Submitted almost 3 years ago
(1:20pm - 2pm, 6:50pm - 9:50pm)
* Made up the one hour of coding I was behind on from Tuesday
* Added this post to my blog via API (but only submitted the title and "I'm posting this via my blog's API!" in the body via curl, then edited form the web app)
* Obfuscated user IDs in the URL of my budget app by switching them out for a UUID
* Removed update profile link from login page and update profile page in budget app
* Made it so that one will be redirected when attempting to a user's profile via their UID in the budget app
* Started implementing Devise in the budget app
* Did a bit of research on why my CSS here on Heroku gets all wonky, but didn't find any new info
Enhancing security via obfuscation was my goal with switching out user IDs for UUID slugs in budget app profile URLs. I relied heavily on this resource to accomplish that. Unfortunately I found that even after swapping out the user id in the URL for UUID slugs it was still possible to navigate to a user's profile by using their user id, so my next modification was redirecting folks if they attempt to access a user's profile by entering the user id in the URL. I realize this was hacky and not very secure, but it was my temporary solution. Next, I read through the Devise source code, but wasn't able to drill down to an understanding of how their authentication works in the time I spent reading through the documentation. This is clearly something I need to do a lot more research on, but in the interim I'm going to implement Devise to make the app more secure and to avoid being too stubborn and spending lots of time on a problem while I could be learning more about other topics. I'm letting myself off the hook because I achieved my original goal not allowing users to enter a user ID in the URL of the budget app to navigate to that user's profile. My solution is extremely rudimentary, but I'll learn more and come back to this in the future.
I also decided that for budget app I'd like to update its name and wording to reflect it more accurately as a savings goal app.
I also made use of the API I implemented for my blog here a while ago and created a post via API, but I spent a good chunk of time figuring out how to format my curl request because my memory didn't serve me on that one. After many, many tries I finally got the right combination and was able to create a post but I much prefer the web app for usability's sake: escaping so many characters is a pain.
Oh, and I saw on Twitter that #AtHomeBootCamp is a fitness tag, so I'm updating the tag I'm using (and therefore the title of my posts) to use #144HoursOfCode instead.
Despite knowing that I have SO MUCH more to learn, I'm still having fun!! 😋🤓 🖥
Here are today's commits: