From 5fa0a3a7c22ef6c885c0c367105b4f4d8b616806 Mon Sep 17 00:00:00 2001 From: Asaf Gartner Date: Sat, 28 Aug 2021 16:31:19 +0300 Subject: [PATCH] Processed some TODOs --- src/models/user.go | 2 +- src/templates/src/blog_index.html | 1 - src/templates/src/feed.html | 6 ------ src/templates/src/include/header.html | 3 +-- src/templates/src/showcase.html | 2 +- src/templates/templates.go | 9 --------- src/templates/types.go | 1 + src/website/auth.go | 6 ------ src/website/forums.go | 4 +--- src/website/requesthandling.go | 20 +++++++++++++++----- src/website/routes.go | 3 ++- 11 files changed, 22 insertions(+), 35 deletions(-) diff --git a/src/models/user.go b/src/models/user.go index 4d235856..58c3a033 100644 --- a/src/models/user.go +++ b/src/models/user.go @@ -32,7 +32,7 @@ type User struct { Bio string `db:"bio"` Blurb string `db:"blurb"` Signature string `db:"signature"` - Avatar *string `db:"avatar"` // TODO: Image field stuff? + Avatar *string `db:"avatar"` DarkTheme bool `db:"darktheme"` Timezone string `db:"timezone"` diff --git a/src/templates/src/blog_index.html b/src/templates/src/blog_index.html index 2972fdb2..177b8a00 100644 --- a/src/templates/src/blog_index.html +++ b/src/templates/src/blog_index.html @@ -11,7 +11,6 @@ {{ template "pagination.html" .Pagination }} -{{/* TODO: Breadcrumbs, or some other link back to the blog index */}} {{ if .Posts }} {{ range .Posts }}
diff --git a/src/templates/src/feed.html b/src/templates/src/feed.html index 937b06ce..3646c085 100644 --- a/src/templates/src/feed.html +++ b/src/templates/src/feed.html @@ -1,11 +1,5 @@ {{ template "base.html" . }} -{{ define "extrahead" }} -{{/* TODO - -*/}} -{{ end }} - {{ define "content" }}
diff --git a/src/templates/src/include/header.html b/src/templates/src/include/header.html index a58e905e..fb981950 100644 --- a/src/templates/src/include/header.html +++ b/src/templates/src/include/header.html @@ -11,7 +11,6 @@
- {{/* TODO: CSRF */}} @@ -21,8 +20,8 @@ - {{/* TODO: Forgot password flow? Or just on standalone page? */}}
+ Forgot your password?
diff --git a/src/templates/src/showcase.html b/src/templates/src/showcase.html index 5c8522e6..75bcb5e6 100644 --- a/src/templates/src/showcase.html +++ b/src/templates/src/showcase.html @@ -46,7 +46,7 @@ let currentYear = null; for (let i = 0; i < showcaseItems.length; i++) { const item = showcaseItems[i]; - const date = new Date(item.date * 1000); // TODO(asaf): Verify that this is still correct with our new JSON marshalling + const date = new Date(item.date * 1000); if (date.getMonth() !== currentMonth || date.getFullYear() !== currentYear) { if (currentMonthElements.length > 0) { diff --git a/src/templates/templates.go b/src/templates/templates.go index 256c5371..7de7face 100644 --- a/src/templates/templates.go +++ b/src/templates/templates.go @@ -249,12 +249,3 @@ var HMNTemplateFuncs = template.FuncMap{ return snippet.Type == TimelineTypeSnippetYoutube }, } - -// TODO(asaf): Delete these? -type ErrInvalidHexColor struct { - color string -} - -func (e ErrInvalidHexColor) Error() string { - return fmt.Sprintf("invalid hex color: %s", e.color) -} diff --git a/src/templates/types.go b/src/templates/types.go index 248ef5ad..7d4f1ca7 100644 --- a/src/templates/types.go +++ b/src/templates/types.go @@ -42,6 +42,7 @@ type Header struct { UserSettingsUrl string LoginActionUrl string LogoutActionUrl string + ForgotPasswordUrl string RegisterUrl string HMNHomepageUrl string ProjectHomepageUrl string diff --git a/src/website/auth.go b/src/website/auth.go index 3eab2039..e21ba862 100644 --- a/src/website/auth.go +++ b/src/website/auth.go @@ -18,11 +18,6 @@ import ( "git.handmade.network/hmn/hmn/src/templates" ) -// TODO(asaf): Add a middleware that guarantees the certain handlers will take at least X amount of time. -// Will be relevant for: -// * Login POST -// * Register POST - var UsernameRegex = regexp.MustCompile(`^[0-9a-zA-Z][\w-]{2,29}$`) type LoginPageData struct { @@ -46,7 +41,6 @@ func LoginPage(c *RequestContext) ResponseData { } func Login(c *RequestContext) ResponseData { - // TODO: Update this endpoint to give uniform responses on errors and to be resilient to timing attacks. if c.CurrentUser != nil { return RejectRequest(c, "You are already logged in.") } diff --git a/src/website/forums.go b/src/website/forums.go index 00e96fe7..a22f11ec 100644 --- a/src/website/forums.go +++ b/src/website/forums.go @@ -190,7 +190,6 @@ func Forum(c *RequestContext) ResponseData { for _, sfNode := range subforumNodes { c.Perf.StartBlock("SQL", "Fetch count of subforum threads") - // TODO(asaf): [PERF] [MINOR] Consider replacing querying count per subforum with a single query for all subforums with GROUP BY. numThreads, err := db.QueryInt(c.Context(), c.Conn, ` SELECT COUNT(*) @@ -207,7 +206,6 @@ func Forum(c *RequestContext) ResponseData { c.Perf.EndBlock() c.Perf.StartBlock("SQL", "Fetch subforum threads") - // TODO(asaf): [PERF] [MINOR] Consider batching these. itThreads, err := db.Query(c.Context(), c.Conn, threadQueryResult{}, ` SELECT $columns @@ -261,7 +259,7 @@ func Forum(c *RequestContext) ResponseData { baseData := getBaseData(c) baseData.Title = c.CurrentProject.Name + " Forums" - baseData.Breadcrumbs = []templates.Breadcrumb{ // TODO(ben): This is wrong; it needs to account for subforums. + baseData.Breadcrumbs = []templates.Breadcrumb{ { Name: c.CurrentProject.Name, Url: hmnurl.BuildProjectHomepage(c.CurrentProject.Slug), diff --git a/src/website/requesthandling.go b/src/website/requesthandling.go index b12de9d7..57e3e49a 100644 --- a/src/website/requesthandling.go +++ b/src/website/requesthandling.go @@ -140,11 +140,21 @@ func (c *RequestContext) URL() *url.URL { } func (c *RequestContext) FullUrl() string { - var scheme string // TODO(asaf): BEFORE RELEASE!! Fetch scheme from X-Forwarded-* headers or Forwarded header - if c.Req.TLS != nil { - scheme = "https://" - } else { - scheme = "http://" + var scheme string + + if scheme == "" { + proto, hasProto := c.Req.Header["X-Forwarded-Proto"] + if hasProto { + scheme = fmt.Sprintf("%s://", proto) + } + } + + if scheme == "" { + if c.Req.TLS != nil { + scheme = "https://" + } else { + scheme = "http://" + } } return scheme + c.Req.Host + c.Req.URL.String() } diff --git a/src/website/routes.go b/src/website/routes.go index 10aef4c6..ebea9c5b 100644 --- a/src/website/routes.go +++ b/src/website/routes.go @@ -170,7 +170,7 @@ func NewWebsiteRoutes(longRequestContext context.Context, conn *pgxpool.Pool, pe // NOTE(asaf): HMN-only routes: mainRoutes.GET(hmnurl.RegexOldHome, Index) - mainRoutes.POST(hmnurl.RegexLoginAction, Login) + mainRoutes.POST(hmnurl.RegexLoginAction, securityTimerMiddleware(time.Millisecond*100, Login)) // TODO(asaf): Adjust this after launch mainRoutes.GET(hmnurl.RegexLogoutAction, Logout) mainRoutes.GET(hmnurl.RegexLoginPage, LoginPage) @@ -297,6 +297,7 @@ func getBaseData(c *RequestContext) templates.BaseData { UserSettingsUrl: hmnurl.BuildUserSettings(""), LoginActionUrl: hmnurl.BuildLoginAction(c.FullUrl()), LogoutActionUrl: hmnurl.BuildLogoutAction(c.FullUrl()), + ForgotPasswordUrl: hmnurl.BuildRequestPasswordReset(), RegisterUrl: hmnurl.BuildRegister(), HMNHomepageUrl: hmnurl.BuildHomepage(), ProjectHomepageUrl: hmnurl.BuildProjectHomepage(c.CurrentProject.Slug),