From ebd6a7ad661f8548745651fa29b6a74ef74d8f6d Mon Sep 17 00:00:00 2001
From: NI <ranqus@gmail.com>
Date: Wed, 7 Aug 2019 19:17:56 +0800
Subject: [PATCH] Add warning description about the AES-GCM cipher.

---
 application/controller/socket.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/application/controller/socket.go b/application/controller/socket.go
index e66793e..2c1d295 100644
--- a/application/controller/socket.go
+++ b/application/controller/socket.go
@@ -306,6 +306,15 @@ func (s socket) Get(
 	wsWriter := websocketWriter{Conn: c}
 
 	// Initialize ciphers
+	//
+	// WARNING: The AES-GCM cipher is here for authenticating user login. Yeah
+	//          it is overkill and probably not correct. But I eventually decide
+	//          to keep it as long as it authenticates (Hopefully in a safe and
+	//          secured way).
+	//
+	//          DO NOT rely on this if you want to secured communitcation, in
+	//          that case, you need to use HTTPS.
+	//
 	readNonce := [socketGCMStandardNonceSize]byte{}
 	_, nonceReadErr := io.ReadFull(&wsReader, readNonce[:])