note: how should I remember the difference between apply and call in javascript? how about: the 'a' in apply stands for 'array', because it takes an array as an argument.

done, mostly: got node-odesk-utils repo which adds a getAll and postFixedPriceJob function.. I still need to add a closeContract function, and I am going to try committing this repo with the command line (usually I use SourceTree).

done: committed and pushed with the command line — patting self on back. not sure I'm going to do it that way again, but it wasn't as painful as I thought.

done: added/tested closeContract function (called closeFixedPriceJob).

- nodesk is going to need to store a lot of credentials: oauth-token + username + password + security-answer, in addition to github username and password (or oauth, if they have that.. I assume they do).
- I think I want to guard against CSRF in nodesk
- my rough goal right now is to make it so you can paste a url to a github issue into nodesk, and it will create a job pointing to that issue, and update the issue to direct users to the job
- I think I should create a test app that can interface with github

done: implemented a CSRF token for nodesk — it is sent to the client in a cookie, and when the client makes rpc calls, it needs to put the token in the url (proving that it knows what's in the cookie, which presumably a CSRF attacker would not know). I like this solution because it doesn't involve keeping track of the token in a database, and doesn't have issues with a user having multiple browsers open accessing the site. I also used the cookie technique to send the rpc version number (whereas I was previously dynamically modifying the index.html to include the version number, but now I can get the efficiency gains of treating index.html as purely static).

No comments:

Post a Comment