🐛 bug: make TLS listener config discovery safer

[gaby]

Motivation

• Improve safety and extensibility of TLS config discovery for various net.Listener implementations without relying on fragile internal type names or panicking on unexpected types.
• Allow wrapped/custom listeners to expose their TLS configuration through well-known methods while retaining a safe reflection fallback.

Description

• Reworked getTLSConfig in helpers.go to prefer interface-based discovery by checking for TLSConfig() *tls.Config then Config() *tls.Config before falling back to reflection.
• Hardened the reflection path to avoid panics by validating reflect.Value states, field names, field types, and using safe Interface()/NewAt access only when appropriate, returning nil on any mismatch.
• Added Test_GetTLSConfig in helpers_test.go exercising direct tls.NewListener, wrapped listeners (without config methods), listeners exposing Config() *tls.Config, and plain non-TLS listeners.
• Removed the unused internal TLS type-assertion error constant from errors_internal.go that was previously used to panic.

[gemini-code-assist]

Summary of Changes

Hello @gaby, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly improves the reliability and extensibility of TLS configuration discovery for net.Listener instances. It refactors the getTLSConfig function to first attempt discovery through well-defined interfaces, then falls back to a much safer and panic-resistant reflection-based approach. This change ensures that TLS configurations can be retrieved consistently across diverse listener implementations, including custom or wrapped types, without introducing runtime errors, and is thoroughly validated with new unit tests.

Highlights

• Improved TLS Config Discovery: Prioritized interface-based TLS configuration discovery in getTLSConfig by checking for TLSConfig() and Config() methods before resorting to reflection.
• Hardened Reflection Fallback: Enhanced the reflection fallback mechanism in getTLSConfig to be more robust and panic-safe, validating reflect.Value states, field names, and types.
• Comprehensive Unit Tests: Introduced comprehensive unit tests (Test_GetTLSConfig) covering various net.Listener implementations, including standard TLS listeners, wrapped listeners, and custom listeners exposing TLS configuration via methods.
• Removed Unused Error Constant: Removed the errTLSConfigTypeAssertion error constant, as the updated getTLSConfig no longer relies on panicking for type assertion failures.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• errors_internal.go
  • Removed the unused internal error constant 'errTLSConfigTypeAssertion'.
• helpers.go
  • Refactored 'getTLSConfig' to prioritize interface-based discovery by checking for 'TLSConfig() *tls.Config' and 'Config() *tls.Config' methods.
  • Hardened the reflection fallback in 'getTLSConfig' to prevent panics by validating 'reflect.Value' states, field names, and types, and using safe access methods.
  • Replaced the previous panic-on-type-assertion-failure logic with a safe return of 'nil' on mismatch.
• helpers_test.go
  • Added 'Test_GetTLSConfig' to thoroughly test the 'getTLSConfig' function across various listener types.
  • Introduced helper types 'wrappedListener' and 'configMethodListener' to simulate different listener behaviors for testing.
  • Included a 'newLocalListener' helper for creating temporary network listeners in tests.
  • Imported 'crypto/tls' and 'net' packages for TLS and network listener testing.

Activity

• Successfully ran go test ./... -run Test_GetTLSConfig -count=1, validating the new unit tests.
• Passed all standard repository checks: make generate, make betteralign, make modernize, make format, and make lint.
• Noted that make audit failed due to govulncheck reporting environment-specific Go standard-library vulnerabilities, unrelated to the PR changes.
• Observed unrelated/flaky failures during make test (middleware/timeout.TestTimeout_ContextPropagation, Test_App_BodyLimit_Zero), indicating the need for full CI validation on canonical runners.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[coderabbitai]

Walkthrough

Refactors TLS configuration retrieval in getTLSConfig to prefer interface-based access (TLSConfig()/Config()), adds defensive nil handling and guarded reflection fallback, removes an unused error variable, and adds tests covering diverse listener types.

Changes

Cohort / File(s)	Summary
Error Removal errors_internal.go	Removed unused package-level error variable errTLSConfigTypeAssertion.
TLS Config Retrieval Logic helpers.go	Rewrote getTLSConfig: early nil checks, introduced tlsConfigProvider and configProvider interface probes, guarded reflection fallback (avoids brittle concrete-type/unsafe assumptions), and conservative returns when config cannot be obtained.
Test Coverage helpers_test.go	Added Test_GetTLSConfig with subtests and test helpers (wrappedListener, tlsConfigMethodListener, configMethodListener, newLocalListener) to validate TLSConfig()/Config() discovery and wrapped/non-TLS listener behaviors.

Sequence Diagram(s)

(omitted — change is internal logic refactor without multi-component runtime interaction that benefits from a sequence diagram)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Possibly related PRs

• refactor: using reflect.TypeAssert #3698: Related changes to getTLSConfig reflection/type-assertion logic for extracting *tls.Config.

Suggested reviewers

• sixcolors
• efectn
• ReneWerner87

Poem

🐰
I poked around listeners late at night,
Swapped unsafe shadows for interfaces bright,
I sniffed for Config with a careful hop,
Tuned nil-checks and tests — not a single flop,
Now TLS sleeps safe beneath moonlight ✨🔒

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 40.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'make TLS listener config discovery safer' directly and clearly summarizes the main change—improving safety of TLS config discovery for various listener implementations.
Description check	✅ Passed	The description provides clear motivation, detailed technical explanation of changes, and lists all modified files with specific improvements, but does not fill the structured template sections with checkboxes.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch refactor-gettlsconfig-in-helpers.go

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request significantly improves the safety and extensibility of TLS configuration discovery by introducing interface-based checks before falling back to a more robust reflection implementation. This change effectively prevents potential panics from the previous, more fragile approach. The added unit tests cover several important scenarios. My review includes a suggestion to simplify a small part of the new reflection logic and to add a test case for complete coverage of the new functionality. Overall, this is a solid improvement.

[Copilot]

Pull request overview

This PR improves the safety and extensibility of TLS configuration discovery for net.Listener implementations in the Fiber framework.

Changes:

• Refactored getTLSConfig() function to use interface-based discovery before falling back to reflection
• Added comprehensive test coverage for various listener types and TLS configuration scenarios
• Removed unused error constant that was previously used for panic conditions

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
helpers.go	Refactored getTLSConfig() to check for TLSConfig() and Config() methods before using hardened reflection fallback
helpers_test.go	Added comprehensive unit tests covering standard TLS listeners, wrapped listeners, listeners with config methods, and non-TLS listeners
errors_internal.go	Removed unused errTLSConfigTypeAssertion constant that is no longer needed after removing panic behavior

[codecov]

Codecov Report

❌ Patch coverage is 46.87500% with 17 lines in your changes missing coverage. Please review.
✅ Project coverage is 91.09%. Comparing base (eff8808) to head (db15e03).
⚠️ Report is 3 commits behind head on main.

Files with missing lines	Patch %	Lines
helpers.go	46.87%	9 Missing and 8 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4055      +/-   ##
==========================================
- Coverage   91.12%   91.09%   -0.03%     
==========================================
  Files         119      119              
  Lines       11146    11166      +20     
==========================================
+ Hits        10157    10172      +15     
  Misses        629      629              
- Partials      360      365       +5     

Flag	Coverage Δ
unittests	91.09% <46.87%> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.