diff --git a/auth/auth.go b/auth/auth.go index 6dc82a3..61a17c3 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -27,7 +27,6 @@ const ScopeFull = AuthScope("*") // For test stubs type AuthInterface interface { - // TODO maybe have a "refresh token" thing if the client won't have email available all the time? NewAuthToken(UserId, DeviceId, AuthScope) (*AuthToken, error) NewVerifyTokenString() (VerifyTokenString, error) } @@ -46,7 +45,7 @@ const TokenLength = 32 func (a *Auth) NewAuthToken(userId UserId, deviceId DeviceId, scope AuthScope) (*AuthToken, error) { b := make([]byte, TokenLength) - // TODO - Is this is a secure random function? (Maybe audit) + // TODO - Audit: Is this is a secure random function? if _, err := rand.Read(b); err != nil { return nil, fmt.Errorf("Error generating token: %+v", err) } @@ -62,7 +61,7 @@ func (a *Auth) NewAuthToken(userId UserId, deviceId DeviceId, scope AuthScope) ( func (a *Auth) NewVerifyTokenString() (VerifyTokenString, error) { b := make([]byte, TokenLength) - // TODO - Is this is a secure random function? (Maybe audit) + // TODO - Audit: Is this is a secure random function? if _, err := rand.Read(b); err != nil { return "", fmt.Errorf("Error generating token: %+v", err) } diff --git a/server/integration_test.go b/server/integration_test.go index 3c58bb1..d339af6 100644 --- a/server/integration_test.go +++ b/server/integration_test.go @@ -21,8 +21,6 @@ import ( // Whereas sever_test.go stubs out auth store and wallet, these will use the real thing, but test fewer paths. -// TODO - test some unhappy paths? Don't want to retest all the unit tests though. - // Integration test requires a real sqlite database func storeTestInit(t *testing.T) (s store.Store, tmpFile *os.File) { s = store.Store{} diff --git a/server/paths/paths.go b/server/paths/paths.go index fa9da1b..ec7cc69 100644 --- a/server/paths/paths.go +++ b/server/paths/paths.go @@ -1,7 +1,5 @@ package paths -// TODO proper doc comments! - const ApiVersion = "3" const PathPrefix = "/api/" + ApiVersion diff --git a/server/server.go b/server/server.go index 06bab6a..a165172 100644 --- a/server/server.go +++ b/server/server.go @@ -25,8 +25,6 @@ type Server struct { port int } -// TODO If I capitalize the `auth` `store` and `env` fields of Store{} I can -// create Store{} structs directly from main.go. func Init( auth auth.AuthInterface, store store.StoreInterface, @@ -77,7 +75,6 @@ func internalServiceErrorJson(w http.ResponseWriter, serverErr error, errContext // Cut down on code repetition. No need to return errors since it can all be // handled here. Just return a bool to indicate success. -// TODO the names `getPostData` and `getGetData` don't fully describe what they do func requestOverhead(w http.ResponseWriter, req *http.Request, method string) bool { if req.Method != method { @@ -94,10 +91,6 @@ type PostRequest interface { validate() error } -// TODO decoder.DisallowUnknownFields? -// TODO GET params too large (like StatusRequestEntityTooLarge)? Or is that -// somehow handled by the http library due to a size limit in the http spec? - // Confirm it's a Post request, various overhead, decode the json, validate the struct func getPostData(w http.ResponseWriter, req *http.Request, reqStruct PostRequest) bool { if !requestOverhead(w, req, http.MethodPost) { @@ -137,7 +130,7 @@ func getGetData(w http.ResponseWriter, req *http.Request) bool { } // TODO - probably don't return all of authToken since we only need userId and -// deviceId. Also this is apparently not idiomatic go error handling. +// deviceId. func (s *Server) checkAuth( w http.ResponseWriter, token auth.AuthTokenString,