bashmohandes / go-askme Goto Github PK

The defines in the login.gohtml and oktalogin.gohtml templates overlap (Both use {{define "login.head"}} and {{define "login.body"}}) which causes the oktalogin to overshadow the normal login template.
I found this when switching to normal authentication, the login form disappeared completely and when I viewed the html source from the browser the oktalogin template was there.
I fixed it by simply changing the name of the define in the normal login
{{define "login.head"}} --> {{define "standardlogin.head"}}
{{define "login.body"}} --> {{define "standardlogin.body"}}
and using that name in the normal login route.
I will fix this as part of my CSRF mitigation attempt if that is okay.

Ex. Dep
https://github.com/golang/dep

Currently framework.Config is a kitchen sink of all configuration

User story

1. A user may choose to follow another user
2. A user's homepage should show a feed from all followed users
3. Users will have a count of the number of followers on their profile pages.

Windows was always supported, although during the hackathon a lot of things changed, and now testing Windows revealed few issues, with investigations I found it had to do with line endings
related to this

I am probably missing something here but this method seem to never get called.
When starting the application with docker compose the logs never show this route to be registered.

$ docker-compose up
Starting goaskme_db_1 ... done
Recreating goaskme_web_1   ... done
Starting goaskme_adminer_1 ... done
Attaching to goaskme_db_1, goaskme_adminer_1, goaskme_web_1
db_1       | 2018-12-27 16:16:14.957 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
db_1       | 2018-12-27 16:16:14.957 UTC [1] LOG:  listening on IPv6 address "::", port 5432
db_1       | 2018-12-27 16:16:15.452 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
db_1       | 2018-12-27 16:16:16.098 UTC [20] LOG:  database system was shut down at 2018-12-27 16:14:30 UTC
db_1       | 2018-12-27 16:16:16.288 UTC [1] LOG:  database system is ready to accept connections
web_1      | wait-for-it.sh: waiting 15 seconds for db:5432
web_1      | wait-for-it.sh: db:5432 is available after 1 seconds
web_1      | 2018/12/27 16:16:19 caller *framework.router, method GET, path /
web_1      | [DEPRECATED] github.com/gobuffalo/packr#Box.String has been deprecated.
web_1      |    Use github.com/gobuffalo/packr#Box.FindString instead.
web_1      | 2018/12/27 16:16:19 caller *framework.router, method GET, path /u/:email
web_1      | 2018/12/27 16:16:19 caller *framework.router, method GET, path /u/:email/questions
web_1      | 2018/12/27 16:16:19 caller *framework.router, method POST, path /u/:email/questions
web_1      | 2018/12/27 16:16:19 caller *framework.router, method POST, path /u/:email/answer/:questionId
web_1      | 2018/12/27 16:16:19 caller *framework.router, method GET, path /login
web_1      | 2018/12/27 16:16:19 caller *framework.router, method GET, path /authorization-code/callback
web_1      | 2018/12/27 16:16:19 caller *framework.router, method GET, path /logout
web_1      | 2018/12/27 16:16:19 Auto Migration Starting
web_1      | 2018/12/27 16:16:19 Auto Migration Ended
web_1      | Listening on port 8080

Even when adding test prints in the PerformLogin function and trying to login, It never prints.
I am probably missing something, but I don't know what.
I was just trying to test my CSRF mitigation on the (POST /login) method.

Add support for server showing flash messages when needed.

Example : github.com/bashmohandes/go-askme/answer/db should be just go-askme/answer/db

Just to reduce confusion

Add support for server showing flash messages when needed.

We are still missing good unit testing for use cases

You can use any config parser that can read YAML or JSON config files to support multi environments config ex. develop, staging , production etc....

Currently we only have one user doing both db migration and application access, which is pretty dangerous, because migration requires DDL level access, while application only needs data read/write.

Currently there is no specific way to mitigate against CSRF, a design is needed to introduce this as a framework level feature with minimal application level changes.

As this repo is getting ready to accept contributions, a Contribute.md file is needed to make it easy

I know it's a tiny issue but I hope it will be a good start 😄 #26