## Node JS with Passport Authentication simplified
https://medium.com/@prashantramnyc/node-js-with-passport-authentication-simplified-76ca65ee91e5

## React Private Routes : 

https://www.scaler.com/topics/react/react-private-routes/

## How to manage user authentication With React JS

https://dev.to/miracool/how-to-manage-user-authentication-with-react-js-3ic5

## process.env VS import.meta.env
**The difference between process.env and import.meta.env primarily relates to the environments in which they are used, specifically between Node.js (backend) and modern frontend frameworks like Vite (client-side).**

1. **process.env**

**Environment**: This is used in Node.js environments.

**Usage**: It accesses environment variables set in the server's environment, which are typically loaded from a .env file using a package like dotenv.

**Example**:
const API_URL = process.env.API_URL;

**Access**: Variables accessed via process.env are available to any Node.js process, allowing for server-side configuration. You can use this in your backend code to keep sensitive data (like API keys) secure.


2. **import.meta.env**
**Environment**: This is specific to modern frontend tools like Vite and is used in client-side code.
**Usage**: It provides access to environment variables defined in .env files, but they must be prefixed with VITE_ to be exposed to the client-side.

## usEffect VS useContext
Use useEffect for localized, one-off authentication checks within a specific component.
Use useContext for a shared authentication solution that multiple components can access and respond to.

I am facing a problem : I handle the login in my "Login" component, but the "isAuthenticated" state is in the parent "App". One solution is called "Lifting State Up" and consists in puttint the "isAuthenticated" state and the "handleLogin" function inside the parent (App) instead of the child (Login), so that the handleLogin function can access the "isAuthenticated" state and update it with setX(). You then pass the "handleLogin" function and (if necessary) the "isAutehnticated" state to the child component as props.

A more efficient way to do it is to use "useContext" so that the "isAuthenticated" state is accessible globally by all the component that are provided the context.

## useContext - Steps

1. Create Context
```
const MyContext = createContext();
```

2. Create a Custom Hook
```
const useMyContext = () => {
    return useContext(MyContext);
};
```

3. Create Provider Component:
```
const MyProvider = ({ children }) => {
    const [state, setState] = useState(initialValue);
    return (
        <MyContext.Provider value={{ state, setState }}>
            {children}
        </MyContext.Provider>
    );
};
```

4. Wrap Your App with Provider
```
const App = () => (
    <MyProvider>
        <YourComponents />
    </MyProvider>
);
```

5. Use Context in Child Component
```
const ChildComponent = () => {
    const { state, setState } = useContext(MyContext);
    return <div>{state}</div>;
};
```

6. Update State in Child Component:
```
const handleClick = () => {
    setState(newValue);
};
```


**Summary**
Create a context.
Build a provider.
Wrap the app with the provider.
Use useContext in child components.

## Protected Route

What is it for ? 

##### **Encapsulation of Logic**
Using the ProtectedRoute component encapsulates authentication logic. You avoid checking isAuthenticated in every route of your App component. Each protected route can independently decide whether to render the component or redirect.

##### **Avoiding Prop Drilling**
Wrapping your entire App with the AuthProvider gives all components access to the authentication context. This can include components that don’t need it, adding unnecessary complexity to state management.

##### **Simplifying the App Component**
The App component stays cleaner and focuses on route definitions. The ProtectedRoute component manages authentication checks, keeping the logic separate and straightforward.

<span style="color: red;">Without **ProtectedRoute**: You would have to check isAuthenticated in every route definition, which could lead to more boilerplate code.</span>


<span style="color: lightblue;">In other words, I could verify inside the private /content page if the user "isAuthenticated" and redirect the user to the login page if not. But I can also handle this logic inside the ProtectedRoute component for more clarity and avoid redundance.</span>