### React: Backend Tutorial<br>

***

Notes made while I was coding JapaneseDrill -> japanese-drill backend<br>

Using MERN stack (MongoDB, Express, React, NodeJS)<br>
We'll connect a backend to our web server<br>

In [None]:
# if any library is outdated:
npm install --save react-tinder-card --legacy-peer-deps # using the legacy deprecated version


# initialize git
git init
npm init

inside of npm init<br>
skip it until it says "entry point"<br>
type/select "server.js"<br>

this creates package.json<br>
**inside that package.json under "main" section:**<br>
type in "type": "module"<br>
this allows backend to have import syntax<br>
which by default doesn't exist, it's ES6<br>
**under "test":**<br>
"start": "node server.js"<br>

**Installing Nodemon:**<br>

In [None]:
# add sudo for admin privileges
npm i -g nodemon # installing nodemon
nodemon server.js
# if Window doesn't allow, open powershell + "Y" restart


Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine

Go back to MongoDB and Database access -> create user -> save pw<br>
Network access, allow access from anywhere(in profession env, this is not a good idea)<br>
go to database -> cluster0 -> connect -> connect to an app -> copy code, paste it in server.js<br>
const connection_url = `mongodb+srv://admin:<${"URI"}>@cluster0.djuang4.mongodb.net/?retryWrites=true&w=majority`<br>

**the concept in nosql**<br>
collection -> [document] -> collection of its own -> [document] -> this goes on<br>
it's very different from sql database<br>

**download postman** - to checkout the database locally<br>
open postman, GET -> http://localhost:8001 or http://localhost:8001/japanesedrill/card (end point)<br>
to actually make some, do POST -> raw -> JSON<br>
when you POST, make sure to wrap everything in bracket [{"A": "aa"},{"B": "bb"}]<br>

cors add header request to everywhere, it's useful for security data<br>

In [None]:
npm i cors


# make sure to do this one in frontend terminal (there should be 2 terminal windows open right now)
# axios is an http package that makes it super simple
npm i axios


# if you want to remove mistakenly installed NPM package
npm uninstall <package_name>
git reset # to unstage mistakenly added files

heroku to publish backend<br>
install heroku cli (client for auto update)<br>

heroku login<br>
git init<br>
heroku git:remote -a japanesedrill-backend<br>
add .gitignore -> inside of it do node_modules<br>


In [None]:
$ git add .
$ git commit -am "make it better"
$ git push heroku master

heroku logs --tail

now open up the live heroku server, copy paste the backend to axios.js baseURL<br>
https://japanesedrill-backend.herokuapp.com/<br>

now to do the front-end publishing<br>

In [None]:
npm i -g firebase-tools
firebase login
firebase init   # "y" to proceed -> use to host a space -> host using existing proj
                # "hosting setup" public dir? build
firebase deploy

hosting only shows welcome screen, had to delete index.html and replace with original, gotta say no to overwrite index.html<br>
https://stackoverflow.com/questions/53718983/my-react-project-not-working-after-deploy-to-firebase-hosting<br>

400 bad request on react, gotta replace %PUBLIC % tags<br>
https://stackoverflow.com/questions/53697302/400-bad-request-and-cannot-find-manifest-json<br>

#### Setting up a Node.js server<br>

In [None]:
npm init // initialize the npm 
npm install express // install express package from npm(node package manager)

In [None]:
// server.js
const express = require('express');
const app = express();
const PORT = 3000; // specify the port you want to listen on

// Define a route
app.get('/', (req, res) => {
  res.send('Hello, World!');
});

// Start the server
app.listen(PORT, () => {
  console.log(`Server is running on port ${PORT}`);
});


In [None]:
// to run the backend, type this in the command prompt
node server.js

Once you're satisfied with your Node.js backend, you can deploy it to a hosting environment of your choice, such as a cloud server, a containerized environment, or a serverless platform. There are various hosting options available for Node.js applications, and the deployment process may differ depending on your chosen hosting platform.<br>

That's a high-level overview of how to create a Node.js backend. Keep in mind that building a production-ready backend typically involves more considerations, such as security, error handling, authentication, and performance optimization. It's important to thoroughly test your backend and follow best practices to ensure it's secure and efficient.<br>

Step 1: Choose an Authentication Method<br>
There are several common authentication methods used in web applications, including:<br>

Token-based authentication: In this method, a token is generated and issued to the client upon successful authentication, and the client includes this token in subsequent requests to authenticate and access protected resources. Examples of token-based authentication protocols include JSON Web Tokens (JWT), OAuth, and OpenID Connect.<br>

Session-based authentication: In this method, a session is created on the server to store authenticated user information, and a session ID is sent to the client as a cookie or in the request payload. The server uses the session ID to verify the user's identity in subsequent requests.<br>

Third-party authentication: In this method, you delegate the authentication process to a third-party service provider such as Google, Facebook, or Twitter.<br>
The user logs in with their credentials on the third-party provider's website, and the provider issues an authentication token that you can use to authenticate the user in your backend.<br>

Step 2: Set Up Authentication Middleware<br>
Once you've chosen an authentication method, you'll need to implement the necessary middleware in your Node.js backend to handle authentication.<br>
Middleware is a function that sits between the incoming HTTP request and the response in the request processing pipeline.<br>
It can be used to perform authentication checks, handle authentication-related tasks, and enforce access control rules.<br>

In [None]:
const jwt = require('jsonwebtoken');

function authenticateJWT(req, res, next) {
  const token = req.header('Authorization'); // Extract token from request header

  jwt.verify(token, 'your_secret_key', (err, user) => {
    if (err) {
      // Token is invalid or expired, return an error
      return res.sendStatus(403);
    }

    // Token is valid, attach user information to the request object
    req.user = user;
    next(); // Continue to the next middleware or route handler
  });
}

module.exports = authenticateJWT;


Step 3: Implement Authentication Routes/Endpoints<br>
You'll need to implement routes or endpoints in your backend that handle the authentication process, such as logging in, registering, and logging out.<br>
These routes typically receive user credentials, authenticate them using the chosen authentication method, and return an authentication token or session ID upon successful authentication.<br>

In [None]:
const express = require('express');
const jwt = require('jsonwebtoken');

const app = express();
const SECRET_KEY = 'your_secret_key';

// Middleware to authenticate JWT token
function authenticateJWT(req, res, next) {
  const token = req.header('Authorization'); // Extract token from request header

  jwt.verify(token, SECRET_KEY, (err, user) => {
    if (err) {
      // Token is invalid or expired, return an error
      return res.sendStatus(403);
    }

    // Token is valid, attach user information to the request object
    req.user = user;
    next(); // Continue to the next middleware or route handler
  });
}

// Login route
app.post('/login', (req, res) => {
  // Verify user credentials (e.g., username and password)
  const { username, password } = req.body;
  if (isValidUser(username, password)) {
    // Issue a JWT token
    const token = jwt.sign({ username }, SECRET_KEY, { expiresIn: '1h' });

    // Return the token to the client
    res.json({ token });
  } else {
    res.sendStatus(401); // Unauthorized
  }
});

// Protected route that requires authentication
app.get('/protected', authenticateJWT, (req, res) => {
  // Access protected resource, user information available in req.user
  res.json({ message: `Hello, ${req.user.username}! This is a protected route.` });
});

// Helper function to validate user credentials (example only)
function isValidUser(username, password) {
  // Perform validation against user database or other data source
  // Return true if valid, false otherwise
  return username === 'user' && password === 'password';
}

app.listen(3000, () => {
  console.log('Server started on http://localhost:3000');
});


PW hash implementation<br>

In [None]:
npm install bcrypt

Use bcrypt to hash passwords before storing them in your database or any other data source:<br>

In [None]:
const bcrypt = require('bcrypt');
const plaintextPassword = 'my_password';

// Generate a salt (a random string) to be used during the hashing process
const salt = bcrypt.genSaltSync(10);

// Hash the plaintext password with the generated salt
const hashedPassword = bcrypt.hashSync(plaintextPassword, salt);

// Store the hashed password in your database or any other data source
// Example: user.password = hashedPassword;

To verify passwords during authentication, you can use the bcrypt.compareSync() function:<br>

In [None]:
const plaintextPassword = 'my_password';
const hashedPassword = '...'; // Retrieved from your data source

// Compare the plaintext password with the hashed password
if (bcrypt.compareSync(plaintextPassword, hashedPassword)) {
  // Passwords match, authentication successful
} else {
  // Passwords do not match, authentication failed
}