Merge pull request #140 from kouprlabs/chore/enable-gosec

Chore: Enable gosec

.github/workflows/build-api.yml

@@ -31,7 +31,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Prepare input branch
-        if: ${{ github.event.inputs.branch != "" }}
+        if: ${{ github.event.inputs.branch != '' }}
         run: echo "branch=refs/heads/${{ github.event.inputs.branch }}" >> $GITHUB_ENV
 
       - name: Checkout Repository
@@ -70,9 +70,9 @@ jobs:
           TAGS+=",$name:latest"
           echo "TAGS=$TAGS" >> $GITHUB_ENV
 
-      - name: Set the tag on wokflow dispatch
+      - name: Set the tag on workflow dispatch
         if: ${{ github.ref_type != 'tag' }}
-        run: echo "TAGS=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
+        run: echo "TAGS=voltaserve/api:$(git rev-parse --short HEAD)" >> $GITHUB_ENV
 
       - name: Build and Push Docker Image
         uses: docker/build-push-action@v5

.github/workflows/build-conversion.yml

@@ -31,7 +31,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Prepare input branch
-        if: ${{ github.event.inputs.branch != "" }}
+        if: ${{ github.event.inputs.branch != '' }}
         run: echo "branch=refs/heads/${{ github.event.inputs.branch }}" >> $GITHUB_ENV
 
       - name: Checkout Repository
@@ -70,9 +70,9 @@ jobs:
           TAGS+=",$name:latest"
           echo "TAGS=$TAGS" >> $GITHUB_ENV
 
-      - name: Set the tag on wokflow dispatch
+      - name: Set the tag on workflow dispatch
         if: ${{ github.ref_type != 'tag' }}
-        run: echo "TAGS=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
+        run: echo "TAGS=voltaserve/conversion:$(git rev-parse --short HEAD)" >> $GITHUB_ENV
 
       - name: Build and Push Docker Image
         uses: docker/build-push-action@v5

.github/workflows/build-idp.yml

@@ -70,7 +70,7 @@ jobs:
           TAGS+=",$name:latest"
           echo "TAGS=$TAGS" >> $GITHUB_ENV
 
-      - name: Set the tag on wokflow dispatch
+      - name: Set the tag on workflow dispatch
         if: ${{ github.ref_type != 'tag' }}
         run: echo "TAGS=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
 

.github/workflows/build-language.yml

@@ -75,7 +75,7 @@ jobs:
           TAGS+=",$name:latest"
           echo "TAGS=$TAGS" >> $GITHUB_ENV
 
-      - name: Set the tag on wokflow dispatch
+      - name: Set the tag on workflow dispatch
         if: ${{ github.ref_type != 'tag' }}
         run: echo "TAGS=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
 

.github/workflows/build-mosaic.yml

@@ -31,7 +31,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Prepare input branch
-        if: ${{ github.event.inputs.branch != "" }}
+        if: ${{ github.event.inputs.branch != '' }}
         run: echo "branch=refs/heads/${{ github.event.inputs.branch }}" >> $GITHUB_ENV
 
       - name: Checkout Repository
@@ -70,9 +70,9 @@ jobs:
           TAGS+=",$name:latest"
           echo "TAGS=$TAGS" >> $GITHUB_ENV
 
-      - name: Set the tag on wokflow dispatch
+      - name: Set the tag on workflow dispatch
         if: ${{ github.ref_type != 'tag' }}
-        run: echo "TAGS=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
+        run: echo "TAGS=voltaserve/mosaic:$(git rev-parse --short HEAD)" >> $GITHUB_ENV
 
       - name: Build and Push Docker Image
         uses: docker/build-push-action@v5

.github/workflows/build-ui.yml

@@ -31,7 +31,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Prepare input branch
-        if: ${{ github.event.inputs.branch != "" }}
+        if: ${{ github.event.inputs.branch != '' }}
         run: echo "branch=refs/heads/${{ github.event.inputs.branch }}" >> $GITHUB_ENV
 
       - name: Checkout Repository
@@ -70,9 +70,9 @@ jobs:
           TAGS+=",$name:latest"
           echo "TAGS=$TAGS" >> $GITHUB_ENV
 
-      - name: Set the tag on wokflow dispatch
+      - name: Set the tag on workflow dispatch
         if: ${{ github.ref_type != 'tag' }}
-        run: echo "TAGS=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
+        run: echo "TAGS=voltaserve/ui:$(git rev-parse --short HEAD)" >> $GITHUB_ENV
 
       - name: Build and Push Docker Image
         uses: docker/build-push-action@v5

.github/workflows/build-webdav.yml

@@ -31,7 +31,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Prepare input branch
-        if: ${{ github.event.inputs.branch != "" }}
+        if: ${{ github.event.inputs.branch != '' }}
         run: echo "branch=refs/heads/${{ github.event.inputs.branch }}" >> $GITHUB_ENV
 
       - name: Checkout Repository
@@ -70,9 +70,9 @@ jobs:
           TAGS+=",$name:latest"
           echo "TAGS=$TAGS" >> $GITHUB_ENV
 
-      - name: Set the tag on wokflow dispatch
+      - name: Set the tag on workflow dispatch
         if: ${{ github.ref_type != 'tag' }}
-        run: echo "TAGS=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
+        run: echo "TAGS=voltaserve/webdav:$(git rev-parse --short HEAD)" >> $GITHUB_ENV
 
       - name: Build and Push Docker Image
         uses: docker/build-push-action@v5

api/.golangci.yml

@@ -39,7 +39,6 @@ linters:
     - prealloc
     - nestif
     - lll
-    - gosec
     - gocritic
     - gocognit
     - funlen

api/infra/fixtures/join-organization.eml

@@ -0,0 +1,64 @@
+Mime-Version: 1.0
+Date: Now
+From: "Voltaserve" <[email protected]>
+To: "Someone" <[email protected]>
+Subject: Invitation to join a Voltaserve organization
+Content-Type: multipart/alternative;
+ boundary=XXX
+
+--XXX
+Content-Transfer-Encoding: quoted-printable
+Content-Type: text/plain ; charset=UTF-8
+
+You have been invited by Someone to join the organization ACME.
+Please follow this link to sign up: example.com/sign-up
+--XXX
+Content-Transfer-Encoding: quoted-printable
+Content-Type: text/html; charset=UTF-8
+
+<html>
+  <head>
+    <link rel=3D"preconnect" href=3D"https://fonts.googleapis.com" />
+    <link rel=3D"preconnect" href=3D"https://fonts.gstatic.com" crossorigin=
+ />
+    <link
+      href=3D"https://fonts.googleapis.com/css2?family=3DIBM+Plex+Sans:ital=
+,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;1,100;1,200;1,300;1,400;1,5=
+00;1,600;1,700&display=3Dswap"
+      rel=3D"stylesheet"
+    />
+    <style>
+      .container {
+        font-family: "IBM Plex Sans", sans-serif;
+        font-size: 14px;
+        color: black;
+        width: 580px;
+        margin-left: auto;
+        margin-right: auto;
+      }
+      .link {
+        color: #0c4cf3 !important;
+      }
+      .link:visited {
+        color: #0c4cf3 !important;
+      }
+    </style>
+  </head>
+  <body>
+    <div class=3D"container">
+      <p>Hello,</p>
+      <p>
+        You have been invited by <b>Someone</b> to join the
+        organization <b>ACME</b>. Please follow this link to
+        view your incoming invitations:
+      </p>
+      <p>
+        <a class=3D"link" href=3D"example.com/account/invitation">
+          View incoming invitations
+        </a>
+      </p>
+    </div>
+  </body>
+</html>
+
+--XXX

api/infra/fixtures/sign-up-and-join-organization.eml

@@ -0,0 +1,63 @@
+Mime-Version: 1.0
+Date: Now
+From: "Voltaserve" <[email protected]>
+To: "Someone" <[email protected]>
+Subject: Invitation to join a Voltaserve organization
+Content-Type: multipart/alternative;
+ boundary=XXX
+
+--XXX
+Content-Transfer-Encoding: quoted-printable
+Content-Type: text/plain ; charset=UTF-8
+
+You have been invited by Someone to join the organization ACME.
+Please follow this link to view your incoming invitations: example.com/acco=
+unt/incoming-invitations
+--XXX
+Content-Transfer-Encoding: quoted-printable
+Content-Type: text/html; charset=UTF-8
+
+<html>
+  <head>
+    <link rel=3D"preconnect" href=3D"https://fonts.googleapis.com" />
+    <link rel=3D"preconnect" href=3D"https://fonts.gstatic.com" crossorigin=
+ />
+    <link
+      href=3D"https://fonts.googleapis.com/css2?family=3DIBM+Plex+Sans:ital=
+,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;1,100;1,200;1,300;1,400;1,5=
+00;1,600;1,700&display=3Dswap"
+      rel=3D"stylesheet"
+    />
+    <style>
+      .container {
+        font-family: "IBM Plex Sans", sans-serif;
+        font-size: 14px;
+        color: black;
+        width: 580px;
+        margin-left: auto;
+        margin-right: auto;
+      }
+      .link {
+        color: #0c4cf3 !important;
+      }
+      .link:visited {
+        color: #0c4cf3 !important;
+      }
+    </style>
+  </head>
+  <body>
+    <div class=3D"container">
+      <p>Hello,</p>
+      <p>
+        You have been invited by <b>Someone</b> to join the
+        organization <b>ACME</b> in Voltaserve. Please follow
+        this link to sign up:
+      </p>
+      <p>
+        <a class=3D"link" href=3D"example.com/sign-up">Sign up</a>
+      </p>
+    </div>
+  </body>
+</html>
+
+--XXX

api/infra/mail.go

@@ -14,7 +14,7 @@ import (
 	"bytes"
 	"fmt"
 	"io"
-	"os"
+	"io/fs"
 	"path/filepath"
 	"text/template"
 
@@ -23,30 +23,39 @@ import (
 
 	"github.com/kouprlabs/voltaserve/api/config"
 	"github.com/kouprlabs/voltaserve/api/log"
+	"github.com/kouprlabs/voltaserve/api/templates"
 )
 
+type dialer interface {
+	DialAndSend(m ...*gomail.Message) error
+}
+
 type MessageParams struct {
 	Subject string
 }
 
 type MailTemplate struct {
-	dialer *gomail.Dialer
+	dialer dialer
 	config config.SMTPConfig
 }
 
-func NewMailTemplate() *MailTemplate {
-	mt := new(MailTemplate)
-	mt.config = config.GetConfig().SMTP
-	mt.dialer = gomail.NewDialer(mt.config.Host, mt.config.Port, mt.config.Username, mt.config.Password)
-	return mt
+func NewMailTemplate(config config.SMTPConfig) *MailTemplate {
+	return NewMailTemplateWithDialer(config, gomail.NewDialer(config.Host, config.Port, config.Username, config.Password))
+}
+
+func NewMailTemplateWithDialer(config config.SMTPConfig, dialer dialer) *MailTemplate {
+	return &MailTemplate{
+		config: config,
+		dialer: dialer,
+	}
 }
 
 func (mt *MailTemplate) Send(templateName string, address string, variables map[string]string) error {
-	html, err := mt.getText(filepath.FromSlash("templates/"+templateName+"/template.html"), variables)
+	html, err := mt.getText(filepath.FromSlash(templateName+"/template.html"), variables)
 	if err != nil {
 		return err
 	}
-	text, err := mt.getText(filepath.FromSlash("templates/"+templateName+"/template.txt"), variables)
+	text, err := mt.getText(filepath.FromSlash(templateName+"/template.txt"), variables)
 	if err != nil {
 		return err
 	}
@@ -61,17 +70,17 @@ func (mt *MailTemplate) Send(templateName string, address string, variables map[
 	m.SetBody("text/plain ", text)
 	m.AddAlternative("text/html", html)
 	if err := mt.dialer.DialAndSend(m); err != nil {
-		return err
+		return fmt.Errorf("dial and sending mail: %w", err)
 	}
 	return nil
 }
 
 func (mt *MailTemplate) getText(path string, variables map[string]string) (string, error) {
-	f, err := os.Open(path)
+	f, err := templates.FS.Open(path)
 	if err != nil {
 		return "", err
 	}
-	defer func(f *os.File) {
+	defer func(f fs.File) {
 		if err := f.Close(); err != nil {
 			log.GetLogger().Error(err)
 		}
@@ -91,11 +100,11 @@ func (mt *MailTemplate) getText(path string, variables map[string]string) (strin
 }
 
 func (mt *MailTemplate) getMessageParams(templateName string) (*MessageParams, error) {
-	f, err := os.Open(filepath.FromSlash("templates/" + templateName + "/params.yml"))
+	f, err := templates.FS.Open(filepath.FromSlash(templateName + "/params.yml"))
 	if err != nil {
 		return nil, err
 	}
-	defer func(f *os.File) {
+	defer func(f fs.File) {
 		if err := f.Close(); err != nil {
 			log.GetLogger().Error(err)
 		}