Other: Fix all linter errors

internal/vault/helper.go

@@ -32,11 +32,13 @@ type Keychain struct {
 func GetHelper(vaultDir string) (string, error) {
 	var keychain Keychain
 
-	if _, err := os.Stat(filepath.Join(vaultDir, "keychain.json")); errors.Is(err, fs.ErrNotExist) {
+	filePath := filepath.Clean(filepath.Join(vaultDir, "keychain.json"))
+
+	if _, err := os.Stat(filePath); errors.Is(err, fs.ErrNotExist) {
 		return "", nil
 	}
 
-	b, err := os.ReadFile(filepath.Join(vaultDir, "keychain.json"))
+	b, err := os.ReadFile(filePath)
 	if err != nil {
 		return "", err
 	}
@@ -54,5 +56,7 @@ func SetHelper(vaultDir, helper string) error {
 		return err
 	}
 
-	return os.WriteFile(filepath.Join(vaultDir, "keychain.json"), b, 0o600)
+	filePath := filepath.Clean(filepath.Join(vaultDir, "keychain.json"))
+
+	return os.WriteFile(filePath, b, 0o600)
 }

internal/vault/token.go

@@ -23,7 +23,7 @@ import (
 
 // RandomToken is a function that returns a random token.
 // By default, we use crypto.RandomToken to generate tokens.
-var RandomToken = crypto.RandomToken
+var RandomToken = crypto.RandomToken // nolint:gochecknoglobals
 
 func newRandomToken(size int) []byte {
 	token, err := RandomToken(size)

internal/vault/types.go

@@ -73,7 +73,7 @@ func newDefaultSettings(gluonDir string) Settings {
 		SMTPSSL:  false,
 
 		UpdateChannel: updater.DefaultUpdateChannel,
-		UpdateRollout: rand.Float64(),
+		UpdateRollout: rand.Float64(), //nolint:gosec
 
 		ColorScheme:  "",
 		ProxyAllowed: true,

internal/vault/user_test.go

@@ -154,7 +154,7 @@ func TestUser_ForEach(t *testing.T) {
 	require.NoError(t, err)
 
 	// Iterate through the users.
-	s.ForUser(func(user *vault.User) error {
+	err = s.ForUser(func(user *vault.User) error {
 		switch user.UserID() {
 		case "userID1":
 			require.Equal(t, "username1", user.Username())
@@ -175,6 +175,8 @@ func TestUser_ForEach(t *testing.T) {
 		return nil
 	})
 
+	require.NoError(t, err)
+
 	// Try to delete the first user; it should fail because it is still in use.
 	require.Error(t, s.DeleteUser("userID1"))
 

internal/vault/vault.go

@@ -20,12 +20,12 @@ package vault
 import (
 	"crypto/aes"
 	"crypto/cipher"
+	"crypto/rand"
 	"crypto/sha256"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"io/fs"
-	"math/rand"
 	"os"
 	"path/filepath"
 	"sync"
@@ -184,7 +184,7 @@ func (vault *Vault) attachUser(userID string) *User {
 	vault.refLock.Lock()
 	defer vault.refLock.Unlock()
 
-	vault.ref[userID] += 1
+	vault.ref[userID]++
 
 	return &User{
 		vault:  vault,
@@ -200,7 +200,7 @@ func (vault *Vault) detachUser(userID string) error {
 		return fmt.Errorf("user %s is not attached", userID)
 	}
 
-	vault.ref[userID] -= 1
+	vault.ref[userID]--
 
 	if vault.ref[userID] == 0 {
 		delete(vault.ref, userID)
@@ -216,7 +216,7 @@ func newVault(path, gluonDir string, gcm cipher.AEAD) (*Vault, bool, error) {
 		}
 	}
 
-	enc, err := os.ReadFile(path)
+	enc, err := os.ReadFile(filepath.Clean(path))
 	if err != nil {
 		return nil, false, err
 	}