From aff60af8ba24c8d5330c706ddf26927d81436d79 Mon Sep 17 00:00:00 2001
From: Peter Stone <thepeterstone@gmail.com>
Date: Mon, 26 Jan 2026 08:08:17 -1000
Subject: Phase 4: Extract magic numbers to constants

Create config/constants.go with centralized configuration values:
- Concurrency limits (MaxConcurrentTrelloRequests)
- Timeouts (HTTP, Google Calendar, graceful shutdown, request)
- Meal times (breakfast, lunch, dinner hours)
- Database pool settings (connections, lifetime)
- Session and rate limiting settings

Update all files to use these constants instead of hardcoded values.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 cmd/dashboard/main.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'cmd/dashboard')

diff --git a/cmd/dashboard/main.go b/cmd/dashboard/main.go
index 6b895d1..b3eab14 100644
--- a/cmd/dashboard/main.go
+++ b/cmd/dashboard/main.go
@@ -45,7 +45,7 @@ func main() {
 	// Initialize session manager
 	sessionManager := scs.New()
 	sessionManager.Store = sqlite3store.New(db.DB())
-	sessionManager.Lifetime = 24 * time.Hour
+	sessionManager.Lifetime = config.SessionLifetime
 	sessionManager.Cookie.Persist = true
 	sessionManager.Cookie.Secure = !cfg.Debug
 	sessionManager.Cookie.SameSite = http.SameSiteLaxMode
@@ -91,7 +91,7 @@ func main() {
 	var googleCalendarClient api.GoogleCalendarAPI
 	if cfg.HasGoogleCalendar() {
 		// Use timeout context to prevent startup hangs if credentials file is unreachable
-		initCtx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+		initCtx, cancel := context.WithTimeout(context.Background(), config.GoogleCalendarInitTimeout)
 		var err error
 		googleCalendarClient, err = api.NewGoogleCalendarClient(initCtx, cfg.GoogleCredentialsFile, cfg.GoogleCalendarID)
 		cancel()
@@ -111,13 +111,13 @@ func main() {
 	// Global middleware
 	r.Use(middleware.Logger)
 	r.Use(middleware.Recoverer)
-	r.Use(middleware.Timeout(60 * time.Second))
+	r.Use(middleware.Timeout(config.RequestTimeout))
 	r.Use(appmiddleware.SecurityHeaders(cfg.Debug))  // Security headers
 	r.Use(sessionManager.LoadAndSave)                // Session middleware must be applied globally
 	r.Use(authHandlers.Middleware().CSRFProtect)     // CSRF protection
 
-	// Rate limiter for auth endpoints (5 requests per 15 minutes per IP)
-	authRateLimiter := appmiddleware.NewRateLimiter(5, 15*time.Minute)
+	// Rate limiter for auth endpoints
+	authRateLimiter := appmiddleware.NewRateLimiter(config.AuthRateLimitRequests, config.AuthRateLimitWindow)
 
 	// Public routes (no auth required)
 	r.Get("/login", authHandlers.HandleLoginPage)
@@ -206,7 +206,7 @@ func main() {
 	log.Println("Shutting down server...")
 
 	// Graceful shutdown with timeout
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), config.GracefulShutdownTimeout)
 	defer cancel()
 
 	if err := srv.Shutdown(ctx); err != nil {
-- 
cgit v1.2.3