc, and an unparam
(setCSRFCookie never errored, so drop the return and update callers).
gocyclo on the central UpdateNodeFromMapRequest and an SA1019 NetMap
deprecation in an integration helper are suppressed with reasons.
This commit is contained in:
Kristoffer Dalby
2026-06-20 10:28:03 +00:00
parent 2632006f5f
commit 8f314797ce
13 changed files with 17 additions and 17 deletions
+1
View File
@@ -146,6 +146,7 @@ var listNodeRoutesCmd = &cobra.Command{
}
nodes := resp.JSON200.Nodes
if identifier != 0 {
idStr := strconv.FormatUint(identifier, util.Base10)
for _, node := range nodes {
+1
View File
@@ -28,6 +28,7 @@ func loadDERPMapFromPath(path string) (*tailcfg.DERPMap, error) {
}
var derpMap tailcfg.DERPMap
err = yaml.Unmarshal(b, &derpMap)
return &derpMap, err
+1
View File
@@ -80,6 +80,7 @@ func (d *DERPServer) GenerateRegion() (tailcfg.DERPRegion, error) {
host, portStr, err := net.SplitHostPort(serverURL.Host)
var port int
if err != nil {
host = serverURL.Host
if serverURL.Scheme == "https" {
+1
View File
@@ -309,6 +309,7 @@ func (mc *multiChannelNodeConn) send(data *tailcfg.MapResponse) error {
snapshot = append(snapshot, conn)
}
}
mc.mutex.RUnlock()
if len(snapshot) == 0 {
+4 -12
View File
@@ -156,18 +156,10 @@ func (a *AuthProviderOIDC) authHandler(
}
// Set the state and nonce cookies to protect against CSRF attacks
state, err := setCSRFCookie(writer, req, "state")
if err != nil {
httpUserError(writer, err)
return
}
state := setCSRFCookie(writer, req, "state")
// Set the state and nonce cookies to protect against CSRF attacks
nonce, err := setCSRFCookie(writer, req, "nonce")
if err != nil {
httpUserError(writer, err)
return
}
nonce := setCSRFCookie(writer, req, "nonce")
registrationInfo := AuthInfo{
AuthID: authID,
@@ -928,7 +920,7 @@ func getCookieName(baseName, value string) string {
return fmt.Sprintf("%s_%s", baseName, value[:n])
}
func setCSRFCookie(w http.ResponseWriter, r *http.Request, name string) (string, error) {
func setCSRFCookie(w http.ResponseWriter, r *http.Request, name string) string {
val := rands.HexString(64)
//nolint:gosec // G124: Secure set conditionally via r.TLS; HttpOnly + SameSite set below
@@ -948,5 +940,5 @@ func setCSRFCookie(w http.ResponseWriter, r *http.Request, name string) (string,
}
http.SetCookie(w, c)
return val, nil
return val
}
+1 -2
View File
@@ -186,8 +186,7 @@ func TestSetCSRFCookieSameSite(t *testing.T) {
w := httptest.NewRecorder()
r := httptest.NewRequestWithContext(t.Context(), http.MethodGet, "/auth/abcdef0123456789", nil)
_, err := setCSRFCookie(w, r, "state")
require.NoError(t, err)
setCSRFCookie(w, r, "state")
cookies := w.Result().Cookies()
require.Len(t, cookies, 1)
+1
View File
@@ -204,6 +204,7 @@ func (c *TestClient) startPollLoop() {
go func() {
defer close(c.pollDone)
_ = c.direct.PollNetMap(c.pollCtx, c)
}()
}
+2 -1
View File
@@ -2432,6 +2432,7 @@ func (s *State) HandleNodeFromPreAuthKey(
node.User = nil
node.Expiry = nil
}
node.AuthKey = pak
node.AuthKeyID = &pak.ID
// Do NOT reset IsOnline here. Online status is managed exclusively by
@@ -2793,7 +2794,7 @@ func isAutoDerivedGivenName(given, hostname string) bool {
// - node.PeerChangeFromMapRequest
// - node.ApplyPeerChange
// - logTracePeerChange in poll.go.
func (s *State) UpdateNodeFromMapRequest(id types.NodeID, req tailcfg.MapRequest) (change.Change, error) {
func (s *State) UpdateNodeFromMapRequest(id types.NodeID, req tailcfg.MapRequest) (change.Change, error) { //nolint:gocyclo // central map-request reconciliation; the sequential branch flow reads clearer as one function than split across helpers
log.Trace().
Caller().
Uint64(zf.NodeID, id.Uint64()).
+1
View File
@@ -237,6 +237,7 @@ func (rn *AuthRequest) FinishAuth(verdict AuthVerdict) {
}
rn.finished <- verdict
close(rn.finished)
}
+1 -1
View File
@@ -164,7 +164,7 @@ func GenerateIPv6DNSRootDomain(ipPrefix netip.Prefix) []dnsname.FQDN {
// but the inputs are not so long as to cause problems,
// and from what I can see, the generateMagicDNSRootDomains
// function is called only once over the lifetime of a server process.
prefixConstantParts := []string{}
prefixConstantParts := make([]string, 0, maskBits/nibbleLen)
for i := range maskBits / nibbleLen {
prefixConstantParts = append(prefixConstantParts, string(nibbleStr[i]))
}
+1
View File
@@ -231,6 +231,7 @@ func waitNetworkContainer(
}
found := false
for _, c := range net.Containers {
if (c.Name == testContainer || c.Name == "/"+testContainer) && match(c) {
found = true
+1
View File
@@ -1334,6 +1334,7 @@ func (t *HeadscaleInContainer) NodesByUser() (map[string][]*clientv1.Node, error
}
userMap := make(map[string][]*clientv1.Node)
for _, node := range nodes {
name := node.User.Name
userMap[name] = append(userMap[name], node)
+1 -1
View File
@@ -1111,7 +1111,7 @@ func (t *TailscaleInContainer) watchIPN(ctx context.Context) (*ipn.Notify, error
resultChan <- result{nil, fmt.Errorf("parse notify: %w", err)}
}
if notify.NetMap != nil {
if notify.NetMap != nil { //nolint:staticcheck // SA1019: NetMap is still populated on the platforms our integration containers run; migrating to InitialStatus/PeerChanges is a separate change
resultChan <- result{&notify, nil}
}
}