Add gocritic

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

.golangci.yml

@@ -19,6 +19,7 @@ linters:
   - goimports
   - golint
   - gosimple
+  - gocritic
   - govet
   - ineffassign
   - interfacer
@@ -40,6 +41,5 @@ linters:
   # - gocyclo
   # - lll
   # - goconst
-  # - gocritic
   # - errcheck
   # - dupl

cmd/dex/config.go

@@ -49,7 +49,7 @@ type Config struct {
 	StaticPasswords []password `json:"staticPasswords"`
 }
 
-//Validate the configuration
+// Validate the configuration
 func (c Config) Validate() error {
 	// Fast checks. Perform these first for a more responsive CLI.
 	checks := []struct {

connector/authproxy/authproxy.go

@@ -34,7 +34,7 @@ func (m *callback) LoginURL(s connector.Scopes, callbackURL, state string) (stri
 	if err != nil {
 		return "", fmt.Errorf("failed to parse callbackURL %q: %v", callbackURL, err)
 	}
-	u.Path = u.Path + m.pathSuffix
+	u.Path += m.pathSuffix
 	v := u.Query()
 	v.Set("state", state)
 	u.RawQuery = v.Encode()

connector/github/github.go

@@ -334,11 +334,12 @@ func (c *githubConnector) Refresh(ctx context.Context, s connector.Scopes, ident
 
 // getGroups retrieves GitHub orgs and teams a user is in, if any.
 func (c *githubConnector) getGroups(ctx context.Context, client *http.Client, groupScope bool, userLogin string) ([]string, error) {
-	if len(c.orgs) > 0 {
+	switch {
+	case len(c.orgs) > 0:
 		return c.groupsForOrgs(ctx, client, userLogin)
-	} else if c.org != "" {
+	case c.org != "":
 		return c.teamsForOrg(ctx, client, c.org)
-	} else if groupScope && c.loadAllGroups {
+	case groupScope && c.loadAllGroups:
 		return c.userGroups(ctx, client)
 	}
 	return nil, nil

connector/ldap/ldap.go

@@ -188,7 +188,7 @@ func parseScope(s string) (int, bool) {
 // See "Config.GroupSearch.UserMatchers" comments for the details
 func (c *ldapConnector) userMatchers() []UserMatcher {
 	if len(c.GroupSearch.UserMatchers) > 0 && c.GroupSearch.UserMatchers[0].UserAttr != "" {
-		return c.GroupSearch.UserMatchers[:]
+		return c.GroupSearch.UserMatchers
 	}
 
 	return []UserMatcher{
@@ -245,9 +245,9 @@ func (c *Config) openConnector(logger log.Logger) (*ldapConnector, error) {
 	if host, _, err = net.SplitHostPort(c.Host); err != nil {
 		host = c.Host
 		if c.InsecureNoSSL {
-			c.Host = c.Host + ":389"
+			c.Host += ":389"
 		} else {
-			c.Host = c.Host + ":636"
+			c.Host += ":636"
 		}
 	}
 

server/api_test.go

@@ -291,7 +291,7 @@ func TestRefreshToken(t *testing.T) {
 		t.Errorf("failed to marshal offline session ID: %v", err)
 	}
 
-	//Testing the api.
+	// Testing the api.
 	listReq := api.ListRefreshReq{
 		UserId: subjectString,
 	}

server/deviceflowhandlers.go

@@ -15,17 +15,17 @@ import (
 )
 
 type deviceCodeResponse struct {
-	//The unique device code for device authentication
+	// The unique device code for device authentication
 	DeviceCode string `json:"device_code"`
-	//The code the user will exchange via a browser and log in
+	// The code the user will exchange via a browser and log in
 	UserCode string `json:"user_code"`
-	//The url to verify the user code.
+	// The url to verify the user code.
 	VerificationURI string `json:"verification_uri"`
-	//The verification uri with the user code appended for pre-filling form
+	// The verification uri with the user code appended for pre-filling form
 	VerificationURIComplete string `json:"verification_uri_complete"`
-	//The lifetime of the device code
+	// The lifetime of the device code
 	ExpireTime int `json:"expires_in"`
-	//How often the device is allowed to poll to verify that the user login occurred
+	// How often the device is allowed to poll to verify that the user login occurred
 	PollInterval int `json:"interval"`
 }
 
@@ -66,27 +66,27 @@ func (s *Server) handleDeviceCode(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
-		//Get the client id and scopes from the post
+		// Get the client id and scopes from the post
 		clientID := r.Form.Get("client_id")
 		clientSecret := r.Form.Get("client_secret")
 		scopes := strings.Fields(r.Form.Get("scope"))
 
 		s.logger.Infof("Received device request for client %v with scopes %v", clientID, scopes)
 
-		//Make device code
+		// Make device code
 		deviceCode := storage.NewDeviceCode()
 
-		//make user code
+		// make user code
 		userCode, err := storage.NewUserCode()
 		if err != nil {
 			s.logger.Errorf("Error generating user code: %v", err)
 			s.tokenErrHelper(w, errInvalidRequest, "", http.StatusInternalServerError)
 		}
 
-		//Generate the expire time
+		// Generate the expire time
 		expireTime := time.Now().Add(s.deviceRequestsValidFor)
 
-		//Store the Device Request
+		// Store the Device Request
 		deviceReq := storage.DeviceRequest{
 			UserCode:     userCode,
 			DeviceCode:   deviceCode,
@@ -102,7 +102,7 @@ func (s *Server) handleDeviceCode(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
-		//Store the device token
+		// Store the device token
 		deviceToken := storage.DeviceToken{
 			DeviceCode:          deviceCode,
 			Status:              deviceTokenPending,
@@ -176,7 +176,7 @@ func (s *Server) handleDeviceToken(w http.ResponseWriter, r *http.Request) {
 
 		now := s.now()
 
-		//Grab the device token, check validity
+		// Grab the device token, check validity
 		deviceToken, err := s.storage.GetDeviceToken(deviceCode)
 		if err != nil {
 			if err != storage.ErrNotFound {
@@ -189,13 +189,13 @@ func (s *Server) handleDeviceToken(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
-		//Rate Limiting check
+		// Rate Limiting check
 		slowDown := false
 		pollInterval := deviceToken.PollIntervalSeconds
 		minRequestTime := deviceToken.LastRequestTime.Add(time.Second * time.Duration(pollInterval))
 		if now.Before(minRequestTime) {
 			slowDown = true
-			//Continually increase the poll interval until the user waits the proper time
+			// Continually increase the poll interval until the user waits the proper time
 			pollInterval += 5
 		} else {
 			pollInterval = 5
@@ -255,7 +255,7 @@ func (s *Server) handleDeviceCallback(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
-		//Grab the device request from storage
+		// Grab the device request from storage
 		deviceReq, err := s.storage.GetDeviceRequest(userCode)
 		if err != nil || s.now().After(deviceReq.Expiry) {
 			errCode := http.StatusBadRequest
@@ -289,7 +289,7 @@ func (s *Server) handleDeviceCallback(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
-		//Grab the device token from storage
+		// Grab the device token from storage
 		old, err := s.storage.GetDeviceToken(deviceReq.DeviceCode)
 		if err != nil || s.now().After(old.Expiry) {
 			errCode := http.StatusBadRequest
@@ -353,7 +353,7 @@ func (s *Server) verifyUserCode(w http.ResponseWriter, r *http.Request) {
 
 		userCode = strings.ToUpper(userCode)
 
-		//Find the user code in the available requests
+		// Find the user code in the available requests
 		deviceRequest, err := s.storage.GetDeviceRequest(userCode)
 		if err != nil || s.now().After(deviceRequest.Expiry) {
 			if err != nil && err != storage.ErrNotFound {
@@ -366,7 +366,7 @@ func (s *Server) verifyUserCode(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
-		//Redirect to Dex Auth Endpoint
+		// Redirect to Dex Auth Endpoint
 		authURL := path.Join(s.issuerURL.Path, "/auth")
 		u, err := url.Parse(authURL)
 		if err != nil {

server/deviceflowhandlers_test.go

@@ -24,7 +24,7 @@ func TestDeviceVerificationURI(t *testing.T) {
 	defer cancel()
 	// Setup a dex server.
 	httpServer, s := newTestServer(ctx, t, func(c *Config) {
-		c.Issuer = c.Issuer + "/non-root-path"
+		c.Issuer += "/non-root-path"
 		c.Now = now
 	})
 	defer httpServer.Close()
@@ -76,7 +76,7 @@ func TestHandleDeviceCode(t *testing.T) {
 
 			// Setup a dex server.
 			httpServer, s := newTestServer(ctx, t, func(c *Config) {
-				c.Issuer = c.Issuer + "/non-root-path"
+				c.Issuer += "/non-root-path"
 				c.Now = now
 			})
 			defer httpServer.Close()
@@ -322,7 +322,7 @@ func TestDeviceCallback(t *testing.T) {
 
 			// Setup a dex server.
 			httpServer, s := newTestServer(ctx, t, func(c *Config) {
-				//c.Issuer = c.Issuer + "/non-root-path"
+				// c.Issuer = c.Issuer + "/non-root-path"
 				c.Now = now
 			})
 			defer httpServer.Close()
@@ -506,7 +506,7 @@ func TestDeviceTokenResponse(t *testing.T) {
 
 			// Setup a dex server.
 			httpServer, s := newTestServer(ctx, t, func(c *Config) {
-				c.Issuer = c.Issuer + "/non-root-path"
+				c.Issuer += "/non-root-path"
 				c.Now = now
 			})
 			defer httpServer.Close()
@@ -637,7 +637,7 @@ func TestVerifyCodeResponse(t *testing.T) {
 
 			// Setup a dex server.
 			httpServer, s := newTestServer(ctx, t, func(c *Config) {
-				c.Issuer = c.Issuer + "/non-root-path"
+				c.Issuer += "/non-root-path"
 				c.Now = now
 			})
 			defer httpServer.Close()

server/handlers.go

@@ -505,7 +505,7 @@ func (s *Server) finalizeLogin(identity connector.Identity, authReq storage.Auth
 
 	email := claims.Email
 	if !claims.EmailVerified {
-		email = email + " (unverified)"
+		email += " (unverified)"
 	}
 
 	s.logger.Infof("login successful: connector %q, username=%q, preferred_username=%q, email=%q, groups=%q",
@@ -518,7 +518,8 @@ func (s *Server) finalizeLogin(identity connector.Identity, authReq storage.Auth
 	}
 
 	// Try to retrieve an existing OfflineSession object for the corresponding user.
-	if session, err := s.storage.GetOfflineSessions(identity.UserID, authReq.ConnectorID); err != nil {
+	session, err := s.storage.GetOfflineSessions(identity.UserID, authReq.ConnectorID)
+	if err != nil {
 		if err != storage.ErrNotFound {
 			s.logger.Errorf("failed to get offline session: %v", err)
 			return "", err
@@ -536,7 +537,10 @@ func (s *Server) finalizeLogin(identity connector.Identity, authReq storage.Auth
 			s.logger.Errorf("failed to create offline session: %v", err)
 			return "", err
 		}
-	} else {
+
+		return returnURL, nil
+	}
+
 	// Update existing OfflineSession obj with new RefreshTokenRef.
 	if err := s.storage.UpdateOfflineSessions(session.UserID, session.ConnID, func(old storage.OfflineSessions) (storage.OfflineSessions, error) {
 		if len(identity.ConnectorData) > 0 {
@@ -547,7 +551,6 @@ func (s *Server) finalizeLogin(identity connector.Identity, authReq storage.Auth
 		s.logger.Errorf("failed to update offline session: %v", err)
 		return "", err
 	}
-	}
 
 	return returnURL, nil
 }
@@ -1017,15 +1020,18 @@ func (s *Server) handleRefreshToken(w http.ResponseWriter, r *http.Request, clie
 	}
 
 	var connectorData []byte
-	if session, err := s.storage.GetOfflineSessions(refresh.Claims.UserID, refresh.ConnectorID); err != nil {
+
+	session, err := s.storage.GetOfflineSessions(refresh.Claims.UserID, refresh.ConnectorID)
+	switch {
+	case err != nil:
 		if err != storage.ErrNotFound {
 			s.logger.Errorf("failed to get offline session: %v", err)
 			return
 		}
-	} else if len(refresh.ConnectorData) > 0 {
+	case len(refresh.ConnectorData) > 0:
 		// Use the old connector data if it exists, should be deleted once used
 		connectorData = refresh.ConnectorData
-	} else {
+	default:
 		connectorData = session.ConnectorData
 	}
 

server/server.go

@@ -305,7 +305,7 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy)
 		}
 		r.Handle(path.Join(issuerURL.Path, p), instrumentHandlerCounter(p, handler))
 	}
-	r.NotFoundHandler = http.HandlerFunc(http.NotFound)
+	r.NotFoundHandler = http.NotFoundHandler()
 
 	discoveryHandler, err := s.discoveryHandler()
 	if err != nil {

server/server_test.go

@@ -177,7 +177,7 @@ func TestDiscovery(t *testing.T) {
 	defer cancel()
 
 	httpServer, _ := newTestServer(ctx, t, func(c *Config) {
-		c.Issuer = c.Issuer + "/non-root-path"
+		c.Issuer += "/non-root-path"
 	})
 	defer httpServer.Close()
 
@@ -504,7 +504,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
 
 			// Setup a dex server.
 			httpServer, s := newTestServer(ctx, t, func(c *Config) {
-				c.Issuer = c.Issuer + "/non-root-path"
+				c.Issuer += "/non-root-path"
 				c.Now = now
 				c.IDTokensValidFor = idTokensValidFor
 			})
@@ -766,7 +766,7 @@ func TestCrossClientScopes(t *testing.T) {
 	defer cancel()
 
 	httpServer, s := newTestServer(ctx, t, func(c *Config) {
-		c.Issuer = c.Issuer + "/non-root-path"
+		c.Issuer += "/non-root-path"
 	})
 	defer httpServer.Close()
 
@@ -889,7 +889,7 @@ func TestCrossClientScopesWithAzpInAudienceByDefault(t *testing.T) {
 	defer cancel()
 
 	httpServer, s := newTestServer(ctx, t, func(c *Config) {
-		c.Issuer = c.Issuer + "/non-root-path"
+		c.Issuer += "/non-root-path"
 	})
 	defer httpServer.Close()
 
@@ -1180,7 +1180,7 @@ type oauth2Client struct {
 // that only valid refresh tokens can be used to refresh an expired token.
 func TestRefreshTokenFlow(t *testing.T) {
 	state := "state"
-	now := func() time.Time { return time.Now() }
+	now := time.Now
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 
@@ -1300,7 +1300,7 @@ func TestOAuth2DeviceFlow(t *testing.T) {
 
 			// Setup a dex server.
 			httpServer, s := newTestServer(ctx, t, func(c *Config) {
-				c.Issuer = c.Issuer + "/non-root-path"
+				c.Issuer += "/non-root-path"
 				c.Now = now
 				c.IDTokensValidFor = idTokensValidFor
 			})
@@ -1314,7 +1314,7 @@ func TestOAuth2DeviceFlow(t *testing.T) {
 				t.Fatalf("failed to get provider: %v", err)
 			}
 
-			//Add the Clients to the test server
+			// Add the Clients to the test server
 			client := storage.Client{
 				ID:           clientID,
 				RedirectURIs: []string{deviceCallbackURI},
@@ -1324,13 +1324,13 @@ func TestOAuth2DeviceFlow(t *testing.T) {
 				t.Fatalf("failed to create client: %v", err)
 			}
 
-			//Grab the issuer that we'll reuse for the different endpoints to hit
+			// Grab the issuer that we'll reuse for the different endpoints to hit
 			issuer, err := url.Parse(s.issuerURL.String())
 			if err != nil {
 				t.Errorf("Could not parse issuer URL %v", err)
 			}
 
-			//Send a new Device Request
+			// Send a new Device Request
 			codeURL, _ := url.Parse(issuer.String())
 			codeURL.Path = path.Join(codeURL.Path, "device/code")
 
@@ -1350,13 +1350,13 @@ func TestOAuth2DeviceFlow(t *testing.T) {
 				t.Errorf("%v - Unexpected Response Type.  Expected 200 got  %v.  Response: %v", tc.name, resp.StatusCode, string(responseBody))
 			}
 
-			//Parse the code response
+			// Parse the code response
 			var deviceCode deviceCodeResponse
 			if err := json.Unmarshal(responseBody, &deviceCode); err != nil {
 				t.Errorf("Unexpected Device Code Response Format %v", string(responseBody))
 			}
 
-			//Mock the user hitting the verification URI and posting the form
+			// Mock the user hitting the verification URI and posting the form
 			verifyURL, _ := url.Parse(issuer.String())
 			verifyURL.Path = path.Join(verifyURL.Path, "/device/auth/verify_code")
 			urlData := url.Values{}
@@ -1374,7 +1374,7 @@ func TestOAuth2DeviceFlow(t *testing.T) {
 				t.Errorf("%v - Unexpected Response Type.  Expected 200 got  %v.  Response: %v", tc.name, resp.StatusCode, string(responseBody))
 			}
 
-			//Hit the Token Endpoint, and try and get an access token
+			// Hit the Token Endpoint, and try and get an access token
 			tokenURL, _ := url.Parse(issuer.String())
 			tokenURL.Path = path.Join(tokenURL.Path, "/device/token")
 			v := url.Values{}
@@ -1393,7 +1393,7 @@ func TestOAuth2DeviceFlow(t *testing.T) {
 				t.Errorf("%v - Unexpected Token Response Type.  Expected 200 got  %v.  Response: %v", tc.name, resp.StatusCode, string(responseBody))
 			}
 
-			//Parse the response
+			// Parse the response
 			var tokenRes accessTokenReponse
 			if err := json.Unmarshal(responseBody, &tokenRes); err != nil {
 				t.Errorf("Unexpected Device Access Token Response Format %v", string(responseBody))
@@ -1411,7 +1411,7 @@ func TestOAuth2DeviceFlow(t *testing.T) {
 				token.Expiry = time.Now().Add(time.Duration(secs) * time.Second)
 			}
 
-			//Run token tests to validate info is correct
+			// Run token tests to validate info is correct
 			// Create the OAuth2 config.
 			oauth2Config := &oauth2.Config{
 				ClientID:     client.ID,

server/templates.go

@@ -178,11 +178,11 @@ func loadTemplates(c webConfig, templatesDir string) (*templates, error) {
 // 3. For each part of reqPath remaining(minus one), go up one level (..)
 // 4. For each part of assetPath remaining, append it to result
 //
-//eg
-//server listens at localhost/dex so serverPath is dex
-//reqPath is /dex/auth
-//assetPath is static/main.css
-//relativeURL("/dex", "/dex/auth", "static/main.css") = "../static/main.css"
+// eg
+// server listens at localhost/dex so serverPath is dex
+// reqPath is /dex/auth
+// assetPath is static/main.css
+// relativeURL("/dex", "/dex/auth", "static/main.css") = "../static/main.css"
 func relativeURL(serverPath, reqPath, assetPath string) string {
 	if u, err := url.ParseRequestURI(assetPath); err == nil && u.Scheme != "" {
 		// assetPath points to the external URL, no changes needed

storage/conformance/conformance.go

@@ -763,11 +763,9 @@ func testGC(t *testing.T, s storage.Storage) {
 		result, err := s.GarbageCollect(expiry.Add(-time.Hour).In(tz))
 		if err != nil {
 			t.Errorf("garbage collection failed: %v", err)
-		} else {
-			if result.AuthCodes != 0 || result.AuthRequests != 0 {
+		} else if result.AuthCodes != 0 || result.AuthRequests != 0 {
 			t.Errorf("expected no garbage collection results, got %#v", result)
 		}
-		}
 		if _, err := s.GetAuthCode(c.ID); err != nil {
 			t.Errorf("expected to be able to get auth code after GC: %v", err)
 		}
@@ -815,11 +813,9 @@ func testGC(t *testing.T, s storage.Storage) {
 		result, err := s.GarbageCollect(expiry.Add(-time.Hour).In(tz))
 		if err != nil {
 			t.Errorf("garbage collection failed: %v", err)
-		} else {
-			if result.AuthCodes != 0 || result.AuthRequests != 0 {
+		} else if result.AuthCodes != 0 || result.AuthRequests != 0 {
 			t.Errorf("expected no garbage collection results, got %#v", result)
 		}
-		}
 		if _, err := s.GetAuthRequest(a.ID); err != nil {
 			t.Errorf("expected to be able to get auth request after GC: %v", err)
 		}
@@ -859,11 +855,9 @@ func testGC(t *testing.T, s storage.Storage) {
 		result, err := s.GarbageCollect(expiry.Add(-time.Hour).In(tz))
 		if err != nil {
 			t.Errorf("garbage collection failed: %v", err)
-		} else {
-			if result.DeviceRequests != 0 {
+		} else if result.DeviceRequests != 0 {
 			t.Errorf("expected no device garbage collection results, got %#v", result)
 		}
-		}
 		if _, err := s.GetDeviceRequest(d.UserCode); err != nil {
 			t.Errorf("expected to be able to get auth request after GC: %v", err)
 		}
@@ -897,11 +891,9 @@ func testGC(t *testing.T, s storage.Storage) {
 		result, err := s.GarbageCollect(expiry.Add(-time.Hour).In(tz))
 		if err != nil {
 			t.Errorf("garbage collection failed: %v", err)
-		} else {
-			if result.DeviceTokens != 0 {
+		} else if result.DeviceTokens != 0 {
 			t.Errorf("expected no device token garbage collection results, got %#v", result)
 		}
-		}
 		if _, err := s.GetDeviceToken(dt.DeviceCode); err != nil {
 			t.Errorf("expected to be able to get device token after GC: %v", err)
 		}
@@ -987,12 +979,12 @@ func testDeviceRequestCRUD(t *testing.T, s storage.Storage) {
 	err = s.CreateDeviceRequest(d1)
 	mustBeErrAlreadyExists(t, "device request", err)
 
-	//No manual deletes for device requests, will be handled by garbage collection routines
-	//see testGC
+	// No manual deletes for device requests, will be handled by garbage collection routines
+	// see testGC
 }
 
 func testDeviceTokenCRUD(t *testing.T, s storage.Storage) {
-	//Create a Token
+	// Create a Token
 	d1 := storage.DeviceToken{
 		DeviceCode:          storage.NewID(),
 		Status:              "pending",
@@ -1010,7 +1002,7 @@ func testDeviceTokenCRUD(t *testing.T, s storage.Storage) {
 	err := s.CreateDeviceToken(d1)
 	mustBeErrAlreadyExists(t, "device token", err)
 
-	//Update the device token, simulate a redemption
+	// Update the device token, simulate a redemption
 	if err := s.UpdateDeviceToken(d1.DeviceCode, func(old storage.DeviceToken) (storage.DeviceToken, error) {
 		old.Token = "token data"
 		old.Status = "complete"
@@ -1019,13 +1011,13 @@ func testDeviceTokenCRUD(t *testing.T, s storage.Storage) {
 		t.Fatalf("failed to update device token: %v", err)
 	}
 
-	//Retrieve the device token
+	// Retrieve the device token
 	got, err := s.GetDeviceToken(d1.DeviceCode)
 	if err != nil {
 		t.Fatalf("failed to get device token: %v", err)
 	}
 
-	//Validate expected result set
+	// Validate expected result set
 	if got.Status != "complete" {
 		t.Fatalf("update failed, wanted token status=%v got %v", "complete", got.Status)
 	}

storage/kubernetes/k8sapi/client.go

@@ -24,7 +24,7 @@ type Config struct {
 	// Legacy field from pkg/api/types.go TypeMeta.
 	// TODO(jlowdermilk): remove this after eliminating downstream dependencies.
 	Kind string `json:"kind,omitempty"`
-	// DEPRECATED: APIVersion is the preferred api version for communicating with the kubernetes cluster (v1, v2, etc).
+	// Deprecated: APIVersion is the preferred api version for communicating with the kubernetes cluster (v1, v2, etc).
 	// Because a cluster can run multiple API groups and potentially multiple versions of each, it no longer makes sense to specify
 	// a single value for the cluster version.
 	// This field isn't really needed anyway, so we are deprecating it without replacement.

storage/sql/config.go

@@ -289,16 +289,19 @@ func (s *MySQL) open(logger log.Logger) (*conn, error) {
 			cfg.Addr = s.Host
 		}
 	}
-	if s.SSL.CAFile != "" || s.SSL.CertFile != "" || s.SSL.KeyFile != "" {
+
+	switch {
+	case s.SSL.CAFile != "" || s.SSL.CertFile != "" || s.SSL.KeyFile != "":
 		if err := s.makeTLSConfig(); err != nil {
 			return nil, fmt.Errorf("failed to make TLS config: %v", err)
 		}
 		cfg.TLSConfig = mysqlSSLCustom
-	} else if s.SSL.Mode == "" {
+	case s.SSL.Mode == "":
 		cfg.TLSConfig = mysqlSSLTrue
-	} else {
+	default:
 		cfg.TLSConfig = s.SSL.Mode
 	}
+
 	for k, v := range s.params {
 		cfg.Params[k] = v
 	}

storage/static.go

@@ -96,7 +96,7 @@ type staticPasswordsStorage struct {
 func WithStaticPasswords(s Storage, staticPasswords []Password, logger log.Logger) Storage {
 	passwordsByEmail := make(map[string]Password, len(staticPasswords))
 	for _, p := range staticPasswords {
-		//Enable case insensitive email comparison.
+		// Enable case insensitive email comparison.
 		lowerEmail := strings.ToLower(p.Email)
 		if _, ok := passwordsByEmail[lowerEmail]; ok {
 			logger.Errorf("Attempting to create StaticPasswords with the same email id: %s", p.Email)

storage/storage.go

@@ -25,7 +25,7 @@ var (
 // TODO(ericchiang): refactor ID creation onto the storage.
 var encoding = base32.NewEncoding("abcdefghijklmnopqrstuvwxyz234567")
 
-//Valid characters for user codes
+// Valid characters for user codes
 const validUserCharacters = "BCDFGHJKLMNPQRSTVWXZ"
 
 // NewDeviceCode returns a 32 char alphanumeric cryptographically secure string