From 225264d89cf814e7191ff5c090b79210254632e3 Mon Sep 17 00:00:00 2001
From: Aden Krakman <akrakman@gmail.com>
Date: Mon, 5 Dec 2022 22:16:47 -0600
Subject: [PATCH] improve comments in app.py

---
 src/backend/app.py               | 16 ++++++++--------
 src/frontend/src/pages/Login.tsx |  3 +++
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/src/backend/app.py b/src/backend/app.py
index 65626167e..fdb4503cf 100644
--- a/src/backend/app.py
+++ b/src/backend/app.py
@@ -37,7 +37,7 @@
 def googlelogin():
     """Handles google oauth login"""
     google_client = oauth.create_client("google")
-    redirect_uri = url_for("authorize", _external=True)
+    redirect_uri = url_for("authorize", _external=True)  # move to /authorize route
     return google_client.authorize_redirect(redirect_uri)
 
 
@@ -46,13 +46,13 @@ def authorize():
     """Authorization with google"""
     google_client = oauth.create_client("google")
     token = google_client.authorize_access_token()
-    resp = google_client.get("userinfo", token=token)
-    resp.raise_for_status()
-    user_info = resp.json()
-    # Note: you're not supposed to use user google data in session...
+    resp = google_client.get("userinfo", token=token)  # userinfo contains email
+    resp.raise_for_status()  # check status code
+    user_info = resp.json()  # convert to json
+    # query database for username
     page = UserPage(user_info["email"])
     session["username"] = page.get_user(user_info["email"]).username
-    return redirect("http://localhost:3000"), 301
+    return redirect("http://localhost:3000"), 301  # necessary status code
 
 
 @app.route("/login", methods=["GET", "POST"])
@@ -101,7 +101,7 @@ def userpage():
     page = UserPage(name)
     if request.method == "POST":
         json_form = request.get_json(force=True) or {}  # deserialize data
-        # see which field was True and therefore should be changed
+        # see which field is True and should be changed
         is_password = json_form.get("is_password", False)
         is_email = json_form.get("is_email", False)
         is_phone = json_form.get("is_phone", False)
@@ -128,7 +128,7 @@ def userpage():
 @app.route("/logout")
 def logout():
     """Removes session object"""
-    session.pop("username", None)  # remove session object
+    session.pop("username", None)
     return "logout success", 201
 
 
diff --git a/src/frontend/src/pages/Login.tsx b/src/frontend/src/pages/Login.tsx
index c3524739d..2f873d578 100644
--- a/src/frontend/src/pages/Login.tsx
+++ b/src/frontend/src/pages/Login.tsx
@@ -114,6 +114,9 @@ export default function Login() {
             <Typography style={{ marginTop: '10px' }}>
                <Link href="/">Access without logging in</Link>
             </Typography>
+            {/* Moves to the server-side to do the authorization.
+               I'm not sure if it's good practice.
+            */}
             <Link href="http://127.0.0.1:5000/googlelogin">
                <GoogleButton style={{ marginTop: '10px' }} />
             </Link>