adding small changes

.github/workflows/ci.yml

@@ -0,0 +1,50 @@
+name: ci
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  tests:
+    name: Tests
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.25.1"
+
+      - name: Force Failure
+        run: go test ./... -cover
+
+      - name: Install gosec
+        run: go install github.com/securego/gosec/v2/cmd/gosec@latest
+
+      - name: Run gosec
+        run: gosec ./...
+
+  style:
+    name: Style
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.25.1"
+
+      - name: Check formatting
+        run: test -z $(go fmt ./...)
+
+      - name: Install staticcheck
+        run: go install honnef.co/go/tools/cmd/staticcheck@latest
+
+      - name: Run staticcheck
+        run: staticcheck ./...

README.md

@@ -1,5 +1,9 @@
+![example workflow](https://github.com/cekapitan/learn-cicd-starter/actions/workflows/ci.yml/badge.svg)
+
 # learn-cicd-starter (Notely)
 
+More to come later
+
 This repo contains the starter code for the "Notely" application for the "Learn CICD" course on [Boot.dev](https://boot.dev).
 
 ## Local Development

internal/auth/auth_test.go

@@ -0,0 +1,130 @@
+package auth
+
+import (
+	"errors"
+	"net/http"
+	"testing"
+)
+
+func TestGetAPIKey(t *testing.T) {
+	tests := []struct {
+		name           string
+		headers        http.Header
+		expectedKey    string
+		expectedError  error
+		expectedErrMsg string
+	}{
+		{
+			name:          "missing authorization header",
+			headers:       http.Header{},
+			expectedKey:   "",
+			expectedError: ErrNoAuthHeaderIncluded,
+		},
+		{
+			name: "empty authorization header",
+			headers: http.Header{
+				"Authorization": []string{""},
+			},
+			expectedKey:   "",
+			expectedError: ErrNoAuthHeaderIncluded,
+		},
+		{
+			name: "valid ApiKey header",
+			headers: http.Header{
+				"Authorization": []string{"ApiKey test-api-key-123"},
+			},
+			expectedKey:   "test-api-key-123",
+			expectedError: nil,
+		},
+		{
+			name: "valid ApiKey header with long key",
+			headers: http.Header{
+				"Authorization": []string{"ApiKey very-long-api-key-with-many-characters-123456789"},
+			},
+			expectedKey:   "very-long-api-key-with-many-characters-123456789",
+			expectedError: nil,
+		},
+		{
+			name: "malformed header - wrong prefix",
+			headers: http.Header{
+				"Authorization": []string{"Bearer token123"},
+			},
+			expectedKey:    "",
+			expectedErrMsg: "malformed authorization header",
+		},
+		{
+			name: "malformed header - missing space",
+			headers: http.Header{
+				"Authorization": []string{"ApiKeytest-key"},
+			},
+			expectedKey:    "",
+			expectedErrMsg: "malformed authorization header",
+		},
+		{
+			name: "malformed header - only prefix",
+			headers: http.Header{
+				"Authorization": []string{"ApiKey"},
+			},
+			expectedKey:    "",
+			expectedErrMsg: "malformed authorization header",
+		},
+		{
+			name: "ApiKey prefix with trailing space returns empty key",
+			headers: http.Header{
+				"Authorization": []string{"ApiKey "},
+			},
+			expectedKey:   "",
+			expectedError: nil,
+		},
+		{
+			name: "ApiKey with multiple spaces returns first token only",
+			headers: http.Header{
+				"Authorization": []string{"ApiKey key with spaces"},
+			},
+			expectedKey:   "key",
+			expectedError: nil,
+		},
+		{
+			name: "case sensitive ApiKey prefix",
+			headers: http.Header{
+				"Authorization": []string{"apikey test-key"},
+			},
+			expectedKey:    "",
+			expectedErrMsg: "malformed authorization header",
+		},
+		{
+			name: "case sensitive ApiKey prefix - mixed case",
+			headers: http.Header{
+				"Authorization": []string{"APIKEY test-key"},
+			},
+			expectedKey:    "",
+			expectedErrMsg: "malformed authorization header",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			key, err := GetAPIKey(tt.headers)
+
+			if key != tt.expectedKey {
+				t.Errorf("expected key %q, got %q", tt.expectedKey, key)
+			}
+
+			if tt.expectedError != nil {
+				if !errors.Is(err, tt.expectedError) {
+					t.Errorf("expected error %v, got %v", tt.expectedError, err)
+				}
+			} else if tt.expectedErrMsg != "" {
+				if err == nil {
+					t.Errorf("expected error with message %q, got nil", tt.expectedErrMsg)
+				} else if err.Error() != tt.expectedErrMsg {
+					t.Errorf("expected error message %q, got %q", tt.expectedErrMsg, err.Error())
+				}
+			} else {
+				if err != nil {
+					t.Errorf("expected no error, got %v", err)
+				}
+			}
+		})
+	}
+}

json.go

@@ -30,5 +30,7 @@ func respondWithJSON(w http.ResponseWriter, code int, payload interface{}) {
 		return
 	}
 	w.WriteHeader(code)
-	w.Write(dat)
+	if _, err := w.Write(dat); err != nil {
+		log.Printf("Error writing response: %s", err)
+	}
 }

main.go

@@ -7,6 +7,7 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"time"
 
 	"github.com/go-chi/chi"
 	"github.com/go-chi/cors"
@@ -89,8 +90,9 @@ func main() {
 
 	router.Mount("/v1", v1Router)
 	srv := &http.Server{
-		Addr:    ":" + port,
-		Handler: router,
+		Addr:              ":" + port,
+		Handler:           router,
+		ReadHeaderTimeout: 5 * time.Second,
 	}
 
 	log.Printf("Serving on port: %s\n", port)