From b81f5eeb5ad802f6e92c69406fecef6f4c6504fa Mon Sep 17 00:00:00 2001
From: ian <ian@ianrenton.com>
Date: Sat, 13 Jun 2026 08:24:30 +0000
Subject: [PATCH] Update webassets/js/add-spot.js

---
 webassets/js/add-spot.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/webassets/js/add-spot.js b/webassets/js/add-spot.js
index b668032..75e3ba7 100644
--- a/webassets/js/add-spot.js
+++ b/webassets/js/add-spot.js
@@ -4,6 +4,7 @@ var PROVIDER_CREDENTIAL_SCHEMAS = {
     // see e.g. https://github.com/ham2k/app-polo/blob/main/src/extensions/activities/sota/SOTAAccount.jsx
     //          https://github.com/ham2k/app-polo/blob/main/src/store/apis/apiSOTA/apiSOTA.js
     // Refresh token? Way to show user that they need to log in again because cached credentials aren't valid?
+    // todo type: text/password distinction on text boxes so API keys can be obscured
     "SOTA": [
         { key: "access_token", label: "SOTA Access Token", help: "" },
         { key: "id_token", label: "SOTA ID Token", help: "TODO SOTA authentication to provide this..." }
@@ -202,6 +203,7 @@ function addSpot() {
         if (dx != "") {
             spot["dx_call"] = dx;
         } else {
+            // todo maybe for neatness just make all these error/rejections server side rather than having logic in two places
             showAddSpotError("A DX callsign is required in order to spot.");
             return;
         }