chanm003 / budget Goto Github PK

• remove username field from schema
• checking for existing user should be find by email AND method = 'local'
• React component for login
• React component for signup

nginx 502 bad gateway web socket

• Could check if JWT is expired each time a route renders its component

Relationships need to be defined in both GraphQL schema and Mongoose model. GraphQL resolver must also pull user out of the context

https://github.com/onury/accesscontrol#guide

User normally does not navigate directly to login screen. They either navigate to a protected route or they perform a secure action like click a "Delete" or a "Save" button that causes them to be redirected to login screen. After the user logs in, return the user to the page they were on

Would their state persist following a redirect? Example: User spends 30 minutes on an Edit Form. In that time, their JWT expires. When they click "Save", they get redirected to login screen. After they authenticate successfully, they should be redirected to the Edit Form with unsaved changes.

If user navigates to https://localhost:7000/index.html directly after authenticating with CAC, user should not be able to spoof headers in AJAX request to impersonate another user.

https://codeburst.io/hello-create-react-app-cra-typescript-8e04f7012939

Research how-to

Reference Auth0 example "Edit Post":
https://auth0.com/blog/role-based-access-control-rbac-and-react-apps/

Intermediate collection with two "foreign keys"

const storeItemSchema = new Schema({
  storeId: { type: Schema.Types.ObjectId, ref: 'Store', required: true },
  itemId: { type: Schema.Types.ObjectId, ref: 'Item', required: true }
});

Upsert because insert is only allowed if combination of storeId and itemId is unique

await StoreItem.update(
    { storeId: store._id, itemId: toothpaste._id },
    { },
    { 'upsert': true }
  );

• Should be able to accomplish with ApolloClient if a user performs a "secure" action without changing routes (i.e. clicking delete button) with an expired token, Apollo Server must send back an "expired token error"

Check if this is worthwhile effort. One implementation may be to serve this file from express server static folder. This way both the frontend and backend can reference it. And there is a single place to maintain this logic

User should be able to edit First Name, Last Name, and Email

https://www.prisma.io/tutorials/graphql-rest-authentication-authorization-basics-ct20/#using-graphql-shield

Use Passport JWT strategies:
https://blog.usejournal.com/sessionless-authentication-withe-jwts-with-node-express-passport-js-69b059e4b22c

node-sass issue in client app

On my host I running v12 Node.js.

Container should be v13, so needs to use node-sass 4.13+

This is already done via login/logout button. Would need to do this for edit and delete buttons, and sidebar menu items.

Can component expects two inputs "admin" and "directorates:edit". Is it possible to pass an array of strings for these two inputs?

UnixHttpConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)
An HTTP request took too long to complete. Retry with --verbose to obtain debug information.
If you encounter this issue regularly because of slow network conditions, consider setting COMPOSE_HTTP_TIMEOUT to a higher value.

If user forgets to insert CAC and clicks "Login with CAC" button, hidden iframe will point to nginx error page. Iframe does not appear to support onError event: https://dzone.com/articles/fallback-for-blocked-iframes-a-crude-solution-with

Could probably export from rules.js

Or use enum:
export const Role = {
Admin: 'Admin',
User: 'User'
}

candidate:
https://github.com/nadbm/react-datasheet

https://itnext.io/graphql-mutation-arguments-validation-with-yup-using-graphql-middleware-645822fb748