Fix linting issues and add web frontend

Linting fixes:
- Fix unchecked error returns (errcheck)
- Update AWS SDK to use non-deprecated BaseEndpoint option
- Use t.Setenv() in tests instead of os.Setenv()

Frontend:
- Add static HTML/CSS/JS frontend for file management
- Serve frontend at root path
- Support login, register, create groups, upload/download/delete files

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: cole-rgb

Dockerfile

@@ -31,6 +31,12 @@ COPY --from=builder /app/api /api
 # Copy migrations
 COPY --from=builder /app/migrations /migrations
 
+# Copy static files (frontend)
+COPY --from=builder /app/static /static
+
+# Set working directory so relative paths work
+WORKDIR /
+
 # Expose port
 EXPOSE 8080
 

cmd/api/main.go

@@ -35,7 +35,11 @@ func main() {
 	if err != nil {
 		log.Fatalf("Failed to connect to database: %v", err)
 	}
-	defer db.Close()
+	defer func() {
+		if err := db.Close(); err != nil {
+			log.Printf("Error closing database: %v", err)
+		}
+	}()
 
 	db.SetMaxOpenConns(cfg.Database.MaxOpenConns)
 	db.SetMaxIdleConns(cfg.Database.MaxIdleConns)
@@ -97,8 +101,16 @@ func main() {
 	// Health check
 	r.Get("/health", func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
-		w.Write([]byte("OK"))
+		_, _ = w.Write([]byte("OK"))
+	})
+
+	// Serve static files (frontend)
+	staticDir := http.Dir("./static")
+	fileServer := http.FileServer(staticDir)
+	r.Get("/", func(w http.ResponseWriter, r *http.Request) {
+		http.ServeFile(w, r, "./static/index.html")
 	})
+	r.Handle("/static/*", http.StripPrefix("/static/", fileServer))
 
 	// API routes
 	r.Route("/api/v1", func(r chi.Router) {

internal/auth/handler.go

@@ -213,7 +213,7 @@ func (h *Handler) Refresh(w http.ResponseWriter, r *http.Request) {
 func respondJSON(w http.ResponseWriter, status int, data interface{}) {
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(status)
-	json.NewEncoder(w).Encode(data)
+	_ = json.NewEncoder(w).Encode(data)
 }
 
 func respondError(w http.ResponseWriter, message string, status int) {

internal/config/config_test.go

@@ -1,21 +1,15 @@
 package config
 
 import (
-	"os"
 	"testing"
 	"time"
 )
 
 func TestLoad(t *testing.T) {
 	// Set required environment variables
-	os.Setenv("DATABASE_URL", "postgres://test:test@localhost:5432/test")
-	os.Setenv("JWT_SECRET", "this-is-a-very-long-secret-key-for-testing-purposes")
-	os.Setenv("S3_BUCKET", "test-bucket")
-	defer func() {
-		os.Unsetenv("DATABASE_URL")
-		os.Unsetenv("JWT_SECRET")
-		os.Unsetenv("S3_BUCKET")
-	}()
+	t.Setenv("DATABASE_URL", "postgres://test:test@localhost:5432/test")
+	t.Setenv("JWT_SECRET", "this-is-a-very-long-secret-key-for-testing-purposes")
+	t.Setenv("S3_BUCKET", "test-bucket")
 
 	cfg, err := Load()
 	if err != nil {
@@ -36,10 +30,8 @@ func TestLoad(t *testing.T) {
 }
 
 func TestLoadMissingRequired(t *testing.T) {
-	// Clear any existing env vars
-	os.Unsetenv("DATABASE_URL")
-	os.Unsetenv("JWT_SECRET")
-	os.Unsetenv("S3_BUCKET")
+	// t.Setenv automatically clears after test
+	// Don't set required vars to test missing validation
 
 	_, err := Load()
 	if err == nil {
@@ -48,14 +40,9 @@ func TestLoadMissingRequired(t *testing.T) {
 }
 
 func TestValidateJWTSecretLength(t *testing.T) {
-	os.Setenv("DATABASE_URL", "postgres://test:test@localhost:5432/test")
-	os.Setenv("JWT_SECRET", "short") // Too short
-	os.Setenv("S3_BUCKET", "test-bucket")
-	defer func() {
-		os.Unsetenv("DATABASE_URL")
-		os.Unsetenv("JWT_SECRET")
-		os.Unsetenv("S3_BUCKET")
-	}()
+	t.Setenv("DATABASE_URL", "postgres://test:test@localhost:5432/test")
+	t.Setenv("JWT_SECRET", "short") // Too short
+	t.Setenv("S3_BUCKET", "test-bucket")
 
 	_, err := Load()
 	if err == nil {
@@ -64,49 +51,39 @@ func TestValidateJWTSecretLength(t *testing.T) {
 }
 
 func TestGetEnvDefaults(t *testing.T) {
-	os.Unsetenv("TEST_VAR")
-
-	if got := getEnv("TEST_VAR", "default"); got != "default" {
+	if got := getEnv("TEST_VAR_NONEXISTENT", "default"); got != "default" {
 		t.Errorf("expected default, got %s", got)
 	}
 }
 
 func TestGetIntEnv(t *testing.T) {
-	os.Setenv("TEST_INT", "42")
-	defer os.Unsetenv("TEST_INT")
+	t.Setenv("TEST_INT", "42")
 
 	if got := getIntEnv("TEST_INT", 0); got != 42 {
 		t.Errorf("expected 42, got %d", got)
 	}
 }
 
 func TestGetBoolEnv(t *testing.T) {
-	os.Setenv("TEST_BOOL", "true")
-	defer os.Unsetenv("TEST_BOOL")
+	t.Setenv("TEST_BOOL", "true")
 
 	if got := getBoolEnv("TEST_BOOL", false); !got {
 		t.Error("expected true")
 	}
 }
 
 func TestGetDurationEnv(t *testing.T) {
-	os.Setenv("TEST_DURATION", "30s")
-	defer os.Unsetenv("TEST_DURATION")
+	t.Setenv("TEST_DURATION", "30s")
 
 	if got := getDurationEnv("TEST_DURATION", time.Second); got != 30*time.Second {
 		t.Errorf("expected 30s, got %v", got)
 	}
 }
 
 func TestDefaultValues(t *testing.T) {
-	os.Setenv("DATABASE_URL", "postgres://test:test@localhost:5432/test")
-	os.Setenv("JWT_SECRET", "this-is-a-very-long-secret-key-for-testing-purposes")
-	os.Setenv("S3_BUCKET", "test-bucket")
-	defer func() {
-		os.Unsetenv("DATABASE_URL")
-		os.Unsetenv("JWT_SECRET")
-		os.Unsetenv("S3_BUCKET")
-	}()
+	t.Setenv("DATABASE_URL", "postgres://test:test@localhost:5432/test")
+	t.Setenv("JWT_SECRET", "this-is-a-very-long-secret-key-for-testing-purposes")
+	t.Setenv("S3_BUCKET", "test-bucket")
 
 	cfg, err := Load()
 	if err != nil {

internal/file/handler.go

@@ -65,7 +65,7 @@ func (h *Handler) Upload(w http.ResponseWriter, r *http.Request) {
 		respondError(w, "File is required", http.StatusBadRequest)
 		return
 	}
-	defer file.Close()
+	defer func() { _ = file.Close() }()
 
 	// Get content type
 	contentType := header.Header.Get("Content-Type")
@@ -174,15 +174,15 @@ func (h *Handler) Download(w http.ResponseWriter, r *http.Request) {
 		}
 		return
 	}
-	defer body.Close()
+	defer func() { _ = body.Close() }()
 
 	// Set headers
 	w.Header().Set("Content-Type", file.ContentType)
 	w.Header().Set("Content-Disposition", "attachment; filename=\""+file.Name+"\"")
 	w.Header().Set("Content-Length", strconv.FormatInt(file.SizeBytes, 10))
 
 	// Stream the file
-	io.Copy(w, body)
+	_, _ = io.Copy(w, body)
 }
 
 // Delete handles file deletion
@@ -221,7 +221,7 @@ func (h *Handler) Delete(w http.ResponseWriter, r *http.Request) {
 func respondJSON(w http.ResponseWriter, status int, data interface{}) {
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(status)
-	json.NewEncoder(w).Encode(data)
+	_ = json.NewEncoder(w).Encode(data)
 }
 
 func respondError(w http.ResponseWriter, message string, status int) {

internal/file/repository.go

@@ -87,7 +87,7 @@ func (r *PostgresRepository) ListByGroupID(ctx context.Context, groupID uuid.UUI
 	if err != nil {
 		return nil, err
 	}
-	defer rows.Close()
+	defer func() { _ = rows.Close() }()
 
 	var files []*File
 	for rows.Next() {

internal/file/service.go

@@ -72,8 +72,8 @@ func (s *Service) Upload(ctx context.Context, input *UploadFileInput, body io.Re
 	}
 
 	if err := s.repo.Create(ctx, file); err != nil {
-		// Try to clean up S3 file on failure
-		s.storage.Delete(ctx, s3Key)
+		// Try to clean up S3 file on failure (best effort)
+		_ = s.storage.Delete(ctx, s3Key)
 		return nil, err
 	}
 
@@ -162,7 +162,7 @@ func (s *Service) Delete(ctx context.Context, fileID, userID uuid.UUID) error {
 	}
 
 	// Delete from S3 (best effort)
-	s.storage.Delete(ctx, file.S3Key)
+	_ = s.storage.Delete(ctx, file.S3Key)
 
 	return nil
 }

internal/file/storage.go

@@ -44,17 +44,9 @@ func NewS3Storage(ctx context.Context, cfg *S3Config) (*S3Storage, error) {
 	var err error
 
 	if cfg.Endpoint != "" {
-		// Custom endpoint (MinIO, localstack)
-		customResolver := aws.EndpointResolverWithOptionsFunc(func(service, region string, options ...interface{}) (aws.Endpoint, error) {
-			return aws.Endpoint{
-				URL:               cfg.Endpoint,
-				HostnameImmutable: true,
-			}, nil
-		})
-
+		// Custom endpoint (MinIO, localstack) with static credentials
 		awsCfg, err = config.LoadDefaultConfig(ctx,
 			config.WithRegion(cfg.Region),
-			config.WithEndpointResolverWithOptions(customResolver),
 			config.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(
 				cfg.AccessKeyID,
 				cfg.SecretAccessKey,
@@ -72,8 +64,12 @@ func NewS3Storage(ctx context.Context, cfg *S3Config) (*S3Storage, error) {
 		return nil, fmt.Errorf("failed to load AWS config: %w", err)
 	}
 
+	// Create S3 client with optional custom endpoint
 	client := s3.NewFromConfig(awsCfg, func(o *s3.Options) {
 		o.UsePathStyle = cfg.UsePathStyle
+		if cfg.Endpoint != "" {
+			o.BaseEndpoint = aws.String(cfg.Endpoint)
+		}
 	})
 
 	uploader := manager.NewUploader(client, func(u *manager.Uploader) {

internal/group/handler.go

@@ -215,7 +215,7 @@ func (h *Handler) RemoveMember(w http.ResponseWriter, r *http.Request) {
 func respondJSON(w http.ResponseWriter, status int, data interface{}) {
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(status)
-	json.NewEncoder(w).Encode(data)
+	_ = json.NewEncoder(w).Encode(data)
 }
 
 func respondError(w http.ResponseWriter, message string, status int) {

internal/group/repository.go

@@ -93,7 +93,7 @@ func (r *PostgresRepository) ListByUserID(ctx context.Context, userID uuid.UUID)
 	if err != nil {
 		return nil, err
 	}
-	defer rows.Close()
+	defer func() { _ = rows.Close() }()
 
 	var groups []*Group
 	for rows.Next() {
@@ -172,7 +172,7 @@ func (r *PostgresRepository) ListMembers(ctx context.Context, groupID uuid.UUID)
 	if err != nil {
 		return nil, err
 	}
-	defer rows.Close()
+	defer func() { _ = rows.Close() }()
 
 	var members []*Membership
 	for rows.Next() {
@@ -192,7 +192,7 @@ func (r *PostgresRepository) GetUserGroupIDs(ctx context.Context, userID uuid.UU
 	if err != nil {
 		return nil, err
 	}
-	defer rows.Close()
+	defer func() { _ = rows.Close() }()
 
 	var groupIDs []uuid.UUID
 	for rows.Next() {