verify error does not break app

[cch5ng]

• [x] think it is probably too easy to spoof the uid and so switch this value to email instead

• [x] change FE behavior so that if the email value is not available, redirect to login (this is kind of a hassle but better security for now, until I figure out something better)

---

example

/fe_interview/server/app/testQuestion/table.js:50
09:44:29 server.1   |                   const question_id = resp.rows[0].question_id;
09:44:29 server.1   |                                                    ^
09:44:29 server.1   |  TypeError: Cannot read property 'question_id' of undefined
09:44:29 server.1   |      at pool.query (/Users/sassafrass/programming/projects/fe_interview/server/app/testQuestion/table.js:50:39)
09:44:29 server.1   |      at Query.client.query (/Users/sassafrass/programming/projects/fe_interview/server/node_modules/pg-pool/index.js:300:18)
09:44:29 server.1   |      at Query.handleReadyForQuery (/Users/sassafrass/programming/projects/fe_interview/server/node_modules/pg/lib/query.js:125

this one seems to stop the server

[cch5ng]

unclear about security issues with relying solely on the jwt for auth; ie case where user starts new browser session without login but with jwt

resc

https://tools.ietf.org/id/draft-ietf-oauth-jwt-bcp-02.html

https://stormpath.com/blog/build-secure-user-interfaces-using-jwts

https://logrocket.com/blog/jwt-authentication-best-practices/

https://auth0.com/docs/security/store-tokens

[cch5ng]

closing as fixed