chore: remove stale TODO comments

stmio · stmio · commit 3aba8b7523b9 · 2024-10-06T23:27:19.000+01:00
diff --git a/knox.sh b/knox.sh
@@ -45,7 +45,6 @@ if ! which node > /dev/null
     fi
 
 # Check script is running from knox's base directory
-# TODO: Check for package.json as well
 pkgName=$(npm pkg get name 2>/dev/null | tr -d '"')
 if [ "$pkgName" != "knox" ]
     then
@@ -58,7 +57,6 @@ if [ "$pkgName" != "knox" ]
     fi
 
 # Install npm packages
-# TODO: Ask user for confirmation?
 echo "Installing required packages for Knox..."
 npm install > /dev/null
 
diff --git a/src/client/pages/login/login.js b/src/client/pages/login/login.js
@@ -3,6 +3,7 @@ import knoxLogo from "/knox.svg";
 import loadingIcon from "/loading.svg";
 
 import * as auth from "~/scripts/auth.js";
+import { delKey } from "~/scripts/keys.js";
 import { isEmail } from "@/utils.js";
 
 document.querySelector(".logo").src = knoxLogo;
@@ -65,7 +66,8 @@ document.getElementById("confirm").addEventListener("click", () => {
   document.forms["login"].reset();
 });
 
-document.getElementById("uncache").addEventListener("click", () => {
+document.getElementById("uncache").addEventListener("click", async () => {
   localStorage.removeItem("user");
+  await delKey("AUK");
   window.location.reload();
 });
diff --git a/src/client/scripts/auth.js b/src/client/scripts/auth.js
@@ -53,9 +53,6 @@ export function login(email, pwd, secret_key) {
         const B = hex.toBigInt(res.data.B);
         const u = core.derive_u(A, B);
 
-        // TODO: abort if safeguards fail
-        // TODO: change buffer.from to hex
-
         const x = secret_key
           ? await keys.two_sk_derivation(
               pwd,
@@ -105,7 +102,6 @@ export function login(email, pwd, secret_key) {
               ["encrypt", "decrypt", "wrapKey", "unwrapKey"]
             );
 
-            // TOOD: how long to store AUK?
             await keys.storeKey("AUK", AUK);
 
             localStorage.setItem(
diff --git a/src/client/scripts/keys.js b/src/client/scripts/keys.js
@@ -80,6 +80,17 @@ export async function getKey(name) {
   return key;
 }
 
+export async function delKey(name) {
+  const db = await openDB("knox", 1, {
+    upgrade(db) {
+      db.createObjectStore("keys");
+    },
+  });
+
+  await db.delete("keys", name);
+  db.close();
+}
+
 export function generateKeychain(AUK) {
   const webCrypto = window.crypto.subtle;
 
diff --git a/src/server/controllers/keychainsController.js b/src/server/controllers/keychainsController.js
@@ -5,8 +5,6 @@ import { User as UserModel } from "../models/user.model.js";
 const Keychain = KeychainModel(db);
 const User = UserModel(db);
 
-// TODO: edge cases?
-
 export const getKeychain = async (req, res, next) => {
   const { keychainUuid, email } = req.body;
 
diff --git a/src/server/controllers/loginController.js b/src/server/controllers/loginController.js
@@ -12,7 +12,6 @@ export const loginUser = async (req, res) => {
   if (!identity || !A) {
     return res.status(400).json({ err: "Missing a required field." });
   }
-  // TODO: check A mod N
 
   const user = await User.findOne({
     where: {
@@ -49,6 +48,10 @@ export const loginUser = async (req, res) => {
 
 export const authenticateUser = async (req, res) => {
   const { identity, deviceID } = req.body;
+  if (!identity || !deviceID || !req.body.challenge) {
+    return res.status(400).json({ err: "Missing a required field." });
+  }
+
   const M1 = hex.toBigInt(req.body.challenge);
 
   const cacheID = `${identity}:${deviceID}`;
@@ -64,7 +67,7 @@ export const authenticateUser = async (req, res) => {
   const { v, s } = { v: hex.toBigInt(user.srp_v), s: hex.toBigInt(user.srp_s) };
 
   const cache = await redis.hGetAll(cacheID);
-  // TODO: fail if no result or missing req params. clean up types so less conversion?
+  if (!cache) res.status(401).json({ err: "Authentication was unsuccessful." });
 
   const B = server.derive_B(hex.toBigInt(cache.b), v, core.derive_k());
   const u = core.derive_u(hex.toBigInt(cache.A), B);
diff --git a/src/server/controllers/usersController.js b/src/server/controllers/usersController.js
@@ -34,8 +34,6 @@ export const putName = async (req, res, next) => {
   next();
 };
 
-// TODO: get name
-
 export const getUserKeychainUUIDs = async (req, res, next) => {
   const { email } = req.body;
 
diff --git a/src/server/controllers/vaultsController.js b/src/server/controllers/vaultsController.js
@@ -5,8 +5,6 @@ import { User as UserModel } from "../models/user.model.js";
 const Vault = VaultModel(db);
 const User = UserModel(db);
 
-// TODO: edge cases?
-
 export const getVault = async (req, res, next) => {
   const { vaultUuid, email } = req.body;
 
