chore: Enhance golangci-lint config with additional linters

Add new linters:
- bodyclose: HTTP response body closure
- durationcheck: Duration multiplication bugs
- errorlint: Error wrapping issues (with fixes)
- gosec: Security issues (with sensible exclusions)
- goconst: Repeated strings
- gocritic: Style improvements (with fixes)
- usestdlibvars: Use stdlib constants (with fixes)
- noctx: Context usage

Fixes applied:
- Use http.MethodPost/MethodGet instead of string literals
- Use errors.As/errors.Is for wrapped error handling
- Convert if-else chains to switch statements

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: cv

.golangci.yml

@@ -2,4 +2,46 @@ version: "2"
 
 linters:
   enable:
-    - testifylint
+    # Bug finders
+    - bodyclose          # HTTP response body closure
+    - durationcheck      # Duration multiplication bugs
+    - errorlint          # Error wrapping issues
+    - noctx              # Missing context.Context usage
+
+    # Security
+    - gosec              # Security issues
+
+    # Code quality
+    - goconst            # Repeated strings that could be constants
+    - gocritic           # Bugs, performance, style issues
+    - misspell           # Typos
+    - unconvert          # Unnecessary type conversions
+    - usestdlibvars      # Use stdlib constants
+
+    # Test quality
+    - testifylint        # Testify usage
+
+  settings:
+    goconst:
+      min-occurrences: 3
+    gosec:
+      excludes:
+        - G115  # Integer overflow - checked at runtime
+        - G304  # File path from variable - paths are from config
+        - G301  # Directory permissions 0755 - standard for non-sensitive
+        - G306  # File permissions 0644 - standard for non-sensitive
+        - G401  # MD5 - required by API protocol
+        - G404  # math/rand - ok for sensor data simulation
+        - G501  # MD5 import - required by API protocol
+
+  exclusions:
+    rules:
+      # Sensor data uses append to build new slices intentionally
+      - path: internal/sensordata/
+        linters:
+          - gocritic
+        text: appendAssign
+      # Test files can have repeated strings
+      - path: _test\.go
+        linters:
+          - goconst

internal/api/auth.go

@@ -200,7 +200,7 @@ func (c *Client) GetEncryptionKeys(ctx context.Context) error {
 		"Content-Type":  "application/json",
 	}
 
-	req, err := http.NewRequestWithContext(ctx, "POST", c.baseURL+EndpointCheckVersion, nil)
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, c.baseURL+EndpointCheckVersion, nil)
 	if err != nil {
 		return fmt.Errorf("failed to create request: %w", err)
 	}
@@ -256,7 +256,7 @@ func (c *Client) GetUsherEncryptionKey(ctx context.Context) (string, string, err
 		"sdkVersion": []string{UsherSDKVersion},
 	}
 
-	req, err := http.NewRequestWithContext(ctx, "GET", c.usherURL+EndpointEncryptionKey+"?"+params.Encode(), nil)
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, c.usherURL+EndpointEncryptionKey+"?"+params.Encode(), nil)
 	if err != nil {
 		return "", "", fmt.Errorf("failed to create request: %w", err)
 	}
@@ -319,7 +319,7 @@ func (c *Client) Login(ctx context.Context) error {
 		return fmt.Errorf("failed to marshal login data: %w", err)
 	}
 
-	req, err := http.NewRequestWithContext(ctx, "POST", c.usherURL+EndpointLogin, bytes.NewBuffer(jsonData))
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, c.usherURL+EndpointLogin, bytes.NewBuffer(jsonData))
 	if err != nil {
 		return fmt.Errorf("failed to create request: %w", err)
 	}

internal/api/client.go

@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -98,8 +99,9 @@ func genericRetry[T any](
 	response, err := executeFunc(ctx, method, uri, queryParams, bodyParams, needsKeys, needsAuth)
 	if err != nil {
 		// Handle retryable errors
-		switch err.(type) {
-		case *EncryptionError:
+		var encErr *EncryptionError
+		var tokenErr *TokenExpiredError
+		if errors.As(err, &encErr) {
 			// Retrieve new encryption keys and retry
 			if err := c.GetEncryptionKeys(ctx); err != nil {
 				return zero, fmt.Errorf("failed to retrieve encryption keys: %w", err)
@@ -110,7 +112,7 @@ func genericRetry[T any](
 				return zero, err
 			}
 			return genericRetry(ctx, c, method, uri, queryParams, bodyParams, needsKeys, needsAuth, retryCount+1, executeFunc)
-		case *TokenExpiredError:
+		} else if errors.As(err, &tokenErr) {
 			// Login again and retry
 			if err := c.Login(ctx); err != nil {
 				return zero, fmt.Errorf("failed to login: %w", err)
@@ -121,9 +123,8 @@ func genericRetry[T any](
 				return zero, err
 			}
 			return genericRetry(ctx, c, method, uri, queryParams, bodyParams, needsKeys, needsAuth, retryCount+1, executeFunc)
-		default:
-			return zero, err
 		}
+		return zero, err
 	}
 
 	return response, nil
@@ -260,11 +261,12 @@ func (c *Client) executeAPIRequest(ctx context.Context, method, uri string, quer
 	}
 
 	// Calculate signature
-	if uri == EndpointCheckVersion {
+	switch {
+	case uri == EndpointCheckVersion:
 		headers["sign"] = c.getSignFromTimestamp(timestamp)
-	} else if method == "GET" {
+	case method == http.MethodGet:
 		headers["sign"] = c.getSignFromPayloadAndTimestamp(originalQueryStr, timestamp)
-	} else if method == "POST" {
+	case method == http.MethodPost:
 		headers["sign"] = c.getSignFromPayloadAndTimestamp(originalBodyStr, timestamp)
 	}
 

internal/api/client_integration_test.go

@@ -19,14 +19,15 @@ func TestAPIRequest_RetryOnEncryptionError(t *testing.T) {
 		requestCount++
 
 		var response map[string]interface{}
-		if requestCount == 1 {
+		switch {
+		case requestCount == 1:
 			// First request: return encryption error
 			response = map[string]interface{}{
 				"state":     "E",
 				"errorCode": 600001,
 				"message":   "Encryption error",
 			}
-		} else if requestCount == 2 && r.URL.Path == "/"+EndpointCheckVersion {
+		case requestCount == 2 && r.URL.Path == "/"+EndpointCheckVersion:
 			// Second request: return new keys
 			testResponse := map[string]interface{}{
 				"encKey":  "newtestenckey123",
@@ -42,7 +43,7 @@ func TestAPIRequest_RetryOnEncryptionError(t *testing.T) {
 				"state":   "S",
 				"payload": encrypted,
 			}
-		} else {
+		default:
 			// Subsequent request: return success
 			testResponse := map[string]interface{}{
 				"resultCode": "200S00",

internal/api/client_test.go

@@ -3,6 +3,7 @@ package api
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"net/http"
 	"net/http/httptest"
 	"strings"
@@ -465,7 +466,7 @@ func TestAPIRequest_RetryWithContextCancellation(t *testing.T) {
 	require.Error(t, err, "Expected error due to context cancellation, got nil")
 
 	// Check if error is or contains context.Canceled
-	if err != context.Canceled {
+	if !errors.Is(err, context.Canceled) {
 		assert.Containsf(t, err.Error(), "context canceled", "Expected context.Canceled error, got: %v", err)
 	}
 

internal/api/errors_test.go

@@ -1,6 +1,7 @@
 package api
 
 import (
+	"errors"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -67,7 +68,8 @@ func TestCheckResultCode_ReturnType(t *testing.T) {
 	err := checkResultCode("500E00", "test operation")
 	require.Error(t, err, "Expected error, got nil")
 
-	resultCodeErr, ok := err.(*ResultCodeError)
+	resultCodeErr := &ResultCodeError{}
+	ok := errors.As(err, &resultCodeErr)
 	require.Truef(t, ok, "Expected *ResultCodeError, got %T", err)
 
 	assert.Equalf(t, "500E00", resultCodeErr.ResultCode, "Expected ResultCode '500E00', got '%s'", resultCodeErr.ResultCode)

internal/config/config.go

@@ -1,6 +1,7 @@
 package config
 
 import (
+	"errors"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -44,7 +45,8 @@ func Load(configPath string) (*Config, error) {
 
 	// Try to read config file (don't fail if it doesn't exist)
 	if err := v.ReadInConfig(); err != nil {
-		if _, ok := err.(viper.ConfigFileNotFoundError); !ok {
+		var configFileNotFoundError viper.ConfigFileNotFoundError
+		if !errors.As(err, &configFileNotFoundError) {
 			return nil, fmt.Errorf("failed to read config file: %w", err)
 		}
 	}

internal/sensordata/touch_event.go

@@ -39,12 +39,13 @@ func (t *TouchEventList) Randomize(sensorCollectionStartTimestamp time.Time) {
 	nowTimestamp := time.Now().UTC()
 	timeSinceSensorCollectionStart := int(nowTimestamp.Sub(sensorCollectionStartTimestamp).Milliseconds())
 
-	if timeSinceSensorCollectionStart < 3000 {
+	switch {
+	case timeSinceSensorCollectionStart < 3000:
 		return
-	} else if timeSinceSensorCollectionStart >= 3000 && timeSinceSensorCollectionStart < 5000 {
+	case timeSinceSensorCollectionStart < 5000:
 		downTime := timeSinceSensorCollectionStart - mathrand.Intn(1000) - 1000
 		t.addTouchSequence(downTime)
-	} else if timeSinceSensorCollectionStart >= 5000 && timeSinceSensorCollectionStart < 10000 {
+	case timeSinceSensorCollectionStart < 10000:
 		for i := 0; i < 2; i++ {
 			timestampOffset := 0
 			if i == 1 {
@@ -53,7 +54,7 @@ func (t *TouchEventList) Randomize(sensorCollectionStartTimestamp time.Time) {
 			downTime := mathrand.Intn(900) + 100 + timestampOffset
 			t.addTouchSequence(downTime)
 		}
-	} else {
+	default:
 		for i := 0; i < 3; i++ {
 			timestampOffset := 0
 			if i == 0 {