gitforge/routers/private
Mathieu Fenniak 7b5d623737 fix: introduce lint-single-response to prevent control flow continuing past a ctx.Error(...)-style method (#13087)
This PR adds a new linter to the codebase and addresses all the problems that it identified (including a small number of false positives).  The lint-single-response Go analyzer attempts to prevent a common problem in Forgejo where it is possible for a web handler to provide a response to a request, and then continue code execution unintentionally.  For example:

```go
err := json.Unmarshal(data, &claims)
if err != nil {
    ctx.Error(http.StatusInternalServerError, "Error in unmarshal", err)
    // Oops, I forgot to `return` here...
}
// ... more work occurs ...
ctx.JSON(http.StatusOK, resp)
```

In order to detect these cases, lint-single-response contains a list of functions that deliver a web response.  When any of those functions are used within a function, the control flow must not perform any work after the function is invoked -- it can only return and exit the function.

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
    - Documentation on the new linter is included inline, in `build/lint-single-response/README.md`.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13087
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
2026-06-14 17:06:03 +02:00
..
tests/repos
actions.go fix: introduce lint-single-response to prevent control flow continuing past a ctx.Error(...)-style method (#13087) 2026-06-14 17:06:03 +02:00
default_branch.go chore: remove branding from context imports (#9628) 2025-10-11 01:52:51 +02:00
hook_post_receive.go fix: introduce lint-single-response to prevent control flow continuing past a ctx.Error(...)-style method (#13087) 2026-06-14 17:06:03 +02:00
hook_post_receive_test.go
hook_pre_receive.go feat: detailed permission denied message on push (#10941) 2026-01-29 01:48:46 +01:00
hook_proc_receive.go chore: remove branding from context imports (#9628) 2025-10-11 01:52:51 +02:00
hook_verification.go
hook_verification_test.go
internal.go
internal_repo.go chore: remove branding from context imports (#9628) 2025-10-11 01:52:51 +02:00
key.go
mail.go
main_test.go
manager.go fix: introduce lint-single-response to prevent control flow continuing past a ctx.Error(...)-style method (#13087) 2026-06-14 17:06:03 +02:00
manager_process.go
manager_unix.go
restore_repo.go chore: ensure consistent import aliasing for services and models (#10253) 2025-11-30 17:00:57 +01:00
serv.go fix: introduce lint-single-response to prevent control flow continuing past a ctx.Error(...)-style method (#13087) 2026-06-14 17:06:03 +02:00
ssh_log.go