At the heart of interactive full-stack apps is the need to retrieve data quickly and accurately.

🔑 We use GraphQL to efficiently and precisely fetch the data queried in a single request.

🔑 GraphQL is a query language that allows us to build even complex queries quickly and concisely, helping to make sure our queries fetch data -- and only the data we need -- quickly.

Apollo Sandbox is an Apollo Studio Explorer tool and is a great way to to visually explore how GraphQL can be used to request and fetch data.

🔑 Using the Apollo Sandbox, we can enter a query to retrieve data from our database. This query will return the names of all the classes in our database:

In [None]:
query classes{
    classes {
      name
    }
  }

Next, when we click the rectangular play button at the top of the screen we see a JSON object that contains only the data we requested in the response field on the left. This ability to easily write specific queries and return precise results is one of the main advantages of GraphQL.

We will be using the Apollo Sandbox in today's class to test our code and make sure our queries work.

🔑 To use GraphQL, we will need to set up a GraphQL server. Apollo Server is a popular GraphQL server that can be used as an add-on to an existing Node.js and Express.js server.

To add Apollo Server to our existing Express.js and Node.js server structure, we run `npm install @apollo/server` and import the `ApolloServer` class and the `expressMiddleware` helper function:

In [None]:
const { ApolloServer } = require('@apollo/server');
const { expressMiddleware } = require('@apollo/server/express4');

We must also import the `schemas` directory. GraphQL relies on a schema bundle that includes two parts: the `typeDefs`, which defines the schema, and `resolvers`, or functions, that are responsible for populating data for a single field in the schema:

In [None]:
const { typeDefs, resolvers } = require('./schemas');

We create a new instance of the `ApolloServer` class. The `ApolloServer` class instance takes both `typeDefs` and `resolvers` as parameters:

In [None]:
const server = new ApolloServer({
    typeDefs,
    resolvers
  });

Next, we create an async function that will start our Apollo Server instance:

In [None]:
const startApolloServer = async () => {...}

Inside the `startApolloServer` function, we use `await` to start our server. Don't forget, we must wrap `await` inside an `async` function. Otherwise, we will get an error!

In [None]:
await server.start()

Since our Apollo Server works together with Express, we also create an instance of our Express app inside our async function and use it. Using an Express server gives us more flexibility in our server setup and allows additional configurations.

In [None]:
const app = express();

In [None]:
app.use(express.urlencoded({ extended: false }));
app.use(express.json());


We call the expressMiddleware method to integrate Express.js with the Apollo Server and connect the schema. This will enable our app to use GraphQL at the /graphql endpoint:


In [None]:
app.use('/graphql', expressMiddleware(server));

Then, we start our database and call `app.listen()` to listen the connections on our specified port.

In [None]:
db.once('open', () => {
  app.listen(PORT, () => {
    console.log(`API server running on port ${PORT}!`);
    console.log(`Use GraphQL at http://localhost:${PORT}/graphql`);
    })
  })
};

Since, we can enclosed our functionality in an `async` function, don't forget to call it at the bottom of of the file to run the scripts!

In [None]:
startApolloServer();

 To integrate GraphQL in our MERN apps, we must connect a GraphQL schema to our Express.js server. We do this by adding an Apollo Server to our existing `service layer` and importing our schema.

In [3]:
from gql import gql, Client
from gql.transport.aiohttp import AIOHTTPTransport

# Select your transport with a defined url endpoint
transport = AIOHTTPTransport(url="https://countries.trevorblades.com/")

# Create a GraphQL client using the defined transport
client = Client(transport=transport, fetch_schema_from_transport=True)

# Provide a GraphQL query
query = gql(
    """
    query getContinents {
      continents {
        code
        name
      }
    }
"""
)

# Execute the query on the transport
result = await client.execute_async(query)
print(result)

{'continents': [{'code': 'AF', 'name': 'Africa'}, {'code': 'AN', 'name': 'Antarctica'}, {'code': 'AS', 'name': 'Asia'}, {'code': 'EU', 'name': 'Europe'}, {'code': 'NA', 'name': 'North America'}, {'code': 'OC', 'name': 'Oceania'}, {'code': 'SA', 'name': 'South America'}]}


### 2.1.2 Practice Activity: Queries

GraphQL is organized using types and fields. The query type gives us the entry point for our query. The object type provides the fields that we can use to retrieve data. We start by listing the entry point for the data we want to use. Then, we add the fields we want included in our results.

🔑 We click on the `schema` icon at the top left under the Apollo logo. Then select SDL inspect our app's schema. If the server has been correctly set up, we should see the schema's object and query types auto-populate.

`Object` types represent objects we can fetch and the fields it contains. The Class object has an `_id`, `name`, `building`, and `creditHours` fields. In addition, the `professor` field is a queryable field that holds a single `Professor` object:

In [None]:
type Class {
  _id: ID
  name: String
  building: String
  creditHours: Int
  professor: Professor
}

🔑 The `Query type` tells us what data we can access and the entry point to that data. To access the array of `Class` objects, we use the `classes` entry point:

In [None]:
type Query {
    schools: [School]
    classes: [Class]
    professors: [Professor]
  }

🔑 To create a query, we start by entering the name of the entry point we want to use. Because we want to work with `Class` objects, we use the `classes` entry point. We then list the fields we want included in our results. The `Class` object contains a `name` field, so we list the field `name` inside the brackets:

In [None]:
query classes {
    classes {
      name
    }
  }

🔑 To access the professor data in the same query, we start by adding `professor` to the list of fields. Then, to display data from the `Professor` object, we use a sub-query to list the names of the fields from the `Professor` object. The Apollo Sandbox makes this simple by providing a list of the names of the fields we can use:

In [None]:
query classes {
    classes {
    name
      professor {
      name
    }
  }
}

GraphQL is organized using types and fields. The query type gives us the entry point for our query. The object type provides the fields that we can use to retrieve data. We start by listing the entry point for the data we want to use. Then, we add the fields we want included in our results.

### 2.1.3 Practice Activity: typeDefs and Resolvers
🔑 For our queries to work, we must define our types to provide access to the data that we will need.

🔑 Each object contains a collection of related fields that return a particular type of data. These fields determine what data can be accessed from the database and provide a shape to our data.

The `Professor` object contains fields that will return data containing `name`, `_id`, `officeHours`, `officeLocation`, and `studentScore` data. These fields should match how the data in your database is structured:

In [None]:
type Professor {
    _id: ID
    name: String
    officeHours: String
    officeLocation: String
    studentScore: Float
  }  

🔑 We also use fields to define relationships between objects.

The `Class` object needs to access the information about a single related `Professor` object. We use a queryable field to retrieve a single `Professor` object. When the data from the `Class` object is queried, the data from the corresponding `Professor` object will also be available:

In [None]:
type Class {
    _id: ID
    name: String
    building: String
    creditHours: Int
    professor: Professor
  }

Likewise, the `School` object needs access to all of the `Class` objects. We use a queryable field to retrieve an array of all the `Class` objects:

In [None]:
type School {
  _id: ID
  name: String
  location: String
  studentCount: Int
  classes: [Class]
}

🔑 To access our data, we must also define an entry point. These entry points control the data that the query has access to. The `professors` entry point is used to access the array of all `Professor` objects. Likewise, the `schools` entry point controls the access to the array of all the `School` objects:

In [None]:
type Query {
  schools: [School]
  classes: [Class]
  professors: [Professor]
}

To respond to a query, we must also write a function that determines how the data for each field is populated when we make a query.

🔑 Because we are using Mongoose, we must import our models. These models create and read data from the MongoDB database:

In [None]:
const { School, Class, Professor } = require('../models');

🔑 When we write a query using the `professors` entry point, we call `.find()` on the `Professor` model that we imported to return all the data contained in the model instance, or document. This populates the fields:

In [None]:
professors: async () => {
    return await Professor.find({});
  }

We can also write a resolver that populates the data of a queryable field.

🔑 The `.populate()` method allows us to reference documents in other MongoDB collections easily. We use `.populate()`, to fetch data for queryable field `professor`:

In [None]:
classes: async () => {
    return await Class.find({}).populate('professor');
  }

To query data with GraphQL, we need a schema that will define the shape of the data. The `Object type` contains fields that will determine what type of data will be returned. The `Query type` defines the entry points. Then, to make our queries work, we write `resolvers`, which are functions used to populate the data fields.

### 2.1.4 Practice Activity: Query Arguments
🔑 We can also create more specific queries by passing arguments.

🔑 Up until now, we have been using an entry point that returns an array of all the objects and returns one or more fields in each object. For example, we use the `classes` entry point to return the id of all the `Class` objects:

In [None]:
query classIDs {
    classes {
      _id
    }
  }

Often, though, we want to query a more specific result like a single class.
- When we open up the schema tab, we see a new entry point has been defined in the query type. The `class` entry point provides access to a single `Class` object. Note that **single objects don't have brackets around them**!

In [None]:
class(id: ID!): Class

🔑 The class entry point also has an argument that allows us to define the id of the class object we want to fetch:

In [None]:
class(id: ID!)

The `ID!` is important here. The `ID` specifies the type of data that must be returned. The exclamation point `!` means that the data is required. Because we want our resolver function to search by ID for a particular class object, if that data is not provided, the search will not work.

🔑 To create a query, we start with the `class` endpoint and then specify the id of the specific `Class` object we want queried. (Note: the query will not yet return data):

In [None]:
query classInline {
  class(id: "1000") {
    name
  }
}

The data passed in the argument is then used by the resolver to retrieve the specific class. Because no resolver has been written, no data is returned. In the next activity, you will be building that resolver to make it work.

  - 🔑 To make our queries more durable, we can also add a variable. Variables are identified by a dollar sign `$` and allow us to reuse the same query over and over:

In [None]:
query classVariable($id: ID!) {
  class(id: $id) {
    name
  }
}

We start by requiring our variable and setting the data type of the variable to the required type. For an id, it is the ID type. We also want to make sure that we only run the query if the variable is not null, so we add the exclamation point:

In [None]:
query classVariable($id: ID!)

We then use the `class` entry point, and assign the `id` a value as we did before. In this case, we set the value of `id` to be the value held in the variable.

   - In our completed apps, the value for the variable is typically provided by the client. However, we can test the query using the Apollo Sandbox.

   - We enter the variable name and pass a value -- in JSON -- in the Query Variables pane, to test the query. We use just the variable name, not the `$` identifier:

In [None]:
{
  "id": "1000"
}

  - This variable provides the information needed by the resolver to fetch the data. Our next task is to set up the resolver so our queries work.

Reflect on the following question and answer pair before continuing on:

  - Question: Why would we add an argument to our query?

  - Answer: An argument allows us to write more specific queries. When we add an argument to our query, the argument is then passed to our resolver function. The resolver can then use that information to make a more targeted search.

### 2.1.5 Practice Activity: Mutations
GraphQL does more than retrieve existing data. We can also use GraphQL to write data as well.

  - 🔑 The mutation type is similar to the query type. However, instead of providing an entry point to read an object or objects, the mutation type provides an entry point to write an object or objects.

  - 🔑 We create an entry point `addSchool` and set the object that it will write to to be a `School` object.

  - 🔑 We also pass in arguments that define the fields that will be written. This information will be passed to the resolver.

In [None]:
type Mutation {
  addSchool(name: String!, location: String!, studentCount: Int!): School
}

  - 🔑 We enter the arguments that we wanted passed in as a parameter in the same order as we defined the fields in the mutation type:

In [None]:
addSchool: async (parent, { name, location, studentCount }) => { ... }

  - 🔑 We call `create()` on the imported School model to write to our MongoDB database:

In [None]:
return await School.create({ name, location, studentCount });

A mutation is way to write data using GraphQL. We use the mutation type to define the entry point to the data to be written and a mutation resolver to provide the functionality to write the data to our database.

## 2.2 Lesson Plan: Integrating the Front-End
### 2.2.1 Practice Activity: MERN Setup
🔑 The React.js front end is located on a separate port from our GraphQL API.

When we seed our database and open the app, we see a roster of friends and their endorsed skills.

Each time this page loads, the client sends a request to the API. The returned data is then displayed on the page, allowing us to see the roster.

🔑 When we look at the structure of our project directory, we see all the code needed to run the front end is contained in the client directory and all the code needed to run the back end is contained in the server directory.

Because they are two separate apps, we need to use two separate terminals to start up each app independently and run them on their own ports.

However, in a development environment, using two terminals can be cumbersome. So, to start up both apps simultaneously, we can add a third app located at the root. This will allow us to use just one set of commands -- and a single terminal -- to control both apps.

🔑 The root-level `package.json` belongs to this third app. We install `concurrently` as a development dependency at the root level so that we can run multiple commands at the same time during development. The installed dependency appears in the `package.json`:

In [None]:
"devDependencies": {
  "concurrently": "^8.2.0"
}

🔑 We then add the scripts needed to start up both apps using a single terminal:

In [None]:
"scripts": {
    "start": "node server/server.js",
    "develop": "concurrently \"cd server && npm run watch\" \"cd client && npm run dev\"",
    "install": "cd server && npm i && cd ../client && npm i",
    "seed": "cd server && npm run seed",
    "build": "cd client && npm run build"
  }  

🔑 Please note that as of the `MERN-Setup` folder, we no longer manually add the `"start": "vite"` script to the client-level `package.json`, instead we fallback to using the default `"dev": "vite"` script, referenced here in the `concurrently` command.

While in development, we also need a way for our front end to send requests to our back end on a different port.

To do this, we will use a proxy to handle requests and update them to include the URL location of our back end.

We add a `proxy` field to the client's `vite.config.js` and add the URL of our back end as the value. Now, while in development, requests will be prefixed by `"http://localhost:3001/graphql"` to allow them to be received by the API.

In [None]:
proxy: {
    '/graphql': {
      target: 'http://localhost:3001',
      changeOrigin: true,
      secure: false,
    },
  },

Question: How does our front end and back end communicate when running on separate ports?

Answer: In the client directory's `vite.config.js` we add a proxy that identifies the port where the server is running. This allows the front end (the client) to send requests to the API (the server). We can then use the npm package `concurrently` to start up both the front end and back end during development, using `npm run develop`.

### 2.2.2 Practice Activity: useQuery
Navigate to `useQuery` in your command line and `run npm install` and `npm run develop`.

🔑 You can opt to run `npm run seed` to clean up your database if you wish, but it is not required.

To set up our React front end to be able to send requests, we need to use one more tool.
- 🔑 Apollo Client is a library that allows us to handle data using the GraphQL on the front end.
- 🔑 We first install `@apollo/client` and import the component and classes we need for setup:

In [None]:
import { ApolloClient, InMemoryCache, ApolloProvider } from '@apollo/client';

- 🔑 Next, we create a new instance of the imported `ApolloClient` class to implement the core client-side API and provide the uri of our GraphQL API so we can send requests.

- 🔑 Apollo Client has an in-memory cache that stores the data from completed requests. To use Apollo's in-memory cache, we first import `InMemoryCache` in our `App.jsx` file:

In [None]:
const client = new ApolloClient({
    uri: '/graphql',
    cache: new InMemoryCache()
  });  

🔑 To access the `ApolloClient` instance from anywhere in your component tree, we use the `ApolloProvider` component to wrap our React.js app:

In [None]:
<ApolloProvider client={client}>
  <div className="flex-column justify-flex-start min-100-vh">
    <Header />
    <div className="container">
      <Home />
    </div>
    <Footer />
  </div>
</ApolloProvider>

Now, our Apollo Client is set up and we are ready to write a query and start sending requests.

🔑 We write a query that uses the `profiles` entry point and return values for the `_id`, `name`, and `skills` fields. It is important that these values match a type defined in our GraphQL API schema exactly. Otherwise, the query will not work:

In [None]:
query allProfiles {
    profiles {
      _id
      name
      skills
    }
  }

🔑 For our query to execute, it must be contained in a `gql` function. We import the functionality from `apollo/client` at the top of the page:

In [None]:
import { gql } from '@apollo/client';

🔑 Next, we wrap our query in the `gql` function and add `export` so we can use our query in our component:

In [None]:
export const QUERY_PROFILES = gql`
  query allProfiles {
    profiles {
      _id
      name
      skills
    }
  }
`;

In [None]:
// We import the useQuery Hook from @apollo/client to return our data:
import { useQuery } from '@apollo/client';
// We also the query into the component where we want our data to be displayed:
import { QUERY_PROFILES } from '../utils/queries';
/**
 * We use the useQuery Hook to execute the query when the page renders. The returned object will contain both loading and data properties:
 */
const { loading, data } = useQuery(QUERY_PROFILES);
// We can then store the returned data in a variable so we can display the information on our page:
const profiles = data?.profiles || [];
/* ... */
<ProfileList
  profiles={profiles}
  title="Here's the current roster of friends..."
/>

  - Question: What is Apollo Client?
  - Answer: Apollo Client is a powerful library that allows us to request data from our API and handles the whole request cycle.
  - Question: What can we do with Apollo Client?
  - Answer: Using Apollo Client, we can easily execute a query and use the returned data to populate our page in a few lines of code.

### 2.2.3 Practice Activity: Query Variables
Navigate to Query-Variables in your command line and `run npm install` and `npm run develop`.
- 🔑 You can opt to run `npm run seed` to clean up your database if you wish, but it is not required.
- Open Query-Variables/client/src/utils/queries.js in your IDE and follow along:
    - 🔑 We create a query that utilizes the `profile` entry point and retrieves values for the `_id`, `name`, and `skills` fields.
    - To retrieve these values, we need to specify the profile to query. For this purpose, we pass a required `$profileId` variable, which must be of type `ID`.
    - When the query is dispatched, the provided value of `$profileId` populates the `profileId` argument:

In [None]:
query singleProfile($profileId: ID!) {
    profile(profileId: $profileId) {
      _id
      name
      skills
    }
  } 

- After we import the `useQuery` Hook from `@apollo/client` and the query we plan to use, we execute the query when the component renders. The returned object will contain both `loading` and `data` properties.
- This time, as the query requires an argument to specify the profile from which to retrieve data, we provide a second argument to the useQuery hook. This argument is an object with a variables property.
    - Inside the variables property, we pass the key-value pair that corresponds to the query structure defined in our queries.js utility, using the profileId obtained from the URL parameters.

In [None]:
const { loading, data } = useQuery(QUERY_SINGLE_PROFILE, {
  variables: { profileId: profileId },
});

- 🔑 Within the type Query definition, we specify the profile entry point.
    - It accepts a required argument profileId, which is of type ID.
    - In response to this request, we expect to receive a single object of type Profile.

In [None]:
type Query {
    ...
    profile(profileId: ID!): Profile
  }

- 🔑 Within the resolvers Query object, we define a resolver for the matching profile entry point.
    - This resolver utilizes the second parameter value to access the profileId value sent from the client.
    - The value returned by this resolver is sent back as the API response to the client.

In [None]:
Query: {
  ...
  profile: async (parent, { profileId }) => {
    return Profile.findOne({ _id: profileId });
  },
},

Question: How does the `useQuery` function in Apollo Client allow you to pass variables for queries that require data from the front end to be properly retrieved?

Answer: The `useQuery` function in Apollo Client allows you to pass variables as a second argument. This enables queries that require data from the front end to be properly retrieved. By providing dynamic values or user input as variables, the query can adapt and return the relevant data based on these variables.

### 2.2.4 Practice Activity: useMutation
Setting up a mutation is a lot like setting up a query. First, we set up our front end to send requests using Apollo Client.

🔑 Then, we write our mutation, making sure our entry point and fields match definitions in our schema exactly and that our variable definition is set. We also define a variable `$name`. This variable will be used to pass back data when our mutation executes:

In [None]:
mutation addProfile($name: String!) {
  addProfile(name: $name) {
    _id
    name
    skills
  }
}

Finally, we wrap our completed mutation in a `gql` function and export it.

In [None]:
export const ADD_PROFILE = gql`
  mutation addProfile($name: String!) {
    addProfile(name: $name) {
      _id
      name
      skills
    }
  }`;

🔑 In the component where we want to execute the mutation, we import the mutation we created as well as the `useMutation` Hook:

In [None]:
import { useMutation } from '@apollo/client';
import { ADD_PROFILE } from '../../utils/mutations';

🔑 Next, we apply the `useMutation` Hook to return a mutation function that we can use to trigger the mutation as needed:

In [None]:
const [addProfile, { error }] = useMutation(ADD_PROFILE);

Because we want our mutation function to execute when we submit the form, we place it inside the `handleFormSubmit` function:

In [None]:
const { data } = await addProfile({
    variables: { name },
  });

// 🔑 We then assign a value to our mutation variable that represents the name entered by the user:
variables: { name }

// We wrap our mutation function in a try...catch and add error handling. This will handle any errors gracefully if our request fails:
try {
  const { data } = await addProfile({
    variables: { name },
  });

} catch (err) {
  console.error(err);
}
/**
 * 🔑 Finally, we add a refresh to allow our page to reload after the mutation is executed. This will stop any cache issues and allow our new profile to be displayed:
 */
window.location.reload();

- Question: When are mutations executed using `useMutation()`?

- Answer: Mutations are not immediately executed when the page is rendered. Instead, the `useMutation()` Hook returns a mutation function that can be called inside another function. This makes it easy to attach a mutation to an event, like a form submission.

### 2.2.5 Practice Activity: MERN Review
- 🔑 We are using two separate apps in development of this MERN application. The front end is contained in the `client` directory and the back end is contained in the `server` directory.

- Because they are two separate apps, we need to use two separate terminals to start up each app independently and run them on their own ports.

- 🔑 We install `concurrently` as a development dependency at the root level so that we can run multiple commands at the same time during development.

- 🔑 We then add the scripts needed to start up both apps using a single terminal:

In [None]:
"scripts": {
    "start": "node server/server.js",
    "develop": "concurrently \"cd server && npm run watch\" \"cd client && npm run dev\"",
    "install": "cd server && npm i && cd ../client && npm i",
    "seed": "cd server && npm run seed",
    "build": "cd client && npm run build"
  }  

We add a `proxy` field to the client's `vite.config.js` and add the URL of our back end as the value. Now, while in development, requests will be prefixed by `"http://localhost:3001/graphql"` to allow them to be received by the API.

In [None]:
proxy: {
    '/graphql': {
      target: 'http://localhost:3001',
      changeOrigin: true,
      secure: false,
    },
  },

🔑 Apollo Client is a library that allows us to handle data using the GraphQL on the front end.

🔑 We first install `@apollo/client` and import the component and classes we need for setup:

In [None]:
import { ApolloClient, InMemoryCache, ApolloProvider } from '@apollo/client';

🔑 Next, we create a new instance of the imported `ApolloClient` class to implement the core client-side API and provide the uri of our GraphQL API so we can send requests. We also create a new instance of `InMemoryCache` to enable caching:

In [None]:
const client = new ApolloClient({
    uri: '/graphql',
    cache: new InMemoryCache()
  });

🔑 To access the `ApolloClient` instance from anywhere in your component tree, we use the `ApolloProvider` component to wrap our React.js app:

In [None]:
<ApolloProvider client={client}>
  <div className="flex-column justify-flex-start min-100-vh">
    <Header />
    <div className="container">
      <Home />
    </div>
    <Footer />
  </div>
</ApolloProvider>

React Router is a library that allows us to easily add navigation and dynamic routing to our apps.

🔑 To use React Router, we start by importing the `RouterProvider` component and `createBrowserRouter` helper function from `react-router-dom`:

In [None]:
import { createBrowserRouter, RouterProvider } from 'react-router-dom'

🔑 To create routes, we wrap an array of route definitions in the `createBrowserRouter` method. Route objects define the page we want to access and identify the path. We must start by defining the root component, in this case our `App` component will always render, and the content within will render conditionally based on the URLs we define next.

In [None]:
const router = createBrowserRouter([
    {
      path: '/',
      element: <App />,
      errorElement: <Error />,
      children: [
        ...
      ],
    },
  ]);

🔑 Note that within a route object we have a `path` as well as an `element`. The `path` signifies the URL and the `element` signifies which component we want the user to see when they hit that path! To have our `Home` component render at the root route, we set it as the index component for our website. Now, when we navigate to `http://localhost:3000/`, the `Home` page will display.

In [None]:
{
    index: true,
    element: <Home />,
  },

🔑 To create a dynamic route, we simply add a parameter `:profileId` to our path. For the `Profile` page, the URL will change depending on which tech friend's information is being displayed. The profile pages will now be available at `http://localhost:3000/profiles/<profileId>`:

In [None]:
{
    path: '/thoughts/:profileId',
    element: <Profile />,
  },

🔑 Next, we render our `RouterProvider` component. This allows us to keep track of the location and easily navigate between pages:

In [None]:
ReactDOM.createRoot(document.getElementById('root')).render(
    <RouterProvider router={router} />
  )

🔑 Links are a React Router component that allow us to navigate around our app using a hyperlink.

To use a link, we first have to import the component:

In [None]:
import { Link } from 'react-router-dom';

🔑 Then, we create the link inside the `.map()` function and give it a path to an existing route using `to`. We use `${profile._id}` to assign the route's parameter to the id of our current tech friend:

In [None]:
<Link
  className="btn btn-block btn-squared btn-light text-dark"
    to={`/profiles/${profile._id}`}
 >
   View and endorse their skills.
</Link>

When the user clicks on the link inside our app or enters the page's URL in the browser, we want only the associated tech friend's information to display on the page.

🔑 To do this, we first grab the needed profile id from the URL's parameter using the `useParams()` Hook:

In [None]:

const { profileId } = useParams();


🔑 Then, we use that profile id to query our data and return the associated tech friend's information:

In [None]:
const { loading, data } = useQuery(QUERY_SINGLE_PROFILE, {
    variables: { profileId: profileId },
  });  

🔑 We can then use the returned data to populate the page:

In [None]:
<h2 className="card-header">
  {profile.name}'s friends have endorsed these skills...
</h2>

Question: How do we use React Router to add navigation to our site?

Answer: React Router is a library that allows us to easily create a route for each page for our app. The route can then be used by either entering the path into a browser window or internally, when a user clicks on a link.

## 2.3 Lesson Plan: JSON Web Tokens (JWT)
- Create and verify a JSON Web Token to log in the user.
- Store, check expiration of, and pass JSON Web Tokens to an Apollo Client.
- Implement server-side authentication in GraphQL API.
- Explain a practical use case for implementing GitHub Actions.

### 2.3.1 Practice Activity: Sign JWT
🔑 To generate a token in our apps, we start by adding a `auth.js` file to our server's `utils` directory and requiring the `jsonwebtoken` library to provide the functionality to check the validity of the token using a `secret` and `expiration`:

In [None]:
const jwt = require('jsonwebtoken');

🔑 We then assign values for both a `secret` and `expiration`. The `secret` is a private key that signs the token and enables the server to verify whether the token is valid. The `expiration` is the length of time the token remains valid before expiring:

In [None]:
const secret = 'mysecretsshhhhh';
const expiration = '2h';

🔑 Next, we add a `signToken()` function to combine the payload, secret, and string and return our token as a string:

In [None]:
signToken: function ({ email, name, _id }) {
    const payload = { email, name, _id };
    return jwt.sign({ data: payload }, secret, { expiresIn: expiration });
  },

🔑 We call the `signToken()` function in the resolvers where we want to transmit data securely to generate a signed token:

In [None]:
addProfile: async (parent, { name, email, password }) => {
    const profile = await Profile.create({ name, email, password });
    const token = signToken(profile);
    return { token, profile };
  }  

We also need a way to handle a password in the resolvers. We start by importing `bcrypt`, a library that is used to safely store a password in the `Profile` model:

In [None]:
const bcrypt = require('bcrypt');

Next, we add a save hook to encrypt a password when a new profile is created:

In [None]:
profileSchema.pre('save', async function (next) {
    if (this.isNew || this.isModified('password')) {
      const saltRounds = 10;
      this.password = await bcrypt.hash(this.password, saltRounds);
    }
    next();
  });

We also add an `isCorrectPassword()` method that checks to determine if the correct password was provided by the user:

In [None]:
profileSchema.methods.isCorrectPassword = async function (password) {
    return bcrypt.compare(password, this.password);
  }

We then export the model so the functionality can be used in our resolvers to handle our passwords.

Now, that we have a way to generate a token and handle a password, we also need to add definitions to our existing GraphQL schema to handle our token.

🔑 When we open the `schema` tab, we see that there is an object type `auth`, that contains `token` and a profile field. This defines the `Auth` data we will have access to:

In [None]:
type Auth {
    token: ID!
    profile: Profile
  }

🔑 We can access this `auth` object through two mutation entry points: `login` and `addProfile`. Let's use the `addProfile` entry point to add a new profile to see a generated token.

We write a mutation in the editor that takes in three values: name, email, and password:

In [None]:
mutation addProfile($name: String!, $email: String!, $password: String!) {
  addProfile(name: $name, email: $email, password: $password) {
    token
    profile {
      _id
    }
  }
}

We then assign values to our variables in the `Query Variables` editor to replicate the user-provided data and test if our mutation works:

In [None]:
{
  "name": "sample",
  "email": "me@me.com",
  "password": "password"
}

When we click the play button, we see that a signed token is stored in the `token` field.



🔑 When we copy the generated token into the decoder, we see that the payload contains the `name` and `email` that we added, an `iat` that describes when the data was created, and the token's expiration:

In [None]:
{
  "data": {
  "email": "me@me.com",
  "name": "sample",
  "_id": "601a054d40fbcbf267a3f253"
},
  "iat": 1612318029,
  "exp": 1612325229
}

The process of generating a signed token takes place in the resolver.

Reflect on the following question and answer pairs before continuing on:
Question: How do we use the `signToken()` function to generate a signed token?

Answer: The `signToken()` function expects an object that contains data and will add that object's properties to a token. The `secret` and `expiration` are also added.

### 2.3.2 Practice Activity: Decode JWT
🔑 When a token is returned to our front end after a user is successfully logged in, it must be stored and decoded. We import the `jwt-decode` library to decode the data a token holds as well as when it expires:

In [None]:
// auth.js

import decode from 'jwt-decode';

/**
 * Next, we create a new class AuthService and add the functionality needed to store our token so we can easily retrieve it and include it with a request to the server:
 */
class AuthService {}

/**
 * 🔑 Inside this class, we use the getToken method to retrieve an existing token from local storage, if it exists:
 */
getToken() {
    return localStorage.getItem('id_token');
  }

  /**
   * 🔑 We then call the getToken method in the loggedIn method to check if a token has been returned. If a user has been successfully logged in, a token will be returned from local storage. If not, no user is logged in:
   */
  loggedIn() {
    const token = this.getToken();
    return token ? true : false;
  }

  /**
   * 🔑 When a user logs in, we store the token in local storage. Then, when a user logs out, we remove the token. This makes sure our token is only held in storage while a user remains logged in:
   */
  login(idToken) {
    localStorage.setItem('id_token', idToken);
    window.location.assign('/');
  }
  
  logout() {
    localStorage.removeItem('id_token');
    window.location.reload();
  }

  /**
   * 🔑 We also add a getProfile method that decodes the retrieved token and returns a string so the expiration date and the data in the token can be used:
   */
  getProfile() {
    return decode(this.getToken());
  }

  /**
   * We then export our AuthService so we can use this functionality in our Login page:
   */
  export default new AuthService()

In [None]:
// App.jsx
/**
 * 🔑 To authenticate requests sent to the back end while a user is logged in, we must add a header containing the token in our requests. We use the setContext() function from Apollo Client to do this:
 */
import { setContext } from '@apollo/client/link/context';

/**
 * 🔑 We then use the setContext() method to retrieve an existing token from local storage and attach the JWT token to every request sent from the client. The back end will then use this information to verify the request:
 */
const authLink = setContext((_, { headers }) => {
    const token = localStorage.getItem('id_token');
    return {
      headers: {
      ...headers,
      authorization: token ? `Bearer ${token}` : '',
    },
  }});

In [None]:
// Login.jsx
/**
 * Using the functionality we just added, we execute the login mutation and receive a token in return. This token is then immediately stored using our AuthService functionality:
 */
const handleFormSubmit = async (event) => {
    event.preventDefault();
    console.log(formState);
    try {
      const { data } = await login({
        variables: { ...formState },
      });
  
      Auth.login(data.login.token);
        } catch (e) {
          console.error(e);
        }
    };

- Reflect on the following question and answer pairs before continuing on:
    - Question What library do we use to decode the information in our token on the front end?
    - Answer: We use the `jwt-decode` library to check what information a token holds and when it expires.
    - Question: How do we attach a token as a header to our front-end requests?
    - Answer: We use the `setContext()` method to retrieve an existing token, if it exists, and attach it to our request.

### 2.3.3 Practice Activity: Resolver Context
While we can decode our token in the front end and attach it to a request as header, we are still missing the key functionality needed to verify our token and decode it before it reaches our resolver. To do that, we will have to return to our back-end code.

In [None]:
// auth.js
// We import the jsonwebtoken library in our server's auth.js file:
const jwt = require('jsonwebtoken');

/**
 * 🔑 Then, we add a authMiddleware function to check if there's a token with the request and, if it exists, verify and decode the token.
 * First, we describe the way our tokens can be received:
 */
let token = req.body.token || req.query.token || req.headers.authorization

/**
 * 🔑 Next, we use the jsonwebtoken library's verify() method to check if our token is valid and return the payload data:
 */
const { data } = jwt.verify(token, secret, { maxAge: expiration });

/**
 * We then return the req object and supply the request -- and the needed data -- to the resolver function:
 */
return req;

In [None]:
// server.js
/**
 * 🔑 We import the authMiddleware function from our auth.js file to use it in the context of our ApolloServer instance:
 */
const { authMiddleware } = require('./utils/auth');

/**
 * Previously, to integrate our ApolloServer with our Express application, we passed along our Apollo server as part of the expressMiddleware. Now, we add a context property and set the value to authMiddleware. This allows the incoming requests to be verified and the data returned from the authMiddleware() function to be made available to our resolvers:
 */
app.use('/graphql', expressMiddleware(server, {
    context: authMiddleware
  }));

To access the data in the `context`, we add a context parameter to our query and mutation resolvers. This will pass in the data from our token so that it can be used by the resolvers. Because parameters in resolvers are positional, the `context` parameter must always be in the third place:

In [None]:
// resolvers.js
me: async (parent, args, context) => {
    if (context.user) {
      return Profile.findOne({ _id: context.user._id });
    }
    throw AuthenticationError;
  },

Reflect on the following question and answer pairs before continuing on:

Question: How do we verify and decode a token before it reaches the resolver?

Answer: We add a `context` option to our Apollo Server configuration and give it the value of `authMiddleware`. Then, in our `authMiddleware` method, we add the functionality needed to verify and decode our token. This will allow us to intercept any request to the server and check if there's a valid JWT before the request gets to the resolver.

### 2.3.4 Practice Activity: GitHub Actions
**GitHub Actions** are automated tasks or workflows that run when certain events are triggered, like pull requests. At their core, they are a series of commands that allow us to automate things like deployment, testing, and linting.

Using this guide, you will create a GitHub Action that automatically runs linting checks on any pull request made to the `main` or `develop` branches. Actions like this can especially benefit collaborative efforts like group projects.

In [None]:
# First we create a boilerplate React app:
npm create vite@latest

For this practice activity, name your application gh-actions-demo.

🔑 We set up the GitHub Action locally and then push it to GitHub. As a result, we still need to install dependencies locally to ensure that they are added to the `package.json` file. To do this, we change into the `gh-actions-demo` folder and run the following command:

In [None]:
npm i eslint --save-dev

With `eslint` installed as a developer dependency, we add a new script to the `package.json` file that allows us to run linting checks with a single command:

In [None]:
"scripts": {
  "eslint": "eslint src"
},

In [None]:
# Next, we create a GitHub repository named gh-actions-demo, and we add the remote to the local repository:
git remote add origin git@github.com:USERNAME/gh-actions-demo.git
git branch -M main

#We also add and commit all of the files and push to the remote repository:
git add -A
git commit -m "Adding existing files"
git push -u origin main

We build the GitHub workflow by creating a directory called `.github` and a subdirectory called workflows, with a `main.yml` file inside the `workflows` directory.

The folder structure should look something like this:

In [None]:
.github
  └── workflows
      └── main.yml

Then we add the workflow to the `main.yml` file, telling GitHub which actions to execute when a specific trigger happens:

In [None]:
#  Name of workflow
name: Lint workflow
# Trigger workflow on all pull requests
on:
    pull_request:
        branches:
            - dev
            - main
# Jobs to carry out
jobs:
    test:
        # Operating system to run job on
        runs-on: ubuntu-latest
        # Steps in job
        steps:
            # Get code from repo
            - name: Checkout code
              uses: actions/checkout@v1
            # Install NodeJS
            - name: Use Node.js 12.x
              uses: actions/setup-node@v1
              with:
                  node-version: 12.x
            # Build the app
            - name: 🧰 install deps
              run: npm install
            - name: Run lint
              run: npm run eslint

After that, we save the changes, commit all the files, and push to GitHub once again.

With the workflow in place in the repository, we can now create a new branch, make a pull request to `dev` or `main`, and witness the workflow in action!