Skip to content

fix: replace panics with proper error handling and add comprehensive tests #62

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
matelang wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: replace panics with proper error handling and add comprehensive tests #62

matelang wants to merge 1 commit into from

Conversation

@matelang
Copy link
Owner

@matelang matelang commented Nov 11, 2025

Summary

This PR addresses critical issues identified in the codebase evaluation:

  • Replaced panic() calls with proper error handling in the mockkms package
  • Added comprehensive test coverage (79.0% total, up from 37.1%)
  • Fixed typos in error messages and comments

Changes

Error Handling Improvements

  • ✅ Replace panic("unsupported signingalgorithm for rsa key") with proper error return
  • ✅ Replace panic("unreachable") with proper error return for unsupported key types
  • ✅ Fix typo: "unknowning" → "unknown" in ECDSA error message
  • ✅ Fix typo: "outpus" → "outputs" in comment

Test Coverage Improvements

New tests added:

  • TestConfigWithContext() - tests the WithContext() method (was 0% coverage)
  • TestSigningMethodWithInvalidKeyConfig() - tests error handling for invalid key configs
  • TestSigningMethodFallbackToStandardJWT() - tests backward compatibility with standard JWT
  • TestVerifyWithInvalidSignature() - tests signature tampering detection
  • TestVerifyWithNonExistentKey() - tests error handling for missing keys
  • TestAlgMethod() - tests the Alg() method for all signing methods

Comprehensive mockkms test suite:

  • TestNewMockKMS() - constructor test
  • TestGenerateKey() - key generation for all types + error cases
  • TestSignECDSA() - ECDSA signing and verification (ES256, ES384, ES512)
  • TestSignRSAPKCS1() - RSA PKCS1 signing and verification (RS256, RS384, RS512)
  • TestSignRSAPSS() - RSA PSS signing and verification (PS256, PS384, PS512)
  • TestSignWithUnsupportedAlgorithm() - error handling for algorithm mismatches
  • TestSignWithUnsupportedMessageType() - error handling for unsupported message types
  • TestVerifyWithInvalidSignature() - signature validation edge cases
  • TestGetPublicKey() - public key retrieval for all key types
  • TestGetPublicKeyNonExistent() - error handling for missing keys

Coverage Results

Package Before After Improvement
jwtkms 78.7% 90.6% +11.9%
mockkms 0.0% 81.1% +81.1%
Total 37.1% 79.0% +41.9%

Testing

All tests pass:

go test -v ./...

Impact

  • No breaking changes - all existing functionality preserved
  • Improved error handling - libraries no longer panic in production
  • Better testability - comprehensive test suite ensures reliability
  • Backward compatible - fallback to standard JWT methods tested

🤖 Generated with Claude Code

@matelang @claude
fix: replace panics with proper error handling and add comprehensive …
aec7018 
…tests

Replace panic() calls with proper error returns in the mockkms package
to allow graceful error handling in consumer applications. Libraries
should not panic in production code paths.

Changes:
- Replace panic with error return in Sign() for unsupported RSA algorithms
- Replace panic with error return in Sign() for unsupported key types
- Replace panic with error return in Verify() for unsupported RSA algorithms
- Replace panic with error return in Verify() for unsupported key types
- Fix typo: "unknowning" → "unknown" in ECDSA signing error message
- Fix typo: "outpus" → "outputs" in comment

Test improvements:
- Add test for Config.WithContext() (was 0% coverage)
- Add tests for invalid key configs and error paths
- Add tests for fallback to standard JWT signing methods
- Add tests for signature validation edge cases
- Add comprehensive mockkms test suite (0% → 81.1% coverage)
- Add tests for all signing algorithms (ECDSA, RSA PKCS1, RSA PSS)
- Add tests for unsupported algorithms and message types

Coverage improvements:
- jwtkms package: 78.7% → 90.6% (+11.9%)
- mockkms package: 0% → 81.1% (+81.1%)
- Total coverage: 37.1% → 79.0% (+41.9%)

All tests pass.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@matelang