Next steps

[guanacone]

This project close to be finished. There are a couple things I'd like to implement before considering it done:

1. NavBar Giving the project a more unfriendly UI. Shouldn't be to complicated.

2. Separate interfaces to edit user details and to modify password (user needs to enter old password to save new one)

3. Email confirmation After sign up I'd like to have an email sent to the user to activate his account and to confirme it's a valid email.

4. Password reset forgot password link on login page that send email to reset password

5. Better looking frontend!!!

I was thinking implementing those features in the above order. Any suggestions and/or recommendations about that?

[edwmurph]

nice ya those seem like good next steps for this and i agree the order you listed seems like a good approach

1. ya this would be good. i'd recommend using flex for positioning items in the bar

2. there's a few different standard flows for changing passwords. you could just add a new section to the UserEdit component that has a separate save button from the form and has inputs for the old and new password. or a button that brings the user to a new page/modal for changing the password but i think thats slightly more work

3. this is a little tricky and might require going through aws but here's a few decent libraries for this:

   • https://www.npmjs.com/package/email
   • https://www.npmjs.com/package/emailjs
   • https://www.npmjs.com/package/node-ses

i haven't setup a email verification flow before but since you already having tooling for jwt tokens it'd probably make sense to send the user a link with a TTL'd/ephemeral jwt token in the query param so when they click it it goes to a page that verifies the token on the backend. i couldn't find any good guides for setting this up tho so it'd be worth you doing a little research on best practices here

4. also for this i havent setup this type of flow before but since you already have tooling for jwt tokens this might be a good approach https://www.smashingmagazine.com/2017/11/safe-password-resets-with-json-web-tokens/

5. ya this gets into design which is tricky. i'd recommend starting with all the functional aspects of the site and then iterating on various design improvements once you have that foundation

i'd also recommend at some point doing:

• increase auth token expiration (~30m)
• move mongo creds to env vars

[edwmurph]

another good task to add to the list that'd help with reviews going forward would be to turn on deploy previews (heroku calls it Review Apps) so you can confirm what the pull request will look like when deployed

https://devcenter.heroku.com/articles/github-integration-review-apps

also i'd recommend at some point updating this log to show the secrets from your util so you can confirm it's detecting the heroku env correctly https://github.com/guanacone/fullstack_app/blob/master/server/index.js#L1

[guanacone]

I'm actually not happy with the heroku deployment and the secrets. I'd like to discuss it in a meeting. Can you please resend me the link to schedule a meeting.

What do think on this tutorial?

[edwmurph]

ya sure grab a time https://calendly.com/edwmurph3/30min i also added that link to my website if you lose track of it again https://edwardmurphy.dev/mentoring

next step there would be to remove the gatsby-plugin-nodejs so it doesnt run the app during the build. and then you won't need to have the IN_HEROKU env var and can just reference env vars normally

i think heroku is actually pretty nice for this starter, especially since it's free. and once you remove gatsby-plugin-nodejs it'll be better. alternatively if you dont like heroku for some other reason, you could go with another 3rd-layer cloud provider like digital ocean or render but i havent tried those for a full stack app yet. that guide you linked seems pretty good if you want to use ECS but that's all probably gonna cost you at least $15/month which you might want for a production app but also kinda overkill for this. we can discuss this more here in this thread if you want and/or in our next meeting but those are my initial thoughts