Pass a unique user ID from frontend to backend

[avacariu]

Depends on #125

Since the Flask frontend is completely separate from the query backend, the Flask code doesn't have any way of knowing about what queries the user made. The backend will log that, and save it somewhere (see #174), so if we give it a user ID along with all the other query parameters (maybe in the HTTP headers), it can keep track of which users made which queries. We can then use this in our analytics.

This could be as simple as this in our base.html template.

<script>
    userID = {{ g.user.email }};
</script>

The Javascript code and query backend will need to be modified a bit to pass this extra variable around.

It doesn't have to be the user's email; we can generate a UUID. The email is guaranteed to be unique and stay constant across multiple copies of the site, however, so it could be a good idea.

We might want to have a privacy policy once we start doing this, though.

[anoopsarkar]

If we use email can it be leaked to a 3rd party inspecting the json being sent to the backend? If so, perhaps UUIDs are safer.

[avacariu]

If we don't use HTTPS, then yes. But then again, we don't use HTTPS anywhere, so they'd be able to match UUIDs to emails anyways (based on data in Google's OAuth2 response).

Cloudflare provides free SSL certificates (although only for cloudflare -> browser; server -> cloudflare is unencrypted). We might want to look into whether this works for us (I use it myself on a couple sites), since it'd limit the number of 3rd parties who could inspect the packets.

If we could get a cheap SSL certificate, then it'd be the best solution. StartSSL gives 1 free certificate: http://www.startssl.com/?app=1, so we could use that.

[anoopsarkar]

let's just use emails for now. and worry about SSL later.