GoDoc and some typos...

auth/api.go

@@ -1,3 +1,5 @@
+// Package auth provides JSON Web Token (JWT) authentication and authorization middleware.
+// It implements a passwordless authentication flow by sending login tokens vie email which are then exchanged for JWT access and refresh tokens.
 package auth
 
 import (
@@ -59,7 +61,7 @@ func NewResource(store Storer, mailer Mailer) (*Resource, error) {
 	return resource, nil
 }
 
-// Router provides neccessary routes for passwordless authentication flow.
+// Router provides necessary routes for passwordless authentication flow.
 func (rs *Resource) Router() *chi.Mux {
 	r := chi.NewRouter()
 	r.Use(render.SetContentType(render.ContentTypeJSON))

auth/handler_test.go

@@ -241,14 +241,16 @@ func TestAuthResource_refresh(t *testing.T) {
 			if tc.status == http.StatusUnauthorized && authstore.SaveRefreshTokenInvoked {
 				t.Errorf("SaveRefreshToken invoked for status %d", tc.status)
 			}
-			if tc.status == http.StatusOK && !authstore.GetByRefreshTokenInvoked {
-				t.Errorf("GetRefreshToken not invoked")
-			}
-			if tc.status == http.StatusOK && !authstore.SaveRefreshTokenInvoked {
-				t.Errorf("SaveRefreshToken not invoked")
-			}
-			if tc.status == http.StatusOK && authstore.DeleteRefreshTokenInvoked {
-				t.Errorf("DeleteRefreshToken should not be invoked")
+			if tc.status == http.StatusOK {
+				if !authstore.GetByRefreshTokenInvoked {
+					t.Errorf("GetRefreshToken not invoked")
+				}
+				if !authstore.SaveRefreshTokenInvoked {
+					t.Errorf("SaveRefreshToken not invoked")
+				}
+				if authstore.DeleteRefreshTokenInvoked {
+					t.Errorf("DeleteRefreshToken should not be invoked")
+				}
 			}
 			authstore.GetByRefreshTokenInvoked = false
 			authstore.SaveRefreshTokenInvoked = false