diff --git a/src/middlewares/jwtauth.ts b/src/middlewares/jwtauth.ts
index 3f77265..f83e0cf 100644
--- a/src/middlewares/jwtauth.ts
+++ b/src/middlewares/jwtauth.ts
@@ -3,11 +3,15 @@ import {
     ExpressMiddlewareInterface
 } from "routing-controllers";
 
-// @Middleware({ type: "before" })
 export class JWTAuth implements ExpressMiddlewareInterface {
     use(request: any, response: any, next?: (err?: any) => any): any {
         const token = <string>request.headers["auth"];
         try {
+            /**
+            TODO: idk if we should always check the db if refreshtokencount is valid?
+            seems like a lot of db overhead
+            at the same time it's basically our only option to support proper logouts
+             */
             const jwtPayload = <any>jwt.verify(token, "secretjwtsecret");
             // const jwtPayload = <any>jwt.verify(token, process.env.JWT_SECRET);
             response.locals.jwtPayload = jwtPayload;