Every user could see every todo item that was created. This was not personalized, nor does it make use of the individual user profiles.
Solution
Associate each todo item with a specific user in the database. Now, when creating a new todo item, the user_id is given by the passport so long as the request has the correct token in the Authorization Header. When retrieving todo items, the same idea is applied. The todo API is protected by the passport authentication. Without a valid, nonexpired token in the header of the request, the server will give back a 401 status, which will prompt the client to log the user out and ask them to log back in.
Testing
This was tested by creating new todo items as one user and logging in as another user to ensure that they did not show up. The passport protection was tested by trying to access the routes without a proper token in the header, and the correct response was given back.
Notes
This PR also introduces a better way to make API calls with axios. There is a centralized API instance that provides the base URL and the functionality for grabbing the token from localStorage. It also has a handler for responses, meaning that we can handle each response error status in one place and it will apply to all of our API requests. Currently, we only handle for 401, but we can easly handle for other status codes in the future now.
Problem
Every user could see every todo item that was created. This was not personalized, nor does it make use of the individual user profiles.
Solution
Associate each todo item with a specific user in the database. Now, when creating a new todo item, the
user_idis given by thepassportso long as the request has the correct token in the Authorization Header. When retrieving todo items, the same idea is applied. ThetodoAPI is protected by thepassportauthentication. Without a valid, nonexpired token in the header of the request, the server will give back a 401 status, which will prompt the client to log the user out and ask them to log back in.Testing
This was tested by creating new todo items as one user and logging in as another user to ensure that they did not show up. The
passportprotection was tested by trying to access the routes without a proper token in the header, and the correct response was given back.Notes
This PR also introduces a better way to make API calls with axios. There is a centralized API instance that provides the base URL and the functionality for grabbing the token from localStorage. It also has a handler for responses, meaning that we can handle each response error status in one place and it will apply to all of our API requests. Currently, we only handle for 401, but we can easly handle for other status codes in the future now.
Closes #15