NB-076
2f61ad7f1a
- 项目级 skill: .claude/skills/code-review/ (398行SKILL.md + 参考文件) - 自动触发: AI修改.py/.cbl/.cpy/.lark后自动review - CLAUDE.md: 定义触发规则、review流程、严重级别 - .code-review.yaml: tier=standard, 高风险模块配置 效果: clone即用, 每次代码变更后自动审查, 防止低质量代码入库 Co-Authored-By: Claude <noreply@anthropic.com>
1.8 KiB
1.8 KiB
Go Gin Review Checklist
Extends the generic checklist with Go/Gin-specific items.
Interface Layer (Gin Handlers)
ShouldBindJSON/ShouldBindQuerywith error handling- Binding structs have
binding:"required"tags - Custom validators registered with
binding.Validator - Response helpers used consistently (not raw
c.JSONeverywhere) - Middleware applied at appropriate scope (global vs group vs handler)
Business Layer
- Business logic in service structs with interfaces
- Context propagation (
context.Context) through all layers - Dependency injection via constructor, not global variables
Data Layer (GORM / sqlx / database/sql)
- GORM:
Preload()instead of lazy loading in loops - GORM:
Where("field = ?", value)— parameterized queries - database/sql: prepared statements with placeholders
- Connection pool:
SetMaxOpenConns,SetMaxIdleConns,SetConnMaxLifetime rows.Close()always called (or usedefer)
Error Handling
- Errors wrapped with
fmt.Errorf("context: %w", err)for traceability errors.Is()anderrors.As()for error type checking- No
panic()in request handlers (use recovery middleware) - Gin recovery middleware configured
Security
gin-contrib/corswith specific origins- Rate limiting middleware (e.g.,
gin-contrib/limiter) - JWT or session middleware for auth
- Secrets from environment, never committed
gin.SetMode(gin.ReleaseMode)in production
Performance
- Goroutine pools for concurrent operations (avoid unbounded goroutines)
sync.Poolfor frequently allocated objects- Database query limits on all SELECTs
context.WithTimeoutfor all external calls- JSON serialization with
json:"-"on sensitive fields