cmd/server: misc notes and small TODO items

cmd/server/approval.go

@@ -24,7 +24,8 @@ var (
 )
 
 // addApprovalRoutes contains "back office" endpoints used to validate (or reject) a Customer
-// TODO(adam): We need to hide these behind an admin level auth, but we'll write them for now 'x-admin-id' ??
+// TODO(adam): We need to hide these behind an admin level auth, but we'll write them for now.
+// What about a header like x-admin-id ??
 func addApprovalRoutes(logger log.Logger, svc *admin.Server, repo customerRepository) {
 	svc.AddHandler("/customers/{customerId}/status", updateCustomerStatus(logger, repo))
 	svc.AddHandler("/customers/{customerId}/addresses/{addressId}", updateCustomerAddress(logger, repo))
@@ -131,6 +132,7 @@ func getAddressId(w http.ResponseWriter, r *http.Request) string {
 }
 
 // TODO(adam): Should Addresses have a 'Type: Previous'? I don't think we ever want to delete an address, but it can be marked as old.
+// If we keep address info around does it have GDPR implications?
 // PUT /customers/{customerId}/addresses/{addressId} only accept {"type": "Primary/Secondary", "validated": true/false}
 
 type updateCustomerAddressRequest struct {

cmd/server/customers.go

@@ -67,7 +67,7 @@ func addCustomerRoutes(logger log.Logger, r *mux.Router, repo customerRepository
 	r.Methods("GET").Path("/customers/{customerId}").HandlerFunc(getCustomer(logger, repo))
 	r.Methods("POST").Path("/customers").HandlerFunc(createCustomer(logger, repo))
 	r.Methods("PUT").Path("/customers/{customerId}/metadata").HandlerFunc(replaceCustomerMetadata(logger, repo))
-	r.Methods("POST").Path("/customers/{customerId}/address").HandlerFunc(addCustomerAddress(logger, repo)) // TODO(adam): openapi docs
+	r.Methods("POST").Path("/customers/{customerId}/address").HandlerFunc(addCustomerAddress(logger, repo))
 }
 
 func getCustomerId(w http.ResponseWriter, r *http.Request) string {
@@ -112,6 +112,10 @@ func respondWithCustomer(logger log.Logger, w http.ResponseWriter, customerId st
 	json.NewEncoder(w).Encode(cust)
 }
 
+// customerRequest holds the information for creating a Customer from the HTTP api
+//
+// TODO(adam): What GDPR implications does this information have? IIRC if any EU citizen uses
+// this software we have to fully comply.
 type customerRequest struct {
 	FirstName  string            `json:"firstName"`
 	MiddleName string            `json:"middleName"`
@@ -375,7 +379,6 @@ values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);`
 }
 
 func (r *sqliteCustomerRepository) getCustomer(customerId string) (*client.Customer, error) {
-	// TODO(adam): read all DB fields once we handle all in the request
 	query := `select first_name, middle_name, last_name, nick_name, suffix, birthdate, status, email, created_at, last_modified from customers where customer_id = ? and deleted_at is null limit 1;`
 	stmt, err := r.db.Prepare(query)
 	if err != nil {

cmd/server/customers_test.go

@@ -104,6 +104,7 @@ func TestCustomerStatus__json(t *testing.T) {
 func TestCustomers__GetCustomer(t *testing.T) {
 	repo := createTestCustomerRepository(t)
 	defer repo.close()
+
 	cust, err := repo.createCustomer(customerRequest{
 		FirstName: "Jane",
 		LastName:  "Doe",
@@ -127,7 +128,7 @@ func TestCustomers__GetCustomer(t *testing.T) {
 		t.Errorf("bogus status code: %d", w.Code)
 	}
 
-	var customer client.Customer // TODO(adam): check more of Customer response?
+	var customer client.Customer
 	if err := json.NewDecoder(w.Body).Decode(&customer); err != nil {
 		t.Fatal(err)
 	}
@@ -220,7 +221,7 @@ func TestCustomers__createCustomer(t *testing.T) {
 		t.Errorf("bogus status code: %d", w.Code)
 	}
 
-	var cust client.Customer // TODO(adam): check more of Customer response?
+	var cust client.Customer
 	if err := json.NewDecoder(w.Body).Decode(&cust); err != nil {
 		t.Fatal(err)
 	}

openapi.yaml

@@ -432,6 +432,9 @@ components:
         - birthDate
         - email
         - addresses
+        # - SSN # TODO(adam): required, but we need to impl storage and crypto
+        # - phones
+        # - addresses
     Customer:
       type: object
       properties: