Merge pull request #73 from bushblade/master

GitHub API depreciation of query parameters for OAuth

README.md

@@ -4,6 +4,37 @@
 
 This is a MERN stack application from the "MERN Stack Front To Back" course on [Udemy](https://www.udemy.com/mern-stack-front-to-back/?couponCode=TRAVERSYMEDIA). It is a small social network app that includes authentication, profiles and forum posts.
 
+## Updates since course published
+
+Since the course was published, GitHub has [depreciated authentication via URL query parameters](https://developer.github.com/changes/2019-11-05-deprecated-passwords-and-authorizations-api/#authenticating-using-query-parameters)
+You can get an access token by following [these instructions](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line)
+For this app we don't need to add any permissions so don't select any in the _scopes_.
+**DO NOT SHARE ANY TOKENS THAT HAVE PERMISSIONS**
+This would leave your account or repositories vulnerable, depending on permissions set.
+
+It would also be worth adding your `default.json` config file to `.gitignore`
+If git has been previously tracking your `default.json` file then...
+
+```bash
+git rm --cached config/default.json
+```
+
+Then add your token to the config file and confirm that the file is untracked with `git status` before pushing to GitHub.
+You'll also need to change the options object in `routes/api/profile.js` where we make the request to the GitHub API to...
+
+```js
+const options = {
+  uri: encodeURI(
+    `https://api.github.com/users/${req.params.username}/repos?per_page=5&sort=created:asc`
+  ),
+  method: 'GET',
+  headers: {
+    'user-agent': 'node.js',
+    Authorization: `token ${config.get('githubToken')}`
+  }
+};
+```
+
 ## Quick Start
 
 ### Add a default.json file in config folder with the folowing
@@ -12,8 +43,7 @@ This is a MERN stack application from the "MERN Stack Front To Back" course on [
 {
   "mongoURI": "<your_mongoDB_Atlas_uri_with_credentials>",
   "jwtSecret": "secret",
-  "githubClientId": "",
-  "githubSecret": ""
+  "githubToken": ""
 }
 ```
 

routes/api/profile.js

@@ -218,35 +218,11 @@ router.put(
 // @route    DELETE api/profile/experience/:exp_id
 // @desc     Delete experience from profile
 // @access   Private
-// router.delete('/experience/:exp_id', auth, async (req, res) => {
-//   try {
-//     const profile = await Profile.findOne({ user: req.user.id });
-
-//     // Get remove index
-//     const removeIndex = profile.experience
-//       .map(item => item.id)
-//       .indexOf(req.params.exp_id);
-
-//     profile.experience.splice(removeIndex, 1);
-
-//     await profile.save();
-
-//     res.json(profile);
-//   } catch (err) {
-//     console.error(err.message);
-//     res.status(500).send('Server Error');
-//   }
-// });
 
 router.delete('/experience/:exp_id', auth, async (req, res) => {
   try {
-    //const foundProfile = await Profile.findOneAndUpdate( { user: req.user.id },
-    //  { $pull: { experience: { _id: req.params.exp_id }}},
-    //  {new: true});
     const foundProfile = await Profile.findOne({ user: req.user.id });
 
-    // Filter exprience array using _id (NOTE: _id is a BSON type needs to be converted to string)
-    // This can also be omitted and the next line and findOneAndUpdate to be used instead (above implementation)
     foundProfile.experience = foundProfile.experience.filter(
       exp => exp._id.toString() !== req.params.exp_id
     );
@@ -325,45 +301,16 @@ router.put(
 // @route    DELETE api/profile/education/:edu_id
 // @desc     Delete education from profile
 // @access   Private
-//router.delete('/education/:edu_id', auth, async (req, res) => {
-//try {
-//const profile = await Profile.findOne({ user: req.user.id });
-
-// Get remove index
-//const removeIndex = profile.education
-//.map(item => item.id)
-//.indexOf(req.params.edu_id);
-/*
-    profile.education.splice(removeIndex, 1);
-
-    await profile.save();
-
-    res.json(profile);
-  } catch (err) {
-    console.error(err.message);
-    res.status(500).send('Server Error');
-  }
-});
-*/
 
 router.delete('/education/:edu_id', auth, async (req, res) => {
   try {
     const foundProfile = await Profile.findOne({ user: req.user.id });
     const eduIds = foundProfile.education.map(edu => edu._id.toString());
-    // if i dont add .toString() it returns this weird mongoose coreArray and the ids are somehow objects and it still deletes anyway even if you put /education/5
     const removeIndex = eduIds.indexOf(req.params.edu_id);
     if (removeIndex === -1) {
       return res.status(500).json({ msg: 'Server error' });
     } else {
-      // theses console logs helped me figure it out
-      /*   console.log("eduIds", eduIds);
-      console.log("typeof eduIds", typeof eduIds);
-      console.log("req.params", req.params);
-      console.log("removed", eduIds.indexOf(req.params.edu_id));
- */ foundProfile.education.splice(
-        removeIndex,
-        1
-      );
+      foundProfile.education.splice(removeIndex, 1);
       await foundProfile.save();
       return res.status(200).json(foundProfile);
     }
@@ -372,21 +319,21 @@ router.delete('/education/:edu_id', auth, async (req, res) => {
     return res.status(500).json({ msg: 'Server error' });
   }
 });
+
 // @route    GET api/profile/github/:username
 // @desc     Get user repos from Github
 // @access   Public
 router.get('/github/:username', (req, res) => {
   try {
     const options = {
       uri: encodeURI(
-        `https://api.github.com/users/${
-          req.params.username
-        }/repos?per_page=5&sort=created:asc&client_id=${config.get(
-          'githubClientId'
-        )}&client_secret=${config.get('githubSecret')}`
+        `https://api.github.com/users/${req.params.username}/repos?per_page=5&sort=created:asc`
       ),
       method: 'GET',
-      headers: { 'user-agent': 'node.js' }
+      headers: {
+        'user-agent': 'node.js',
+        Authorization: `token ${config.get('githubToken')}`
+      }
     };
 
     request(options, (error, response, body) => {