SimpleBudget
Getting Started
- clone this repo
- download a database browser like Sqlite browser
- download postman
- download nvm
- download yarn
- get latest stable node
nvm install v10.13.0(important to use this version to avoid bcrypt error)
Server
- nav to server root
cd simple/server - run
yarn install - run
yarn add sqlite3idk why it forces this manually - copy
.env.exmaplein the root dir and rename the new file.env
- jwt secret can be anything you want
- get the plaid keys from the plaid account (should be an invite in your email)
- plaid env should be
sandboxto use made up transactions, ordevelopmentfor using live credentials - webhook URL can be ignored for now, part of localtunnel.me
- run
yarn start - your server should be running, move onto client
Client
- nav to
cd simple/client - run
yarn install - run
yarn start - a client should popup on http://localhost:3000
Site
- visit
http://localhost:3000/signupand create a new user
- check the db browser to confirm you can see this new user in the user table
- you should now be seeing the simplebudget homepage, including a blank budget, transactions,etc
- try adding a budget for the fuck of it. this should work
- connect to plaid using the "open link" button
- use username=user_good and password=pass_good per the plaid docs
- go back to the db brower and find the plaidItem
itemIdassociated with your new user - use postman to send the following request to your server running on port 4000:
method=POST
URL=http://localhost:4000/webhook
type = raw, applicaion/JSON
body:
{
"item_id": "YOUR_ITEMID_HERE",
"new_transactions": 13,
"webhook_code": "HISTORICAL"
}
- chill out for a sec and re-read the plaid quickstart docs. it can take plaid some time to get the txns for a new item id. if you dont get the transactions list loaded into the db after this request, wait a bit and try again
- click the 'refresh' transactions button. you should now have all the transaction data loaded into simplebudget :^)
Authentication
TLDR version, detailed version to come.
- auth starts with the first request made to the server. on /login or /signup, the server will create a JWT - JSON Web Token using the new user's ID. once the user is created, we send this JWT (token) back to the client
// signup mutation in resolvers.js
const signupUser = await User.create(user);
await signupUser.createBudget();
const token = jwt.sign({ id: signupUser.id }, JWT_SECRET);
return {
token: token
}- the client form that sent the request to the server awaits the response containing the newly signed JWT, which it then stores in the browser as a cookie, using jsCookie
// handleSubmit in SignupForm.js
const result = await signup({
variables: {
user: {
email,
password
}
}
});
const { data: { signup: { token } } } = result;
jsCookie.set('token', token);- The client uses jsCookie to pull the token out of the browser and inject it into the header of a request. We do this in the
networkInterfacemiddlewear, so the token is injected into every request that the client makes
// client/index.js
networkInterface.use([{
applyMiddleware(req, next) {
if (!req.options.headers) {
req.options.headers = {}
}
const token = jsCookie.get(token);
if (!_.isEmpty(token)) {
req.options.headers.Authorization = `Bearer ${token.token}`
}
next();
}
}]);- With every request to the /graphql server, the JWT authentication middleware authenticates callers using a JWT. If the token is valid, req.user will be set with the JSON object decoded to be used by later middleware for authorization and access control. We then pull the user id out of the requests and use it to set the graphQL context
// server/index.js
server.use(
'/graphql',
jwt({
secret: JWT_SECRET,
credentialsRequired: false
}),
graphqlExpress(req => ({
schema,
context: {
user: req.user
},
}))
);- We use this context in our server resolvers to find the relevant user data
// createBudget in resolvers.js
createBudget: async (root, { budget }, context) => {
const days = moment().day() - moment().day(1).day();
const user = await User.findOne({ where: { id: context.user.id } });