Processed some TODOs

2021-08-28 16:31:19 +03:00 · 2021-08-28 16:31:19 +03:00 · 5fa0a3a7c2
parent c59b58daf0
commit 5fa0a3a7c2
11 changed files with 22 additions and 35 deletions
--- a/src/models/user.go
+++ b/src/models/user.go
@ -32,7 +32,7 @@ type User struct {
 	Bio       string  `db:"bio"`
 	Blurb     string  `db:"blurb"`
 	Signature string  `db:"signature"`
-	Avatar    *string `db:"avatar"` // TODO: Image field stuff?
+	Avatar    *string `db:"avatar"`

 	DarkTheme bool   `db:"darktheme"`
 	Timezone  string `db:"timezone"`
--- a/src/templates/src/blog_index.html
+++ b/src/templates/src/blog_index.html
@ -11,7 +11,6 @@
        {{ template "pagination.html" .Pagination }}
    </div>
 </div>
-{{/* TODO: Breadcrumbs, or some other link back to the blog index */}}
 {{ if .Posts }}
    {{ range .Posts }}
        <div class="flex items-start ph3 pv3 background-even">
--- a/src/templates/src/feed.html
+++ b/src/templates/src/feed.html
@ -1,11 +1,5 @@
 {{ template "base.html" . }}

-{{ define "extrahead" }}
-{{/* TODO
-<script type="text/javascript" src="{% static 'util.js' %}?v={% cachebust %}"></script>
-*/}}
-{{ end }}
-
 {{ define "content" }}
 <div class="content-block">
    <div class="optionbar">
--- a/src/templates/src/include/header.html
+++ b/src/templates/src/include/header.html
@ -11,7 +11,6 @@
            <a class="login" id="login-link" href="{{ .LoginPageUrl }}">Log in</a>
            <div id="login-popup">
                <form action="{{ .Header.LoginActionUrl }}" method="post">
-                    {{/* TODO: CSRF */}}
                    <table>
                        <tr>
                            <th><label>Username:</label></th>
@ -21,8 +20,8 @@
                            <th><label>Password:</label></th>
                            <td><input type="password" name="password" class="textbox password" value="" /></td>
                        </tr>
-                        {{/* TODO: Forgot password flow? Or just on standalone page? */}}
                    </table>
+					<a class="db" style="padding: 0.5rem 0;" href="{{ .Header.ForgotPasswordUrl }}">Forgot your password?</a>
                    <input type="hidden" name="redirect" value="{{ $.CurrentUrl }}">
                    <div class="pt2">
                        <input type="submit" value="Log In" />
--- a/src/templates/src/showcase.html
+++ b/src/templates/src/showcase.html
@ -46,7 +46,7 @@
 		let currentYear = null;
 		for (let i = 0; i < showcaseItems.length; i++) {
 			const item = showcaseItems[i];
-			const date = new Date(item.date * 1000); // TODO(asaf): Verify that this is still correct with our new JSON marshalling
+			const date = new Date(item.date * 1000);

 			if (date.getMonth() !== currentMonth || date.getFullYear() !== currentYear) {
 				if (currentMonthElements.length > 0) {
--- a/src/templates/templates.go
+++ b/src/templates/templates.go
@ -249,12 +249,3 @@ var HMNTemplateFuncs = template.FuncMap{
 		return snippet.Type == TimelineTypeSnippetYoutube
 	},
 }
-
-// TODO(asaf): Delete these?
-type ErrInvalidHexColor struct {
-	color string
-}
-
-func (e ErrInvalidHexColor) Error() string {
-	return fmt.Sprintf("invalid hex color: %s", e.color)
-}
--- a/src/templates/types.go
+++ b/src/templates/types.go
@ -42,6 +42,7 @@ type Header struct {
 	UserSettingsUrl    string
 	LoginActionUrl     string
 	LogoutActionUrl    string
+	ForgotPasswordUrl  string
 	RegisterUrl        string
 	HMNHomepageUrl     string
 	ProjectHomepageUrl string
--- a/src/website/auth.go
+++ b/src/website/auth.go
@ -18,11 +18,6 @@ import (
 	"git.handmade.network/hmn/hmn/src/templates"
 )

-// TODO(asaf): Add a middleware that guarantees the certain handlers will take at least X amount of time.
-//             Will be relevant for:
-//             * Login POST
-//             * Register POST
-
 var UsernameRegex = regexp.MustCompile(`^[0-9a-zA-Z][\w-]{2,29}$`)

 type LoginPageData struct {
@ -46,7 +41,6 @@ func LoginPage(c *RequestContext) ResponseData {
 }

 func Login(c *RequestContext) ResponseData {
-	// TODO: Update this endpoint to give uniform responses on errors and to be resilient to timing attacks.
 	if c.CurrentUser != nil {
 		return RejectRequest(c, "You are already logged in.")
 	}
--- a/src/website/forums.go
+++ b/src/website/forums.go
@ -190,7 +190,6 @@ func Forum(c *RequestContext) ResponseData {

 		for _, sfNode := range subforumNodes {
 			c.Perf.StartBlock("SQL", "Fetch count of subforum threads")
-			// TODO(asaf): [PERF] [MINOR] Consider replacing querying count per subforum with a single query for all subforums with GROUP BY.
 			numThreads, err := db.QueryInt(c.Context(), c.Conn,
 				`
 				SELECT COUNT(*)
@ -207,7 +206,6 @@ func Forum(c *RequestContext) ResponseData {
 			c.Perf.EndBlock()

 			c.Perf.StartBlock("SQL", "Fetch subforum threads")
-			// TODO(asaf): [PERF] [MINOR] Consider batching these.
 			itThreads, err := db.Query(c.Context(), c.Conn, threadQueryResult{},
 				`
 				SELECT $columns
@ -261,7 +259,7 @@ func Forum(c *RequestContext) ResponseData {

 	baseData := getBaseData(c)
 	baseData.Title = c.CurrentProject.Name + " Forums"
-	baseData.Breadcrumbs = []templates.Breadcrumb{ // TODO(ben): This is wrong; it needs to account for subforums.
+	baseData.Breadcrumbs = []templates.Breadcrumb{
 		{
 			Name: c.CurrentProject.Name,
 			Url:  hmnurl.BuildProjectHomepage(c.CurrentProject.Slug),
--- a/src/website/requesthandling.go
+++ b/src/website/requesthandling.go
@ -140,12 +140,22 @@ func (c *RequestContext) URL() *url.URL {
 }

 func (c *RequestContext) FullUrl() string {
-	var scheme string // TODO(asaf): BEFORE RELEASE!! Fetch scheme from X-Forwarded-* headers or Forwarded header
+	var scheme string
+
+	if scheme == "" {
+		proto, hasProto := c.Req.Header["X-Forwarded-Proto"]
+		if hasProto {
+			scheme = fmt.Sprintf("%s://", proto)
+		}
+	}
+
+	if scheme == "" {
 		if c.Req.TLS != nil {
 			scheme = "https://"
 		} else {
 			scheme = "http://"
 		}
+	}
 	return scheme + c.Req.Host + c.Req.URL.String()
 }

--- a/src/website/routes.go
+++ b/src/website/routes.go
@ -170,7 +170,7 @@ func NewWebsiteRoutes(longRequestContext context.Context, conn *pgxpool.Pool, pe
 	// NOTE(asaf): HMN-only routes:
 	mainRoutes.GET(hmnurl.RegexOldHome, Index)

-	mainRoutes.POST(hmnurl.RegexLoginAction, Login)
+	mainRoutes.POST(hmnurl.RegexLoginAction, securityTimerMiddleware(time.Millisecond*100, Login)) // TODO(asaf): Adjust this after launch
 	mainRoutes.GET(hmnurl.RegexLogoutAction, Logout)
 	mainRoutes.GET(hmnurl.RegexLoginPage, LoginPage)

@ -297,6 +297,7 @@ func getBaseData(c *RequestContext) templates.BaseData {
 			UserSettingsUrl:    hmnurl.BuildUserSettings(""),
 			LoginActionUrl:     hmnurl.BuildLoginAction(c.FullUrl()),
 			LogoutActionUrl:    hmnurl.BuildLogoutAction(c.FullUrl()),
+			ForgotPasswordUrl:  hmnurl.BuildRequestPasswordReset(),
 			RegisterUrl:        hmnurl.BuildRegister(),
 			HMNHomepageUrl:     hmnurl.BuildHomepage(),
 			ProjectHomepageUrl: hmnurl.BuildProjectHomepage(c.CurrentProject.Slug),