URI

While testing we use localhost, but after deployment we use deployed url, therefore we need to store URI variable in other config.js file and import for easy changing

  • Override URI and Options using ...options in a new variable, create new url, create authOptions with options and fetch using authOptions and url
  • After login user needs to be redirected to page

NGINX and CORS

Cors policies need to be configured in NGINX or else CORS errors will occur as Acces-Control-Authorized-Header is not present

Python CORS

  • Moved from main.py to init.py
  • Tells python which frontend servers are allowed to access backend and fetch

Python Authorization

  • Only logged in users with a token should be allowed to use certain function
  • Token code defined iin auth_middleware.py file defines @token_required
  • Returns token, can view user from token that is sent back to backend, like a global storage for UID
  • Cookie is unwrappable and can be stored in function
  • User is returned from token_required to function, replace underbar with user will get user

Python CSRF

  • Generic key in code, in init.py can be modified to protect against CSRF attacks

HTTP Requests in token and authorization

  • Unguarded requests
    • POST to initiate user, needs this to do anything else
  • Guarded requests
    • GET, PUT, DELETE request, needs to be logged in to fetch from these functions

Deployment

Docker

  • Change ports, python version
  • Dockerfile builds the application
  • docker_compose.yml specified information about computer and server
    • changing image allows image name to be identifiable
  • NGINX config, add proper methods, change origin that is allowed to access resource and server name
  • If docker is shut down and there is no outside volume, then database is wiped every time you restart server, hence why instance is mounted