Skip to content

Refactor auth/HMAC request rejection call sites to remove duplicated constants#7383

Merged
lpcox merged 2 commits into
mainfrom
copilot/duplicate-code-fix-reject-request
Jun 11, 2026
Merged

Refactor auth/HMAC request rejection call sites to remove duplicated constants#7383
lpcox merged 2 commits into
mainfrom
copilot/duplicate-code-fix-reject-request

Conversation

Copilot AI commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

rejectRequest was repeatedly invoked with fixed "auth" category and fixed error-type tokens across auth and HMAC middleware, creating noisy 8-arg call sites and a refactor hazard. This change centralizes those constants behind thin, file-local wrappers while preserving existing behavior and response semantics.

  • Auth middleware cleanup (internal/server/middleware.go)

    • Added rejectAuthRequest(w, r, status, code, msg, detail) wrapper.
    • Replaced 3 duplicated rejectRequest(..., "auth", "authentication_failed", detail) calls with the wrapper.

  • HMAC middleware cleanup (internal/server/hmac.go)

    • Added rejectHMACRequest(w, r, status, code, msg, detail) wrapper.
    • Replaced 7 duplicated rejectRequest(..., "auth", "hmac_validation_failed", detail) calls with the wrapper.

  • Outcome

    • Single source of truth per middleware for log category + runtime error type.
    • Shorter rejection call sites, with only variable fields (status/code/message/detail) at each branch.
func rejectHMACRequest(w http.ResponseWriter, r *http.Request, status int, code, msg, detail string) {
	rejectRequest(w, r, status, code, msg, "auth", "hmac_validation_failed", detail)
}

// before:
// rejectRequest(w, r, http.StatusUnauthorized, "unauthorized", "invalid HMAC signature", "auth", "hmac_validation_failed", "signature_mismatch")
// after:
rejectHMACRequest(w, r, http.StatusUnauthorized, "unauthorized", "invalid HMAC signature", "signature_mismatch")

GitHub Advanced Security started work on behalf of lpcox June 11, 2026 18:01 View session
GitHub Advanced Security finished work on behalf of lpcox June 11, 2026 18:03
GitHub Advanced Security started work on behalf of lpcox June 11, 2026 18:07 View session
Copilot AI changed the title [WIP] Refactor rejectRequest calls to avoid hardcoded constants Refactor auth/HMAC request rejection call sites to remove duplicated constants Jun 11, 2026
Copilot finished work on behalf of lpcox June 11, 2026 18:07
Copilot AI requested a review from lpcox June 11, 2026 18:07
GitHub Advanced Security finished work on behalf of lpcox June 11, 2026 18:08
@lpcox lpcox marked this pull request as ready for review June 11, 2026 18:11
Copilot AI review requested due to automatic review settings June 11, 2026 18:11
Copilot AI reviewed Jun 11, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR refactors repeated rejectRequest(...) call sites in the auth and HMAC middleware by introducing thin, unexported wrapper helpers that encapsulate the fixed "auth" log category and fixed runtime error type tokens, reducing duplication while preserving existing rejection behavior and HTTP response semantics.

Changes:

  • Added rejectAuthRequest(...) in internal/server/middleware.go and replaced repeated auth rejection call sites with it.
  • Added rejectHMACRequest(...) in internal/server/hmac.go and replaced repeated HMAC rejection call sites with it.
Show a summary per file
File Description
internal/server/middleware.go Introduces rejectAuthRequest helper and uses it for consistent auth rejection calls.
internal/server/hmac.go Introduces rejectHMACRequest helper and uses it for consistent HMAC rejection calls.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 2/2 changed files
  • Comments generated: 0

@lpcox lpcox merged commit 0d8f319 into main Jun 11, 2026
46 checks passed
@lpcox lpcox deleted the copilot/duplicate-code-fix-reject-request branch June 11, 2026 18:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments
@lpcox lpcox Awaiting requested review from lpcox

Assignees

@lpcox lpcox

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lpcox