Delete some TODOs that I've made into tasks
This commit is contained in:
Daniel Krol
parent
aac7ef713e
commit
f04a01a5a0
4 changed files with 3 additions and 15 deletions
|
|
@ -27,7 +27,6 @@ const ScopeFull = AuthScope("*")
|
||||||
|
|
||||||
// For test stubs
|
// For test stubs
|
||||||
type AuthInterface interface {
|
type AuthInterface interface {
|
||||||
// TODO maybe have a "refresh token" thing if the client won't have email available all the time?
|
|
||||||
NewAuthToken(UserId, DeviceId, AuthScope) (*AuthToken, error)
|
NewAuthToken(UserId, DeviceId, AuthScope) (*AuthToken, error)
|
||||||
NewVerifyTokenString() (VerifyTokenString, error)
|
NewVerifyTokenString() (VerifyTokenString, error)
|
||||||
}
|
}
|
||||||
|
|
@ -46,7 +45,7 @@ const TokenLength = 32
|
||||||
|
|
||||||
func (a *Auth) NewAuthToken(userId UserId, deviceId DeviceId, scope AuthScope) (*AuthToken, error) {
|
func (a *Auth) NewAuthToken(userId UserId, deviceId DeviceId, scope AuthScope) (*AuthToken, error) {
|
||||||
b := make([]byte, TokenLength)
|
b := make([]byte, TokenLength)
|
||||||
// TODO - Is this is a secure random function? (Maybe audit)
|
// TODO - Audit: Is this is a secure random function?
|
||||||
if _, err := rand.Read(b); err != nil {
|
if _, err := rand.Read(b); err != nil {
|
||||||
return nil, fmt.Errorf("Error generating token: %+v", err)
|
return nil, fmt.Errorf("Error generating token: %+v", err)
|
||||||
}
|
}
|
||||||
|
|
@ -62,7 +61,7 @@ func (a *Auth) NewAuthToken(userId UserId, deviceId DeviceId, scope AuthScope) (
|
||||||
|
|
||||||
func (a *Auth) NewVerifyTokenString() (VerifyTokenString, error) {
|
func (a *Auth) NewVerifyTokenString() (VerifyTokenString, error) {
|
||||||
b := make([]byte, TokenLength)
|
b := make([]byte, TokenLength)
|
||||||
// TODO - Is this is a secure random function? (Maybe audit)
|
// TODO - Audit: Is this is a secure random function?
|
||||||
if _, err := rand.Read(b); err != nil {
|
if _, err := rand.Read(b); err != nil {
|
||||||
return "", fmt.Errorf("Error generating token: %+v", err)
|
return "", fmt.Errorf("Error generating token: %+v", err)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -21,8 +21,6 @@ import (
|
||||||
|
|
||||||
// Whereas sever_test.go stubs out auth store and wallet, these will use the real thing, but test fewer paths.
|
// Whereas sever_test.go stubs out auth store and wallet, these will use the real thing, but test fewer paths.
|
||||||
|
|
||||||
// TODO - test some unhappy paths? Don't want to retest all the unit tests though.
|
|
||||||
|
|
||||||
// Integration test requires a real sqlite database
|
// Integration test requires a real sqlite database
|
||||||
func storeTestInit(t *testing.T) (s store.Store, tmpFile *os.File) {
|
func storeTestInit(t *testing.T) (s store.Store, tmpFile *os.File) {
|
||||||
s = store.Store{}
|
s = store.Store{}
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,5 @@
|
||||||
package paths
|
package paths
|
||||||
|
|
||||||
// TODO proper doc comments!
|
|
||||||
|
|
||||||
const ApiVersion = "3"
|
const ApiVersion = "3"
|
||||||
const PathPrefix = "/api/" + ApiVersion
|
const PathPrefix = "/api/" + ApiVersion
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -25,8 +25,6 @@ type Server struct {
|
||||||
port int
|
port int
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO If I capitalize the `auth` `store` and `env` fields of Store{} I can
|
|
||||||
// create Store{} structs directly from main.go.
|
|
||||||
func Init(
|
func Init(
|
||||||
auth auth.AuthInterface,
|
auth auth.AuthInterface,
|
||||||
store store.StoreInterface,
|
store store.StoreInterface,
|
||||||
|
|
@ -77,7 +75,6 @@ func internalServiceErrorJson(w http.ResponseWriter, serverErr error, errContext
|
||||||
|
|
||||||
// Cut down on code repetition. No need to return errors since it can all be
|
// Cut down on code repetition. No need to return errors since it can all be
|
||||||
// handled here. Just return a bool to indicate success.
|
// handled here. Just return a bool to indicate success.
|
||||||
// TODO the names `getPostData` and `getGetData` don't fully describe what they do
|
|
||||||
|
|
||||||
func requestOverhead(w http.ResponseWriter, req *http.Request, method string) bool {
|
func requestOverhead(w http.ResponseWriter, req *http.Request, method string) bool {
|
||||||
if req.Method != method {
|
if req.Method != method {
|
||||||
|
|
@ -94,10 +91,6 @@ type PostRequest interface {
|
||||||
validate() error
|
validate() error
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO decoder.DisallowUnknownFields?
|
|
||||||
// TODO GET params too large (like StatusRequestEntityTooLarge)? Or is that
|
|
||||||
// somehow handled by the http library due to a size limit in the http spec?
|
|
||||||
|
|
||||||
// Confirm it's a Post request, various overhead, decode the json, validate the struct
|
// Confirm it's a Post request, various overhead, decode the json, validate the struct
|
||||||
func getPostData(w http.ResponseWriter, req *http.Request, reqStruct PostRequest) bool {
|
func getPostData(w http.ResponseWriter, req *http.Request, reqStruct PostRequest) bool {
|
||||||
if !requestOverhead(w, req, http.MethodPost) {
|
if !requestOverhead(w, req, http.MethodPost) {
|
||||||
|
|
@ -137,7 +130,7 @@ func getGetData(w http.ResponseWriter, req *http.Request) bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO - probably don't return all of authToken since we only need userId and
|
// TODO - probably don't return all of authToken since we only need userId and
|
||||||
// deviceId. Also this is apparently not idiomatic go error handling.
|
// deviceId.
|
||||||
func (s *Server) checkAuth(
|
func (s *Server) checkAuth(
|
||||||
w http.ResponseWriter,
|
w http.ResponseWriter,
|
||||||
token auth.AuthTokenString,
|
token auth.AuthTokenString,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue