When we visit a webpage, we are actually sending requests from our browser to the server hosting the application, which we talked about briefly while writing our GET routes for pages and POST routes for submitting forms. However, visiting a page is not the only way to submit requests. There are tools, like Postman, which allow you to send requests to a website.
This is a major security breach. Imagine we didn't want just anyone to submit our color and settings forms, which they usually can't do without visiting the page because they are post requests, and entering a url into the address bar submits a get request. The only way to reach our post routes from the webpage is to submit the forms. Yet, Postman and similar tools permit anyone to send all kinds of requests, meaning they can access our /set-color post route without ever visiting our page or submitting the forms. If we really did care about restricting who can access our routes, we would add measures like user authentication, but we are actually going to exploit this breach. We don't care who sets our color or how they do it, and you get to learn some ninja skills.
If this were an app that I had protection on certain routes for, and still had this seeding-the-database problem, I would write a script on my local computer that connects to my cloud database - using the same url we gave to Heroku as the config variable - and seeds everything I need. Run it once, don't make it public, wipe my hands of it.
Start by visiting https://www.getpostman.com/pricing and downloading the app for the free plan on the left. Install it too, of course.
When you open the app, you will see a screen like below. Configure it to match the picture, paying attention to these changes:
- The request method is POST
- The request url is https://intro-to-iot-lesson.herokuapp.com/set-color
- The Body is in form-data mode, with one key-value pair called color, with whatever color you want to start with. Note that 'color' is the name we gave to the input field of the form. We are essentially prepping the request to send the data it would as though from a form.
Now hit the send button, and wait for a response! You should receive the html for the page in the response body.
It may take a minute if the app has been inactive for more than a half hour because the free plan on Heroku puts apps to "sleep" during inactivity.
Open your mLab account too, and enter the intro-to-iot database. You can see that you have a collection named "settings", with one document in it. If you recall the models we made way back when we started working with mongoose, we named a schema "settings", and referred to it in routes like set-color. That schema has now become a collection, with the document that we edit held within.
Hopefully, all these different names for things and how they work together is starting to make sense! It's a lot of terminology and layers, and the only way to truly understand it is to use it until it starts to make sense.
Unfortunately, the homepage still doesn't work because we also use statistics. Unlike set-color, we do have a seedStats route that we used for convenience when it was local, too. Honestly, it's rather bad form and we should get rid of the route, but let's use it for convenience one last time. Change Postman to submit a GET request to the seedStats route, and observe with joy as the homepage now loads!
Now get rid of the seedStats route (and the seed route for data entries too, while we're at it), and push the new build to Heroku.
You'll find the routes in routes/index.js. Make a git commit, and then
git push heroku master to rebuild.