chore: simplify, modernize (Go 1.26), update deps

[rustatian]

Applied fixes

S (simplify) — 5 applied:

• middleware/log: remove dead wrapper.data field; if/else instead of switch bool{case false/true}; CRLF stripping via strings.NewReplacer
• middleware/maxRequest: assign r.Body directly instead of r.Clone + swap
• plugin: drop redundant _ = r.Body.Close() (server closes it); drop redundant type-switch to reach Destroy (interface already exposes it)

M (modern-Go) — 6 applied:

• handler/request: two ReplaceAll → strings.NewReplacer; drop redundant ContainsRune(':') pre-check before net.SplitHostPort
• handler/uploads: os.IsNotExist → errors.Is(err, fs.ErrNotExist)
• middleware/log: reuse start instead of two time.Now() calls in access-log path
• plugin: Go 1.22 range-over-value for server-start loop (closes loop-variable capture)
• servers/https/config: os.IsNotExist → errors.Is(err, fs.ErrNotExist) in three stat checks
• acme: drop explicit zero-value struct fields

R (review/bugs) — 3 applied:

• attributes: guard Get/Set unchecked type-assertion v.(attrs) — panics if another type is stored under the same context key (R-High)
• tlsconf: remove TLS 1.3 cipher IDs from CipherSuites — Go silently ignores them; also fixes wrong cap 22 (max 6) (R-Med)
• plugin: call pool.Destroy through the api.Pool interface instead of unnecessary type-assert to *static_pool.Pool (R-Low)

Not applied (needs manual review)

• Stop mutex race (plugin.go:179): goroutine reads pool/queue/servers while lock is released — requires rethinking the shutdown contract
• middleware/log 1xx WriteHeader logic (log.go:39): wc=true on 1xx blocks later real WriteHeader — logic change with tricky semantics
• middleware/redirect chain (redirect.go:13): Redirect ignores next and HSTS on plain-HTTP — redirect-chain rewrite
• applyMiddleware / TLSAddr consolidation (S-Med): cross-server dedup refactors
• init.go:59 duplicate type-switch arms (S-Med): two identical arms in applyBundledMiddleware

Deps

go get -u all && go mod tidy in root and tests/; go work sync. No version changes produced (already up to date).

Verification

go build ./...   ✓
go vet ./...     ✓
golangci-lint run → 0 issues  ✓
go test ./...    ✓ (handler, middleware, proxy, servers/https all pass)

[coderabbitai]

Warning

Review limit reached

@rustatian, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 12 minutes and 30 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ea27d930-bbb3-4934-bf53-1f5cfb435859

📥 Commits

Reviewing files that changed from the base of the PR and between 40adf9b and e336bd5.

📒 Files selected for processing (9)

• acme/acme.go
• attributes/attributes.go
• handler/request.go
• handler/uploads.go
• middleware/log.go
• middleware/maxRequest.go
• plugin.go
• servers/https/config.go
• tlsconf/default_tlsconf.go

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/cleanup-modernize-deps

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Refactor pass aligning the HTTP plugin with Go 1.26 idioms and dependency updates: simplifies redundant code, modernizes stdlib usage, hardens a couple of unchecked type assertions, and drops cipher-suite entries that the TLS stack ignores.

Changes:

• Simplification: remove dead fields, redundant clones/closes, redundant type switches; collapse switch bool into if; consolidate CRLF stripping via strings.NewReplacer.
• Modernization: prefer errors.Is(err, fs.ErrNotExist), range-over-value for goroutine loop, reuse start instead of re-calling time.Now(), drop unneeded ContainsRune(':') pre-check.
• Correctness: guard attrs type assertions in attributes.Get/Set; remove TLS 1.3 cipher IDs from CipherSuites (silently ignored by Go) and the incorrect cap=22.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
acme/acme.go	Drop explicit zero-value struct fields in certmagic configs.
attributes/attributes.go	Guard v.(attrs) assertions in Get/Set to avoid panics.
handler/request.go	Use shared crlfReplacer; drop redundant ContainsRune(':') check.
handler/uploads.go	Switch os.IsNotExist to errors.Is(err, fs.ErrNotExist).
middleware/log.go	Remove dead data field, replace switch bool with if, factor CRLF replacer, reuse start.
middleware/maxRequest.go	Assign to r.Body directly instead of cloning the request.
plugin.go	Drop redundant body close, range-over-value for server start, call Destroy via api.Pool interface.
servers/https/config.go	Alias roadrunner-server/errors as rrerrors; use errors.Is/fs.ErrNotExist.
tlsconf/default_tlsconf.go	Remove TLS 1.3 cipher entries and the incorrect cap=22 allocation.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.