Add protogetter linter

Makefile

@@ -36,8 +36,8 @@ lint:
 	go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
 	golangci-lint version
 	golangci-lint run -E bidichk,durationcheck,errname,exportloopref \
-	-E forcetypeassert,goconst,godot,goerr113,gofumpt,gosec,nlreturn,prealloc \
-	-E unconvert,unparam,usestdlibvars --exclude-use-default=false
+	-E forcetypeassert,godot,goerr113,gofumpt,gosec,nlreturn,prealloc \
+	-E protogetter,unconvert,unparam,usestdlibvars --exclude-use-default=false
 
 	go install golang.org/x/vuln/cmd/govulncheck@latest
 	govulncheck -test ./...

build/deploy/hermes/docker-compose.yml

@@ -1,7 +1,7 @@
 version: "3"
 services:
   hermes-api:
-    image: ghcr.io/ownmfa/hermes:7bdca87c
+    image: ghcr.io/ownmfa/hermes:db584d7a
     command: hermes-api
     restart: on-failure
     depends_on:
@@ -35,7 +35,7 @@ services:
       - "traefik.http.services.hermes-grpc.loadbalancer.server.scheme=h2c"
 
   hermes-notifier:
-    image: ghcr.io/ownmfa/hermes:7bdca87c
+    image: ghcr.io/ownmfa/hermes:db584d7a
     command: hermes-notifier
     restart: on-failure
     environment:

go.mod

@@ -1,6 +1,6 @@
 module github.com/ownmfa/hermes
 
-go 1.21.0
+go 1.21.3
 
 require (
 	github.com/NYTimes/gziphandler v1.1.1
@@ -11,14 +11,14 @@ require (
 	github.com/jellydator/ttlcache/v3 v3.1.0
 	github.com/mennanov/fmutils v0.2.1
 	github.com/nsqio/go-nsq v1.1.0
-	github.com/ownmfa/api/go v1.0.27
+	github.com/ownmfa/api/go v1.0.28
 	github.com/redis/go-redis/v9 v9.2.1
 	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
 	github.com/smira/go-statsd v1.3.3
 	github.com/stretchr/testify v1.8.4
 	go.uber.org/mock v0.3.0
 	golang.org/x/crypto v0.14.0
-	google.golang.org/grpc v1.58.3
+	google.golang.org/grpc v1.59.0
 	google.golang.org/protobuf v1.31.0
 )
 
@@ -37,8 +37,8 @@ require (
 	golang.org/x/sync v0.4.0 // indirect
 	golang.org/x/sys v0.13.0 // indirect
 	golang.org/x/text v0.13.0 // indirect
-	google.golang.org/genproto v0.0.0-20231009173412-8bfb1ae86b6c // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20231009173412-8bfb1ae86b6c // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c // indirect
+	google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -428,8 +428,8 @@ github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE=
-github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ=
+github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo=
+github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -551,8 +551,8 @@ github.com/mennanov/fmutils v0.2.1 h1:AUxeJv4o92vKbZaM4RBLZ/i8WzPF/UISTNeXB3gEIl
 github.com/mennanov/fmutils v0.2.1/go.mod h1:ph1jsu8gV1gUgMURCmfIVbXKG3O2/O5o/UbPbbqu8zs=
 github.com/nsqio/go-nsq v1.1.0 h1:PQg+xxiUjA7V+TLdXw7nVrJ5Jbl3sN86EhGCQj4+FYE=
 github.com/nsqio/go-nsq v1.1.0/go.mod h1:vKq36oyeVXgsS5Q8YEO7WghqidAVXQlcFxzQbQTuDEY=
-github.com/ownmfa/api/go v1.0.27 h1:fOruRrzqnAJezhSSxpZjB8wd0djA+ii98x+eI6fI6GE=
-github.com/ownmfa/api/go v1.0.27/go.mod h1:99PmUKxcZdiNGTHyJRlDkennbI7OWYiuRny6u9zbpkI=
+github.com/ownmfa/api/go v1.0.28 h1:ynvj335X3pCt1UkWkYuGTZdfqcdyon6gkmYMLAy+soQ=
+github.com/ownmfa/api/go v1.0.28/go.mod h1:oahF0+3YvReV98Pg+hyXVwwZzKqZ6Gb6naSTXC6rBOk=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -1044,12 +1044,12 @@ google.golang.org/genproto v0.0.0-20221117204609-8f9c96812029/go.mod h1:rZS5c/ZV
 google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg=
 google.golang.org/genproto v0.0.0-20221201164419-0e50fba7f41c/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg=
 google.golang.org/genproto v0.0.0-20230202175211-008b39050e57/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
-google.golang.org/genproto v0.0.0-20231009173412-8bfb1ae86b6c h1:ml3TAUoIIzQUtX88s/icpXCFW9lV5VwsuIuS1htNjKY=
-google.golang.org/genproto v0.0.0-20231009173412-8bfb1ae86b6c/go.mod h1:MugzuwC+GYOxyF0XUGQvsT97bOgWCV7MM1XMc5FZv8E=
-google.golang.org/genproto/googleapis/api v0.0.0-20231009173412-8bfb1ae86b6c h1:0RtEmmHjemvUXloH7+RuBSIw7n+GEHMOMY1CkGYnWq4=
-google.golang.org/genproto/googleapis/api v0.0.0-20231009173412-8bfb1ae86b6c/go.mod h1:Wth13BrWMRN/G+guBLupKa6fslcWZv14R0ZKDRkNfY8=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c h1:jHkCUWkseRf+W+edG5hMzr/Uh1xkDREY4caybAq4dpY=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c/go.mod h1:4cYg8o5yUbm77w8ZX00LhMVNl/YVBFJRYWDc0uYWMs0=
+google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b h1:+YaDE2r2OG8t/z5qmsh7Y+XXwCbvadxxZ0YY6mTdrVA=
+google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:CgAqfJo+Xmu0GwA0411Ht3OU3OntXwsGmrmjI8ioGXI=
+google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b h1:CIC2YMXmIhYw6evmhPxBKJ4fmLbOFtXQN/GV3XOZR8k=
+google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:IBQ646DjkDkvUIsVq/cc03FUFQ9wbZu7yE396YcL870=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1:ZlWIi1wSK56/8hn4QcBp/j9M7Gt3U/3hZw3mC7vDICo=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -1086,8 +1086,8 @@ google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCD
 google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
 google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
 google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww=
-google.golang.org/grpc v1.58.3 h1:BjnpXut1btbtgN/6sp+brB2Kbm2LjNXnidYujAVbSoQ=
-google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
+google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
+google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=

internal/hermes-api/interceptor/auth.go

@@ -62,10 +62,10 @@ func Auth(
 
 		// Check for disabled organization. This read is cached.
 		org, err := orgDAO.Read(ctx, sess.OrgID)
-		if err != nil || org.Status == api.Status_DISABLED {
+		if err != nil || org.GetStatus() == api.Status_DISABLED {
 			return nil, status.Error(codes.Unauthenticated, "unauthorized")
 		}
-		sess.OrgPlan = org.Plan
+		sess.OrgPlan = org.GetPlan()
 
 		// Add logging fields.
 		logger := hlog.FromContext(ctx)

internal/hermes-api/interceptor/auth_test.go

@@ -37,8 +37,8 @@ func TestAuth(t *testing.T) {
 	t.Logf("webToken, err: %v, %v", webToken, err)
 	require.NoError(t, err)
 
-	keyToken, err := session.GenerateKeyToken(key, uuid.NewString(), user.OrgId,
-		user.Role)
+	keyToken, err := session.GenerateKeyToken(key, uuid.NewString(), user.GetOrgId(),
+		user.GetRole())
 	t.Logf("keyToken, err: %v, %v", keyToken, err)
 	require.NoError(t, err)
 
@@ -61,13 +61,13 @@ func TestAuth(t *testing.T) {
 			[]string{"authorization", "Bearer " + webToken},
 			nil, nil,
 			&grpc.UnaryServerInfo{FullMethod: random.String(10)}, false, nil, 0,
-			&api.Org{Id: user.OrgId, Status: api.Status_ACTIVE}, nil, 1, nil,
+			&api.Org{Id: user.GetOrgId(), Status: api.Status_ACTIVE}, nil, 1, nil,
 		},
 		{
 			[]string{"authorization", "Bearer " + keyToken},
 			nil, nil,
 			&grpc.UnaryServerInfo{FullMethod: random.String(10)}, false, nil, 1,
-			&api.Org{Id: user.OrgId, Status: api.Status_ACTIVE}, nil, 1, nil,
+			&api.Org{Id: user.GetOrgId(), Status: api.Status_ACTIVE}, nil, 1, nil,
 		},
 		{
 			nil, errTestFunc,
@@ -112,14 +112,14 @@ func TestAuth(t *testing.T) {
 			[]string{"authorization", "Bearer " + webToken},
 			errTestFunc, nil,
 			&grpc.UnaryServerInfo{FullMethod: random.String(10)}, false, nil, 0,
-			&api.Org{Id: user.OrgId, Status: api.Status_ACTIVE}, errTestFunc, 1,
+			&api.Org{Id: user.GetOrgId(), Status: api.Status_ACTIVE}, errTestFunc, 1,
 			status.Error(codes.Unauthenticated, "unauthorized"),
 		},
 		{
 			[]string{"authorization", "Bearer " + webToken},
 			errTestFunc, nil,
 			&grpc.UnaryServerInfo{FullMethod: random.String(10)}, false, nil, 0,
-			&api.Org{Id: user.OrgId, Status: api.Status_DISABLED}, nil, 1,
+			&api.Org{Id: user.GetOrgId(), Status: api.Status_DISABLED}, nil, 1,
 			status.Error(codes.Unauthenticated, "unauthorized"),
 		},
 	}
@@ -136,7 +136,7 @@ func TestAuth(t *testing.T) {
 				Return(lTest.inpCache, "", lTest.inpCacheErr).
 				Times(lTest.inpCacheTimes)
 			orger := service.NewMockOrger(ctrl)
-			orger.EXPECT().Read(gomock.Any(), lTest.inpOrg.Id).
+			orger.EXPECT().Read(gomock.Any(), lTest.inpOrg.GetId()).
 				Return(lTest.inpOrg, lTest.inpOrgErr).Times(lTest.inpOrgTimes)
 
 			ctx, cancel := context.WithTimeout(context.Background(),

internal/hermes-api/service/app.go

@@ -78,7 +78,7 @@ func (ai *AppIdentity) CreateApp(
 
 	req.App.OrgId = sess.OrgID
 
-	app, err := ai.appDAO.Create(ctx, req.App)
+	app, err := ai.appDAO.Create(ctx, req.GetApp())
 	if err != nil {
 		return nil, errToStatus(err)
 	}
@@ -101,7 +101,7 @@ func (ai *AppIdentity) GetApp(ctx context.Context, req *api.GetAppRequest) (
 		return nil, errPerm(api.Role_VIEWER)
 	}
 
-	app, err := ai.appDAO.Read(ctx, req.Id, sess.OrgID)
+	app, err := ai.appDAO.Read(ctx, req.GetId(), sess.OrgID)
 	if err != nil {
 		return nil, errToStatus(err)
 	}
@@ -119,28 +119,28 @@ func (ai *AppIdentity) UpdateApp(
 		return nil, errPerm(api.Role_ADMIN)
 	}
 
-	if req.App == nil {
+	if req.GetApp() == nil {
 		return nil, status.Error(codes.InvalidArgument,
 			req.Validate().Error())
 	}
 	req.App.OrgId = sess.OrgID
 
 	// Perform partial update if directed.
-	if req.UpdateMask != nil && len(req.UpdateMask.Paths) > 0 {
+	if len(req.GetUpdateMask().GetPaths()) > 0 {
 		// Normalize and validate field mask.
-		req.UpdateMask.Normalize()
-		if !req.UpdateMask.IsValid(req.App) {
+		req.GetUpdateMask().Normalize()
+		if !req.GetUpdateMask().IsValid(req.GetApp()) {
 			return nil, status.Error(codes.InvalidArgument,
 				"invalid field mask")
 		}
 
-		app, err := ai.appDAO.Read(ctx, req.App.Id, sess.OrgID)
+		app, err := ai.appDAO.Read(ctx, req.GetApp().GetId(), sess.OrgID)
 		if err != nil {
 			return nil, errToStatus(err)
 		}
 
-		fmutils.Filter(req.App, req.UpdateMask.Paths)
-		proto.Merge(app, req.App)
+		fmutils.Filter(req.GetApp(), req.GetUpdateMask().GetPaths())
+		proto.Merge(app, req.GetApp())
 		req.App = app
 	}
 
@@ -149,7 +149,7 @@ func (ai *AppIdentity) UpdateApp(
 		return nil, status.Error(codes.InvalidArgument, err.Error())
 	}
 
-	app, err := ai.appDAO.Update(ctx, req.App)
+	app, err := ai.appDAO.Update(ctx, req.GetApp())
 	if err != nil {
 		return nil, errToStatus(err)
 	}
@@ -166,7 +166,7 @@ func (ai *AppIdentity) DeleteApp(
 		return nil, errPerm(api.Role_ADMIN)
 	}
 
-	if err := ai.appDAO.Delete(ctx, req.Id, sess.OrgID); err != nil {
+	if err := ai.appDAO.Delete(ctx, req.GetId(), sess.OrgID); err != nil {
 		return nil, errToStatus(err)
 	}
 
@@ -188,31 +188,31 @@ func (ai *AppIdentity) ListApps(ctx context.Context, req *api.ListAppsRequest) (
 		return nil, errPerm(api.Role_VIEWER)
 	}
 
-	if req.PageSize == 0 {
+	if req.GetPageSize() == 0 {
 		req.PageSize = defaultPageSize
 	}
 
-	lBoundTS, prevID, err := session.ParsePageToken(req.PageToken)
+	lBoundTS, prevID, err := session.ParsePageToken(req.GetPageToken())
 	if err != nil {
 		return nil, status.Error(codes.InvalidArgument, "invalid page token")
 	}
 
 	// Retrieve PageSize+1 entries to find last page.
 	apps, count, err := ai.appDAO.List(ctx, sess.OrgID, lBoundTS, prevID,
-		req.PageSize+1)
+		req.GetPageSize()+1)
 	if err != nil {
 		return nil, errToStatus(err)
 	}
 
 	resp := &api.ListAppsResponse{Apps: apps, TotalSize: count}
 
 	// Populate next page token.
-	if len(apps) == int(req.PageSize+1) {
+	if len(apps) == int(req.GetPageSize()+1) {
 		resp.Apps = apps[:len(apps)-1]
 
 		if resp.NextPageToken, err = session.GeneratePageToken(
-			apps[len(apps)-2].CreatedAt.AsTime(),
-			apps[len(apps)-2].Id); err != nil {
+			apps[len(apps)-2].GetCreatedAt().AsTime(),
+			apps[len(apps)-2].GetId()); err != nil {
 			// GeneratePageToken should not error based on a DB-derived UUID.
 			// Log the error and include the usable empty token.
 			logger := hlog.FromContext(ctx)