├── .babelrc
├── .editorconfig
├── .eslintrc
├── .gitignore
├── .travis.yml
├── DESC.md
├── Makefile
├── README.md
├── example
    ├── README.md
    ├── package.json
    ├── public
    │   ├── index.html
    │   └── manifest.json
    └── src
    │   ├── .tern-port
    │   ├── App.js
    │   ├── TwitchSings_SongList.json
    │   ├── example.js
    │   ├── index.css
    │   └── index.js
├── globals.md
├── header.md
├── modules
    ├── _test_.md
    └── react_oauth2_hook.md
├── package.json
├── rollup.config.js
├── src
    ├── .eslintrc
    ├── doc.tsx
    ├── index.tsx
    ├── react-storage-hook.d.ts
    ├── styles.css
    ├── test.js
    ├── test.ts
    └── typings.d.ts
├── templates
    ├── pkgdoc_templ.jq
    ├── readme.hbs
    └── readme.jq
├── tsconfig.json
├── tsconfig.test.json
└── yarn.lock


/.babelrc:
--------------------------------------------------------------------------------
 1 | {
 2 |   "presets": [
 3 |     ["env", {
 4 |       "modules": false
 5 |     }],
 6 |     "stage-0",
 7 |     "react"
 8 |   ]
 9 | }
10 | 


--------------------------------------------------------------------------------
/.editorconfig:
--------------------------------------------------------------------------------
 1 | root = true
 2 | 
 3 | [*]
 4 | charset = utf-8
 5 | indent_style = space
 6 | indent_size = 2
 7 | end_of_line = lf
 8 | insert_final_newline = true
 9 | trim_trailing_whitespace = true
10 | 


--------------------------------------------------------------------------------
/.eslintrc:
--------------------------------------------------------------------------------
 1 | {
 2 |   "parser": "babel-eslint",
 3 |   "extends": [
 4 |     "standard",
 5 |     "standard-react"
 6 |   ],
 7 |   "env": {
 8 |     "es6": true
 9 |   },
10 |   "plugins": [
11 |     "react"
12 |   ],
13 |   "parserOptions": {
14 |     "sourceType": "module"
15 |   },
16 |   "rules": {
17 |     // don't force es6 functions to include space before paren
18 |     "space-before-function-paren": 0,
19 | 
20 |     // allow specifying true explicitly for boolean props
21 |     "react/jsx-boolean-value": 0
22 |   }
23 | }
24 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | 
 2 | # See https://help.github.com/ignore-files/ for more about ignoring files.
 3 | 
 4 | # dependencies
 5 | node_modules
 6 | 
 7 | # builds
 8 | build
 9 | dist
10 | .rpt2_cache
11 | 
12 | # misc
13 | .DS_Store
14 | .env
15 | .env.local
16 | .env.development.local
17 | .env.test.local
18 | .env.production.local
19 | 
20 | npm-debug.log*
21 | yarn-debug.log*
22 | yarn-error.log*
23 | 


--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
1 | language: node_js
2 | node_js:
3 |   - 9
4 |   - 8
5 | 


--------------------------------------------------------------------------------
/DESC.md:
--------------------------------------------------------------------------------
 1 | ## Overview
 2 | This package provides an entirely client-side flow to get OAuth2 implicit grant tokens.
 3 | It's implemented as a react hook, [[useOAuth2Token]], with a fairly simple API
 4 | and a react component, [[OAuthCallback]] which should be mounted at the
 5 | OAuth callback endpoint.
 6 | 
 7 | Take a look at the [Example](#example) for usage information.
 8 | 
 9 | ## Security Considerations
10 | OAuth 2 is a very sensitive protocol. I've done my best to provide good security
11 | guarantees with this package.
12 | 
13 | I assume that your application follows reasonable best practices like using `X-Frame-Options`
14 | to prevent clickjacking based attacks.
15 | 
16 | ### State
17 | The State token prevents an attacker from forcing a user to sign in as the attacker's
18 | account using a kind of CSRF. Here, I am cautious against multiple types of attacks.
19 | 
20 | My state token is not signed, it's a completely static concatenation of some entropy
21 | generated by webcrypto and a key, composed of `JSON.stringify({ authUrl, clientID, scopes })`.
22 | When the callback is recieved by [[OAuthCallback]], it is compared strictly
23 | to the stored value, and otherwise rejected.
24 | 
25 | This prevents both attacks where an attacker would try to submit a token to the user's
26 | browser without their consent, and attacks where a malicious OAuth server would
27 | (re)use the n-once to authenticate a callback from a different server.
28 | 
29 | ### Timing attacks
30 | 
31 | The state token is *not* compared using a fixed-time string comparison.
32 | Where typically, this would lead to an attacker being able to use a lot of time
33 | and statistics to side-channel out the state token, this
34 | should be irrelevant in this configuration, this should be extremely difficult
35 | to pull off accurately as any timing information would be inaccessible or heavily
36 | diluted.
37 | 
38 | ## Refresh tokens
39 | This library in-and-of-itself does not acquire long lived refresh tokens. Though
40 | some OAuth servers allow implicit clients to acquire refresh tokens without an
41 | OAuth secret, this isn't part of the OAuth standard. Instead, consider
42 | simply triggering the authorize flow when the token expires -- if the user
43 | is still authorized, the window should almost immediately close. Otherwise,
44 | you can use any special APIs that would let you do this, or skip this library
45 | entirely and try PKCE.
46 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | npm = node_modules/
 2 | 
 3 | dist: src $(wildcard src/*) tsconfig.json
 4 | 	yarn run rollup -c
 5 | 
 6 | .INTERMEDIATE: docs
 7 | docs: src/doc.tsx $(wildcard src/*.ts*) $(npm)/typedoc-plugin-markdown
 8 | 	- rm README.md # for some reason it ignores --entrypoint if there's an existing readme...
 9 | 	yarn run typedoc --entryPoint 'react-oauth2-hook' --theme markdown --out docs/
10 | 	cp docs/* .
11 | 	rm -r docs
12 | 
13 | README.md: docs
14 | 	# by default, typedoc makes the header of the module a second-level
15 | 	# header and puts it in a quote. i have no explanation for why
16 | 	# but this does fix it.
17 | 	sed -E -i .backup '1s/^> *#(.*)/\1/' README.md
18 | 	rm $@.backup
19 | 
20 | src/doc.tsx: templates/pkgdoc_templ.jq pkginfo.json
21 | 	jq -r -f $^ > $@
22 | 
23 | .INTERMEDIATE: pkginfo.json
24 | pkginfo.json: example/src/example.js DESC.md
25 | 	jq '[.,                                           \
26 | 		{documentation: $$docs},                    \
27 | 		{example: $$example, examplefile: $$examplefile},       \
28 | 		{requirements: [.peerDependencies | keys][0]  }, \
29 | 		{year: $$year}                                  \
30 | 		] | add' package.json                         \
31 | 		--arg docs "$$(cat DESC.md)"                  \
32 | 		--arg example "$$(cat $<)"  \
33 | 		--arg examplefile "$$(basename $<)" \
34 | 		--arg year "$$(date +%Y)" > $@
35 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | > **[react-oauth2-hook](README.md)**
  2 | 
  3 | [Globals]() / [react-oauth2-hook](README.md) /
  4 | 
  5 | **`requires`** immutable
  6 | 
  7 | **`requires`** prop-types
  8 | 
  9 | **`requires`** react
 10 | 
 11 | **`requires`** react-dom
 12 | 
 13 | **`requires`** react-storage-hook
 14 | 
 15 | **`summary`** Retrieve OAuth2 implicit grant tokens purely on the client without destroying application state.
 16 | 
 17 | **`version`** 1.0.11
 18 | 
 19 | **`author`** zemnmez
 20 | 
 21 | **`copyright`** zemnmez 2019
 22 | 
 23 | **`license`** MIT
 24 | ## Installation
 25 | 
 26 | ```bash
 27 | yarn add react-oauth2-hook
 28 | ```
 29 | ## Overview
 30 | This package provides an entirely client-side flow to get OAuth2 implicit grant tokens.
 31 | It's implemented as a react hook, [useOAuth2Token](README.md#const-useoauth2token), with a fairly simple API
 32 | and a react component, [OAuthCallback](README.md#const-oauthcallback) which should be mounted at the
 33 | OAuth callback endpoint.
 34 | 
 35 | Take a look at the [Example](#example) for usage information.
 36 | 
 37 | ## Security Considerations
 38 | OAuth 2 is a very sensitive protocol. I've done my best to provide good security
 39 | guarantees with this package.
 40 | 
 41 | I assume that your application follows reasonable best practices like using `X-Frame-Options`
 42 | to prevent clickjacking based attacks.
 43 | 
 44 | ### State
 45 | The State token prevents an attacker from forcing a user to sign in as the attacker's
 46 | account using a kind of CSRF. Here, I am cautious against multiple types of attacks.
 47 | 
 48 | My state token is not signed, it's a completely static concatenation of some entropy
 49 | generated by webcrypto and a key, composed of `JSON.stringify({ authUrl, clientID, scopes })`.
 50 | When the callback is recieved by [OAuthCallback](README.md#const-oauthcallback), it is compared strictly
 51 | to the stored value, and otherwise rejected.
 52 | 
 53 | This prevents both attacks where an attacker would try to submit a token to the user's
 54 | browser without their consent, and attacks where a malicious OAuth server would
 55 | (re)use the n-once to authenticate a callback from a different server.
 56 | 
 57 | ### Timing attacks
 58 | 
 59 | The state token is *not* compared using a fixed-time string comparison.
 60 | Where typically, this would lead to an attacker being able to use a lot of time
 61 | and statistics to side-channel out the state token, this
 62 | should be irrelevant in this configuration, this should be extremely difficult
 63 | to pull off accurately as any timing information would be inaccessible or heavily
 64 | diluted.
 65 | 
 66 | ## Refresh tokens
 67 | This library in-and-of-itself does not acquire long lived refresh tokens. Though
 68 | some OAuth servers allow implicit clients to acquire refresh tokens without an
 69 | OAuth secret, this isn't part of the OAuth standard. Instead, consider
 70 | simply triggering the authorize flow when the token expires -- if the user
 71 | is still authorized, the window should almost immediately close. Otherwise,
 72 | you can use any special APIs that would let you do this, or skip this library
 73 | entirely and try PKCE.
 74 | ## Example
 75 | 
 76 | **`example`** 
 77 | 
 78 | ```javascript
 79 | import React from 'react'
 80 | import { BrowserRouter as Router, Switch } from 'react-router-dom'
 81 | import { useOAuth2Token, OAuthCallback } from 'react-oauth2-hook'
 82 | 
 83 | // in this example, we get a Spotify OAuth
 84 | // token and use it to show a user's saved
 85 | // tracks.
 86 | 
 87 | export default () => <Router>
 88 |   <Switch>
 89 |     <Route path="/callback" component={OAuthCallback}/>
 90 |     <Route component={SavedTracks}/>
 91 |   </Switch>
 92 | </Router>
 93 | 
 94 | const SavedTracks = () => {
 95 |   const [token, getToken] = useOAuth2Token({
 96 |     authorizeUrl: "https://accounts.spotify.com/authorize",
 97 |     scope: ["user-library-read"],
 98 |     clientID: "bd9844d654f242f782509461bdba068c",
 99 |     redirectUri: document.location.href+"/callback"
100 |   })
101 | 
102 |   const [tracks, setTracks] = React.useState();
103 |   const [error, setError] = React.useState();
104 | 
105 |   // query spotify when we get a token
106 |   React.useEffect(() => {
107 |     fetch(
108 |       'https://api.spotify.com/v1/me/tracks?limit=50'
109 |     ).then(response => response.json()).then(
110 |       data => setTracks(data)
111 |     ).catch(error => setError(error))
112 |   }, [token])
113 | 
114 |   return <div>
115 |     {error && `Error occurred: ${error}`}
116 |     {(!token || !savedTracks) && <div
117 |       onClick={getToken}>
118 |         login with Spotify
119 |     </div>}
120 |     {savedTracks && `
121 |       Your Saved Tracks: ${JSON.stringify(savedTracks)}
122 |     `}
123 |   </div>
124 | }
125 | ```
126 | 
127 | ### Index
128 | 
129 | #### Type aliases
130 | 
131 | * [OAuthToken](README.md#oauthtoken)
132 | * [getToken](README.md#gettoken)
133 | * [setToken](README.md#settoken)
134 | 
135 | #### Variables
136 | 
137 | * [ErrIncorrectStateToken](README.md#const-errincorrectstatetoken)
138 | * [ErrNoAccessToken](README.md#const-errnoaccesstoken)
139 | 
140 | #### Functions
141 | 
142 | * [OAuthCallback](README.md#const-oauthcallback)
143 | * [useOAuth2Token](README.md#const-useoauth2token)
144 | 
145 | ## Type aliases
146 | 
147 | ###  OAuthToken
148 | 
149 | Ƭ **OAuthToken**: *string*
150 | 
151 | *Defined in [index.tsx:157](https://github.com/Zemnmez/react-oauth2-hook/blob/e142d9b/src/index.tsx#L157)*
152 | 
153 | OAuthToken represents an OAuth2 implicit grant token.
154 | 
155 | ___
156 | 
157 | ###  getToken
158 | 
159 | Ƭ **getToken**: *function*
160 | 
161 | *Defined in [index.tsx:163](https://github.com/Zemnmez/react-oauth2-hook/blob/e142d9b/src/index.tsx#L163)*
162 | 
163 | getToken is returned by [useOAuth2Token](README.md#const-useoauth2token).
164 | When called, it prompts the user to authorize.
165 | 
166 | #### Type declaration:
167 | 
168 | ▸ (): *void*
169 | 
170 | ___
171 | 
172 | ###  setToken
173 | 
174 | Ƭ **setToken**: *function*
175 | 
176 | *Defined in [index.tsx:171](https://github.com/Zemnmez/react-oauth2-hook/blob/e142d9b/src/index.tsx#L171)*
177 | 
178 | setToken is returned by [useOAuth2Token](README.md#const-useoauth2token).
179 | When called, it overwrites any stored OAuth token.
180 | `setToken(undefined)` can be used to synchronously
181 | invalidate all instances of this OAuth token.
182 | 
183 | #### Type declaration:
184 | 
185 | ▸ (`newValue`: *[OAuthToken](README.md#oauthtoken) | undefined*): *void*
186 | 
187 | **Parameters:**
188 | 
189 | Name | Type |
190 | ------ | ------ |
191 | `newValue` | [OAuthToken](README.md#oauthtoken) \| undefined |
192 | 
193 | ## Variables
194 | 
195 | ### `Const` ErrIncorrectStateToken
196 | 
197 | • **ErrIncorrectStateToken**: *`Error`* =  new Error('incorrect state token')
198 | 
199 | *Defined in [index.tsx:210](https://github.com/Zemnmez/react-oauth2-hook/blob/e142d9b/src/index.tsx#L210)*
200 | 
201 | This error is thrown by the [OAuthCallback](README.md#const-oauthcallback)
202 | when the state token recieved is incorrect or does not exist.
203 | 
204 | ___
205 | 
206 | ### `Const` ErrNoAccessToken
207 | 
208 | • **ErrNoAccessToken**: *`Error`* =  new Error('no access_token')
209 | 
210 | *Defined in [index.tsx:216](https://github.com/Zemnmez/react-oauth2-hook/blob/e142d9b/src/index.tsx#L216)*
211 | 
212 | This error is thrown by the [OAuthCallback](README.md#const-oauthcallback)
213 | if no access_token is recieved.
214 | 
215 | ## Functions
216 | 
217 | ### `Const` OAuthCallback
218 | 
219 | ▸ **OAuthCallback**(`__namedParameters`: *object*): *`Element`*
220 | 
221 | *Defined in [index.tsx:274](https://github.com/Zemnmez/react-oauth2-hook/blob/e142d9b/src/index.tsx#L274)*
222 | 
223 | OAuthCallback is a React component that handles the callback
224 | step of the OAuth2 protocol.
225 | 
226 | OAuth2Callback is expected to be rendered on the url corresponding
227 | to your redirect_uri.
228 | 
229 | By default, this component will deal with errors by closing the window,
230 | via its own React error boundary. Pass `{ errorBoundary: false }`
231 | to handle this functionality yourself.
232 | 
233 | **Parameters:**
234 | 
235 | ▪ **__namedParameters**: *object*
236 | 
237 | Name | Type | Default | Description |
238 | ------ | ------ | ------ | ------ |
239 | `errorBoundary` | boolean | true | When set to true, errors are thrown instead of just closing the window. |
240 | 
241 | **Returns:** *`Element`*
242 | 
243 | ___
244 | 
245 | ### `Const` useOAuth2Token
246 | 
247 | ▸ **useOAuth2Token**(`__namedParameters`: *object*): *[[OAuthToken](README.md#oauthtoken) | undefined, [getToken](README.md#gettoken), [setToken](README.md#settoken)]*
248 | 
249 | *Defined in [index.tsx:95](https://github.com/Zemnmez/react-oauth2-hook/blob/e142d9b/src/index.tsx#L95)*
250 | 
251 | useOAuth2Token is a React hook providing an OAuth2 implicit grant token.
252 | 
253 | When useToken is called, it will attempt to retrieve an existing
254 | token by the criteria of `{ authorizeUrl, scopes, clientID }`.
255 | If a token by these specifications does not exist, the first
256 | item in the returned array will be `undefined`.
257 | 
258 | If the user wishes to retrieve a new token, they can call `getToken()`,
259 | a function returned by the second parameter. When called, the function
260 | will open a window for the user to confirm the OAuth grant, and
261 | pass it back as expected via the hook.
262 | 
263 | The OAuth token must be passed to a static endpoint. As
264 | such, the `callbackUrl` must be passed with this endpoint.
265 | The `callbackUrl` should render the [OAuthCallback](README.md#const-oauthcallback) component,
266 | which will securely verify the token and pass it back,
267 | before closing the window.
268 | 
269 | All instances of this hook requesting the same token and scopes
270 | from the same place are synchronised. In concrete terms,
271 | if you have many components waiting for a Facebook OAuth token
272 | to make a call, they will all immediately update when any component
273 | gets a token.
274 | 
275 | Finally, in advanced cases the user can manually overwrite any
276 | stored token by capturing and calling the third item in
277 | the reponse array with the new value.
278 | 
279 | **Parameters:**
280 | 
281 | ▪ **__namedParameters**: *object*
282 | 
283 | Name | Type | Default | Description |
284 | ------ | ------ | ------ | ------ |
285 | `authorizeUrl` | string | - | The OAuth authorize URL to retrieve the token from. |
286 | `clientID` | string | - | The OAuth `client_id` corresponding to the requesting client. |
287 | `redirectUri` | string | - | The OAuth `redirect_uri` callback. |
288 | `scope` | string[] |  [] | The OAuth scopes to request. |
289 | 
290 | **Returns:** *[[OAuthToken](README.md#oauthtoken) | undefined, [getToken](README.md#gettoken), [setToken](README.md#settoken)]*
291 | 


--------------------------------------------------------------------------------
/example/README.md:
--------------------------------------------------------------------------------
   1 | This project was bootstrapped with [Create React App](https://github.com/facebookincubator/create-react-app).
   2 | 
   3 | Below you will find some information on how to perform common tasks.<br>
   4 | You can find the most recent version of this guide [here](https://github.com/facebookincubator/create-react-app/blob/master/packages/react-scripts/template/README.md).
   5 | 
   6 | ## Table of Contents
   7 | 
   8 | - [Updating to New Releases](#updating-to-new-releases)
   9 | - [Sending Feedback](#sending-feedback)
  10 | - [Folder Structure](#folder-structure)
  11 | - [Available Scripts](#available-scripts)
  12 |   - [npm start](#npm-start)
  13 |   - [npm test](#npm-test)
  14 |   - [npm run build](#npm-run-build)
  15 |   - [npm run eject](#npm-run-eject)
  16 | - [Supported Language Features and Polyfills](#supported-language-features-and-polyfills)
  17 | - [Syntax Highlighting in the Editor](#syntax-highlighting-in-the-editor)
  18 | - [Displaying Lint Output in the Editor](#displaying-lint-output-in-the-editor)
  19 | - [Debugging in the Editor](#debugging-in-the-editor)
  20 | - [Formatting Code Automatically](#formatting-code-automatically)
  21 | - [Changing the Page `<title>`](#changing-the-page-title)
  22 | - [Installing a Dependency](#installing-a-dependency)
  23 | - [Importing a Component](#importing-a-component)
  24 | - [Code Splitting](#code-splitting)
  25 | - [Adding a Stylesheet](#adding-a-stylesheet)
  26 | - [Post-Processing CSS](#post-processing-css)
  27 | - [Adding a CSS Preprocessor (Sass, Less etc.)](#adding-a-css-preprocessor-sass-less-etc)
  28 | - [Adding Images, Fonts, and Files](#adding-images-fonts-and-files)
  29 | - [Using the `public` Folder](#using-the-public-folder)
  30 |   - [Changing the HTML](#changing-the-html)
  31 |   - [Adding Assets Outside of the Module System](#adding-assets-outside-of-the-module-system)
  32 |   - [When to Use the `public` Folder](#when-to-use-the-public-folder)
  33 | - [Using Global Variables](#using-global-variables)
  34 | - [Adding Bootstrap](#adding-bootstrap)
  35 |   - [Using a Custom Theme](#using-a-custom-theme)
  36 | - [Adding Flow](#adding-flow)
  37 | - [Adding Custom Environment Variables](#adding-custom-environment-variables)
  38 |   - [Referencing Environment Variables in the HTML](#referencing-environment-variables-in-the-html)
  39 |   - [Adding Temporary Environment Variables In Your Shell](#adding-temporary-environment-variables-in-your-shell)
  40 |   - [Adding Development Environment Variables In `.env`](#adding-development-environment-variables-in-env)
  41 | - [Can I Use Decorators?](#can-i-use-decorators)
  42 | - [Integrating with an API Backend](#integrating-with-an-api-backend)
  43 |   - [Node](#node)
  44 |   - [Ruby on Rails](#ruby-on-rails)
  45 | - [Proxying API Requests in Development](#proxying-api-requests-in-development)
  46 |   - ["Invalid Host Header" Errors After Configuring Proxy](#invalid-host-header-errors-after-configuring-proxy)
  47 |   - [Configuring the Proxy Manually](#configuring-the-proxy-manually)
  48 |   - [Configuring a WebSocket Proxy](#configuring-a-websocket-proxy)
  49 | - [Using HTTPS in Development](#using-https-in-development)
  50 | - [Generating Dynamic `<meta>` Tags on the Server](#generating-dynamic-meta-tags-on-the-server)
  51 | - [Pre-Rendering into Static HTML Files](#pre-rendering-into-static-html-files)
  52 | - [Injecting Data from the Server into the Page](#injecting-data-from-the-server-into-the-page)
  53 | - [Running Tests](#running-tests)
  54 |   - [Filename Conventions](#filename-conventions)
  55 |   - [Command Line Interface](#command-line-interface)
  56 |   - [Version Control Integration](#version-control-integration)
  57 |   - [Writing Tests](#writing-tests)
  58 |   - [Testing Components](#testing-components)
  59 |   - [Using Third Party Assertion Libraries](#using-third-party-assertion-libraries)
  60 |   - [Initializing Test Environment](#initializing-test-environment)
  61 |   - [Focusing and Excluding Tests](#focusing-and-excluding-tests)
  62 |   - [Coverage Reporting](#coverage-reporting)
  63 |   - [Continuous Integration](#continuous-integration)
  64 |   - [Disabling jsdom](#disabling-jsdom)
  65 |   - [Snapshot Testing](#snapshot-testing)
  66 |   - [Editor Integration](#editor-integration)
  67 | - [Developing Components in Isolation](#developing-components-in-isolation)
  68 |   - [Getting Started with Storybook](#getting-started-with-storybook)
  69 |   - [Getting Started with Styleguidist](#getting-started-with-styleguidist)
  70 | - [Making a Progressive Web App](#making-a-progressive-web-app)
  71 |   - [Opting Out of Caching](#opting-out-of-caching)
  72 |   - [Offline-First Considerations](#offline-first-considerations)
  73 |   - [Progressive Web App Metadata](#progressive-web-app-metadata)
  74 | - [Analyzing the Bundle Size](#analyzing-the-bundle-size)
  75 | - [Deployment](#deployment)
  76 |   - [Static Server](#static-server)
  77 |   - [Other Solutions](#other-solutions)
  78 |   - [Serving Apps with Client-Side Routing](#serving-apps-with-client-side-routing)
  79 |   - [Building for Relative Paths](#building-for-relative-paths)
  80 |   - [Azure](#azure)
  81 |   - [Firebase](#firebase)
  82 |   - [GitHub Pages](#github-pages)
  83 |   - [Heroku](#heroku)
  84 |   - [Netlify](#netlify)
  85 |   - [Now](#now)
  86 |   - [S3 and CloudFront](#s3-and-cloudfront)
  87 |   - [Surge](#surge)
  88 | - [Advanced Configuration](#advanced-configuration)
  89 | - [Troubleshooting](#troubleshooting)
  90 |   - [`npm start` doesn’t detect changes](#npm-start-doesnt-detect-changes)
  91 |   - [`npm test` hangs on macOS Sierra](#npm-test-hangs-on-macos-sierra)
  92 |   - [`npm run build` exits too early](#npm-run-build-exits-too-early)
  93 |   - [`npm run build` fails on Heroku](#npm-run-build-fails-on-heroku)
  94 |   - [`npm run build` fails to minify](#npm-run-build-fails-to-minify)
  95 |   - [Moment.js locales are missing](#momentjs-locales-are-missing)
  96 | - [Something Missing?](#something-missing)
  97 | 
  98 | ## Updating to New Releases
  99 | 
 100 | Create React App is divided into two packages:
 101 | 
 102 | * `create-react-app` is a global command-line utility that you use to create new projects.
 103 | * `react-scripts` is a development dependency in the generated projects (including this one).
 104 | 
 105 | You almost never need to update `create-react-app` itself: it delegates all the setup to `react-scripts`.
 106 | 
 107 | When you run `create-react-app`, it always creates the project with the latest version of `react-scripts` so you’ll get all the new features and improvements in newly created apps automatically.
 108 | 
 109 | To update an existing project to a new version of `react-scripts`, [open the changelog](https://github.com/facebookincubator/create-react-app/blob/master/CHANGELOG.md), find the version you’re currently on (check `package.json` in this folder if you’re not sure), and apply the migration instructions for the newer versions.
 110 | 
 111 | In most cases bumping the `react-scripts` version in `package.json` and running `npm install` in this folder should be enough, but it’s good to consult the [changelog](https://github.com/facebookincubator/create-react-app/blob/master/CHANGELOG.md) for potential breaking changes.
 112 | 
 113 | We commit to keeping the breaking changes minimal so you can upgrade `react-scripts` painlessly.
 114 | 
 115 | ## Sending Feedback
 116 | 
 117 | We are always open to [your feedback](https://github.com/facebookincubator/create-react-app/issues).
 118 | 
 119 | ## Folder Structure
 120 | 
 121 | After creation, your project should look like this:
 122 | 
 123 | ```
 124 | my-app/
 125 |   README.md
 126 |   node_modules/
 127 |   package.json
 128 |   public/
 129 |     index.html
 130 |     favicon.ico
 131 |   src/
 132 |     App.css
 133 |     App.js
 134 |     App.test.js
 135 |     index.css
 136 |     index.js
 137 |     logo.svg
 138 | ```
 139 | 
 140 | For the project to build, **these files must exist with exact filenames**:
 141 | 
 142 | * `public/index.html` is the page template;
 143 | * `src/index.js` is the JavaScript entry point.
 144 | 
 145 | You can delete or rename the other files.
 146 | 
 147 | You may create subdirectories inside `src`. For faster rebuilds, only files inside `src` are processed by Webpack.<br>
 148 | You need to **put any JS and CSS files inside `src`**, otherwise Webpack won’t see them.
 149 | 
 150 | Only files inside `public` can be used from `public/index.html`.<br>
 151 | Read instructions below for using assets from JavaScript and HTML.
 152 | 
 153 | You can, however, create more top-level directories.<br>
 154 | They will not be included in the production build so you can use them for things like documentation.
 155 | 
 156 | ## Available Scripts
 157 | 
 158 | In the project directory, you can run:
 159 | 
 160 | ### `npm start`
 161 | 
 162 | Runs the app in the development mode.<br>
 163 | Open [http://localhost:3000](http://localhost:3000) to view it in the browser.
 164 | 
 165 | The page will reload if you make edits.<br>
 166 | You will also see any lint errors in the console.
 167 | 
 168 | ### `npm test`
 169 | 
 170 | Launches the test runner in the interactive watch mode.<br>
 171 | See the section about [running tests](#running-tests) for more information.
 172 | 
 173 | ### `npm run build`
 174 | 
 175 | Builds the app for production to the `build` folder.<br>
 176 | It correctly bundles React in production mode and optimizes the build for the best performance.
 177 | 
 178 | The build is minified and the filenames include the hashes.<br>
 179 | Your app is ready to be deployed!
 180 | 
 181 | See the section about [deployment](#deployment) for more information.
 182 | 
 183 | ### `npm run eject`
 184 | 
 185 | **Note: this is a one-way operation. Once you `eject`, you can’t go back!**
 186 | 
 187 | If you aren’t satisfied with the build tool and configuration choices, you can `eject` at any time. This command will remove the single build dependency from your project.
 188 | 
 189 | Instead, it will copy all the configuration files and the transitive dependencies (Webpack, Babel, ESLint, etc) right into your project so you have full control over them. All of the commands except `eject` will still work, but they will point to the copied scripts so you can tweak them. At this point you’re on your own.
 190 | 
 191 | You don’t have to ever use `eject`. The curated feature set is suitable for small and middle deployments, and you shouldn’t feel obligated to use this feature. However we understand that this tool wouldn’t be useful if you couldn’t customize it when you are ready for it.
 192 | 
 193 | ## Supported Language Features and Polyfills
 194 | 
 195 | This project supports a superset of the latest JavaScript standard.<br>
 196 | In addition to [ES6](https://github.com/lukehoban/es6features) syntax features, it also supports:
 197 | 
 198 | * [Exponentiation Operator](https://github.com/rwaldron/exponentiation-operator) (ES2016).
 199 | * [Async/await](https://github.com/tc39/ecmascript-asyncawait) (ES2017).
 200 | * [Object Rest/Spread Properties](https://github.com/sebmarkbage/ecmascript-rest-spread) (stage 3 proposal).
 201 | * [Dynamic import()](https://github.com/tc39/proposal-dynamic-import) (stage 3 proposal)
 202 | * [Class Fields and Static Properties](https://github.com/tc39/proposal-class-public-fields) (stage 2 proposal).
 203 | * [JSX](https://facebook.github.io/react/docs/introducing-jsx.html) and [Flow](https://flowtype.org/) syntax.
 204 | 
 205 | Learn more about [different proposal stages](https://babeljs.io/docs/plugins/#presets-stage-x-experimental-presets-).
 206 | 
 207 | While we recommend to use experimental proposals with some caution, Facebook heavily uses these features in the product code, so we intend to provide [codemods](https://medium.com/@cpojer/effective-javascript-codemods-5a6686bb46fb) if any of these proposals change in the future.
 208 | 
 209 | Note that **the project only includes a few ES6 [polyfills](https://en.wikipedia.org/wiki/Polyfill)**:
 210 | 
 211 | * [`Object.assign()`](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/Object/assign) via [`object-assign`](https://github.com/sindresorhus/object-assign).
 212 | * [`Promise`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise) via [`promise`](https://github.com/then/promise).
 213 | * [`fetch()`](https://developer.mozilla.org/en/docs/Web/API/Fetch_API) via [`whatwg-fetch`](https://github.com/github/fetch).
 214 | 
 215 | If you use any other ES6+ features that need **runtime support** (such as `Array.from()` or `Symbol`), make sure you are including the appropriate polyfills manually, or that the browsers you are targeting already support them.
 216 | 
 217 | ## Syntax Highlighting in the Editor
 218 | 
 219 | To configure the syntax highlighting in your favorite text editor, head to the [relevant Babel documentation page](https://babeljs.io/docs/editors) and follow the instructions. Some of the most popular editors are covered.
 220 | 
 221 | ## Displaying Lint Output in the Editor
 222 | 
 223 | >Note: this feature is available with `react-scripts@0.2.0` and higher.<br>
 224 | >It also only works with npm 3 or higher.
 225 | 
 226 | Some editors, including Sublime Text, Atom, and Visual Studio Code, provide plugins for ESLint.
 227 | 
 228 | They are not required for linting. You should see the linter output right in your terminal as well as the browser console. However, if you prefer the lint results to appear right in your editor, there are some extra steps you can do.
 229 | 
 230 | You would need to install an ESLint plugin for your editor first. Then, add a file called `.eslintrc` to the project root:
 231 | 
 232 | ```js
 233 | {
 234 |   "extends": "react-app"
 235 | }
 236 | ```
 237 | 
 238 | Now your editor should report the linting warnings.
 239 | 
 240 | Note that even if you edit your `.eslintrc` file further, these changes will **only affect the editor integration**. They won’t affect the terminal and in-browser lint output. This is because Create React App intentionally provides a minimal set of rules that find common mistakes.
 241 | 
 242 | If you want to enforce a coding style for your project, consider using [Prettier](https://github.com/jlongster/prettier) instead of ESLint style rules.
 243 | 
 244 | ## Debugging in the Editor
 245 | 
 246 | **This feature is currently only supported by [Visual Studio Code](https://code.visualstudio.com) and [WebStorm](https://www.jetbrains.com/webstorm/).**
 247 | 
 248 | Visual Studio Code and WebStorm support debugging out of the box with Create React App. This enables you as a developer to write and debug your React code without leaving the editor, and most importantly it enables you to have a continuous development workflow, where context switching is minimal, as you don’t have to switch between tools.
 249 | 
 250 | ### Visual Studio Code
 251 | 
 252 | You would need to have the latest version of [VS Code](https://code.visualstudio.com) and VS Code [Chrome Debugger Extension](https://marketplace.visualstudio.com/items?itemName=msjsdiag.debugger-for-chrome) installed.
 253 | 
 254 | Then add the block below to your `launch.json` file and put it inside the `.vscode` folder in your app’s root directory.
 255 | 
 256 | ```json
 257 | {
 258 |   "version": "0.2.0",
 259 |   "configurations": [{
 260 |     "name": "Chrome",
 261 |     "type": "chrome",
 262 |     "request": "launch",
 263 |     "url": "http://localhost:3000",
 264 |     "webRoot": "${workspaceRoot}/src",
 265 |     "userDataDir": "${workspaceRoot}/.vscode/chrome",
 266 |     "sourceMapPathOverrides": {
 267 |       "webpack:///src/*": "${webRoot}/*"
 268 |     }
 269 |   }]
 270 | }
 271 | ```
 272 | >Note: the URL may be different if you've made adjustments via the [HOST or PORT environment variables](#advanced-configuration).
 273 | 
 274 | Start your app by running `npm start`, and start debugging in VS Code by pressing `F5` or by clicking the green debug icon. You can now write code, set breakpoints, make changes to the code, and debug your newly modified code—all from your editor.
 275 | 
 276 | ### WebStorm
 277 | 
 278 | You would need to have [WebStorm](https://www.jetbrains.com/webstorm/) and [JetBrains IDE Support](https://chrome.google.com/webstore/detail/jetbrains-ide-support/hmhgeddbohgjknpmjagkdomcpobmllji) Chrome extension installed.
 279 | 
 280 | In the WebStorm menu `Run` select `Edit Configurations...`. Then click `+` and select `JavaScript Debug`. Paste `http://localhost:3000` into the URL field and save the configuration.
 281 | 
 282 | >Note: the URL may be different if you've made adjustments via the [HOST or PORT environment variables](#advanced-configuration).
 283 | 
 284 | Start your app by running `npm start`, then press `^D` on macOS or `F9` on Windows and Linux or click the green debug icon to start debugging in WebStorm.
 285 | 
 286 | The same way you can debug your application in IntelliJ IDEA Ultimate, PhpStorm, PyCharm Pro, and RubyMine. 
 287 | 
 288 | ## Formatting Code Automatically
 289 | 
 290 | Prettier is an opinionated code formatter with support for JavaScript, CSS and JSON. With Prettier you can format the code you write automatically to ensure a code style within your project. See the [Prettier's GitHub page](https://github.com/prettier/prettier) for more information, and look at this [page to see it in action](https://prettier.github.io/prettier/).
 291 | 
 292 | To format our code whenever we make a commit in git, we need to install the following dependencies:
 293 | 
 294 | ```sh
 295 | npm install --save husky lint-staged prettier
 296 | ```
 297 | 
 298 | Alternatively you may use `yarn`:
 299 | 
 300 | ```sh
 301 | yarn add husky lint-staged prettier
 302 | ```
 303 | 
 304 | * `husky` makes it easy to use githooks as if they are npm scripts.
 305 | * `lint-staged` allows us to run scripts on staged files in git. See this [blog post about lint-staged to learn more about it](https://medium.com/@okonetchnikov/make-linting-great-again-f3890e1ad6b8).
 306 | * `prettier` is the JavaScript formatter we will run before commits.
 307 | 
 308 | Now we can make sure every file is formatted correctly by adding a few lines to the `package.json` in the project root.
 309 | 
 310 | Add the following line to `scripts` section:
 311 | 
 312 | ```diff
 313 |   "scripts": {
 314 | +   "precommit": "lint-staged",
 315 |     "start": "react-scripts start",
 316 |     "build": "react-scripts build",
 317 | ```
 318 | 
 319 | Next we add a 'lint-staged' field to the `package.json`, for example:
 320 | 
 321 | ```diff
 322 |   "dependencies": {
 323 |     // ...
 324 |   },
 325 | + "lint-staged": {
 326 | +   "src/**/*.{js,jsx,json,css}": [
 327 | +     "prettier --single-quote --write",
 328 | +     "git add"
 329 | +   ]
 330 | + },
 331 |   "scripts": {
 332 | ```
 333 | 
 334 | Now, whenever you make a commit, Prettier will format the changed files automatically. You can also run `./node_modules/.bin/prettier --single-quote --write "src/**/*.{js,jsx}"` to format your entire project for the first time.
 335 | 
 336 | Next you might want to integrate Prettier in your favorite editor. Read the section on [Editor Integration](https://github.com/prettier/prettier#editor-integration) on the Prettier GitHub page.
 337 | 
 338 | ## Changing the Page `<title>`
 339 | 
 340 | You can find the source HTML file in the `public` folder of the generated project. You may edit the `<title>` tag in it to change the title from “React App” to anything else.
 341 | 
 342 | Note that normally you wouldn’t edit files in the `public` folder very often. For example, [adding a stylesheet](#adding-a-stylesheet) is done without touching the HTML.
 343 | 
 344 | If you need to dynamically update the page title based on the content, you can use the browser [`document.title`](https://developer.mozilla.org/en-US/docs/Web/API/Document/title) API. For more complex scenarios when you want to change the title from React components, you can use [React Helmet](https://github.com/nfl/react-helmet), a third party library.
 345 | 
 346 | If you use a custom server for your app in production and want to modify the title before it gets sent to the browser, you can follow advice in [this section](#generating-dynamic-meta-tags-on-the-server). Alternatively, you can pre-build each page as a static HTML file which then loads the JavaScript bundle, which is covered [here](#pre-rendering-into-static-html-files).
 347 | 
 348 | ## Installing a Dependency
 349 | 
 350 | The generated project includes React and ReactDOM as dependencies. It also includes a set of scripts used by Create React App as a development dependency. You may install other dependencies (for example, React Router) with `npm`:
 351 | 
 352 | ```sh
 353 | npm install --save react-router
 354 | ```
 355 | 
 356 | Alternatively you may use `yarn`:
 357 | 
 358 | ```sh
 359 | yarn add react-router
 360 | ```
 361 | 
 362 | This works for any library, not just `react-router`.
 363 | 
 364 | ## Importing a Component
 365 | 
 366 | This project setup supports ES6 modules thanks to Babel.<br>
 367 | While you can still use `require()` and `module.exports`, we encourage you to use [`import` and `export`](http://exploringjs.com/es6/ch_modules.html) instead.
 368 | 
 369 | For example:
 370 | 
 371 | ### `Button.js`
 372 | 
 373 | ```js
 374 | import React, { Component } from 'react';
 375 | 
 376 | class Button extends Component {
 377 |   render() {
 378 |     // ...
 379 |   }
 380 | }
 381 | 
 382 | export default Button; // Don’t forget to use export default!
 383 | ```
 384 | 
 385 | ### `DangerButton.js`
 386 | 
 387 | 
 388 | ```js
 389 | import React, { Component } from 'react';
 390 | import Button from './Button'; // Import a component from another file
 391 | 
 392 | class DangerButton extends Component {
 393 |   render() {
 394 |     return <Button color="red" />;
 395 |   }
 396 | }
 397 | 
 398 | export default DangerButton;
 399 | ```
 400 | 
 401 | Be aware of the [difference between default and named exports](http://stackoverflow.com/questions/36795819/react-native-es-6-when-should-i-use-curly-braces-for-import/36796281#36796281). It is a common source of mistakes.
 402 | 
 403 | We suggest that you stick to using default imports and exports when a module only exports a single thing (for example, a component). That’s what you get when you use `export default Button` and `import Button from './Button'`.
 404 | 
 405 | Named exports are useful for utility modules that export several functions. A module may have at most one default export and as many named exports as you like.
 406 | 
 407 | Learn more about ES6 modules:
 408 | 
 409 | * [When to use the curly braces?](http://stackoverflow.com/questions/36795819/react-native-es-6-when-should-i-use-curly-braces-for-import/36796281#36796281)
 410 | * [Exploring ES6: Modules](http://exploringjs.com/es6/ch_modules.html)
 411 | * [Understanding ES6: Modules](https://leanpub.com/understandinges6/read#leanpub-auto-encapsulating-code-with-modules)
 412 | 
 413 | ## Code Splitting
 414 | 
 415 | Instead of downloading the entire app before users can use it, code splitting allows you to split your code into small chunks which you can then load on demand.
 416 | 
 417 | This project setup supports code splitting via [dynamic `import()`](http://2ality.com/2017/01/import-operator.html#loading-code-on-demand). Its [proposal](https://github.com/tc39/proposal-dynamic-import) is in stage 3. The `import()` function-like form takes the module name as an argument and returns a [`Promise`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise) which always resolves to the namespace object of the module.
 418 | 
 419 | Here is an example:
 420 | 
 421 | ### `moduleA.js`
 422 | 
 423 | ```js
 424 | const moduleA = 'Hello';
 425 | 
 426 | export { moduleA };
 427 | ```
 428 | ### `App.js`
 429 | 
 430 | ```js
 431 | import React, { Component } from 'react';
 432 | 
 433 | class App extends Component {
 434 |   handleClick = () => {
 435 |     import('./moduleA')
 436 |       .then(({ moduleA }) => {
 437 |         // Use moduleA
 438 |       })
 439 |       .catch(err => {
 440 |         // Handle failure
 441 |       });
 442 |   };
 443 | 
 444 |   render() {
 445 |     return (
 446 |       <div>
 447 |         <button onClick={this.handleClick}>Load</button>
 448 |       </div>
 449 |     );
 450 |   }
 451 | }
 452 | 
 453 | export default App;
 454 | ```
 455 | 
 456 | This will make `moduleA.js` and all its unique dependencies as a separate chunk that only loads after the user clicks the 'Load' button.
 457 | 
 458 | You can also use it with `async` / `await` syntax if you prefer it.
 459 | 
 460 | ### With React Router
 461 | 
 462 | If you are using React Router check out [this tutorial](http://serverless-stack.com/chapters/code-splitting-in-create-react-app.html) on how to use code splitting with it. You can find the companion GitHub repository [here](https://github.com/AnomalyInnovations/serverless-stack-demo-client/tree/code-splitting-in-create-react-app).
 463 | 
 464 | ## Adding a Stylesheet
 465 | 
 466 | This project setup uses [Webpack](https://webpack.js.org/) for handling all assets. Webpack offers a custom way of “extending” the concept of `import` beyond JavaScript. To express that a JavaScript file depends on a CSS file, you need to **import the CSS from the JavaScript file**:
 467 | 
 468 | ### `Button.css`
 469 | 
 470 | ```css
 471 | .Button {
 472 |   padding: 20px;
 473 | }
 474 | ```
 475 | 
 476 | ### `Button.js`
 477 | 
 478 | ```js
 479 | import React, { Component } from 'react';
 480 | import './Button.css'; // Tell Webpack that Button.js uses these styles
 481 | 
 482 | class Button extends Component {
 483 |   render() {
 484 |     // You can use them as regular CSS styles
 485 |     return <div className="Button" />;
 486 |   }
 487 | }
 488 | ```
 489 | 
 490 | **This is not required for React** but many people find this feature convenient. You can read about the benefits of this approach [here](https://medium.com/seek-ui-engineering/block-element-modifying-your-javascript-components-d7f99fcab52b). However you should be aware that this makes your code less portable to other build tools and environments than Webpack.
 491 | 
 492 | In development, expressing dependencies this way allows your styles to be reloaded on the fly as you edit them. In production, all CSS files will be concatenated into a single minified `.css` file in the build output.
 493 | 
 494 | If you are concerned about using Webpack-specific semantics, you can put all your CSS right into `src/index.css`. It would still be imported from `src/index.js`, but you could always remove that import if you later migrate to a different build tool.
 495 | 
 496 | ## Post-Processing CSS
 497 | 
 498 | This project setup minifies your CSS and adds vendor prefixes to it automatically through [Autoprefixer](https://github.com/postcss/autoprefixer) so you don’t need to worry about it.
 499 | 
 500 | For example, this:
 501 | 
 502 | ```css
 503 | .App {
 504 |   display: flex;
 505 |   flex-direction: row;
 506 |   align-items: center;
 507 | }
 508 | ```
 509 | 
 510 | becomes this:
 511 | 
 512 | ```css
 513 | .App {
 514 |   display: -webkit-box;
 515 |   display: -ms-flexbox;
 516 |   display: flex;
 517 |   -webkit-box-orient: horizontal;
 518 |   -webkit-box-direction: normal;
 519 |       -ms-flex-direction: row;
 520 |           flex-direction: row;
 521 |   -webkit-box-align: center;
 522 |       -ms-flex-align: center;
 523 |           align-items: center;
 524 | }
 525 | ```
 526 | 
 527 | If you need to disable autoprefixing for some reason, [follow this section](https://github.com/postcss/autoprefixer#disabling).
 528 | 
 529 | ## Adding a CSS Preprocessor (Sass, Less etc.)
 530 | 
 531 | Generally, we recommend that you don’t reuse the same CSS classes across different components. For example, instead of using a `.Button` CSS class in `<AcceptButton>` and `<RejectButton>` components, we recommend creating a `<Button>` component with its own `.Button` styles, that both `<AcceptButton>` and `<RejectButton>` can render (but [not inherit](https://facebook.github.io/react/docs/composition-vs-inheritance.html)).
 532 | 
 533 | Following this rule often makes CSS preprocessors less useful, as features like mixins and nesting are replaced by component composition. You can, however, integrate a CSS preprocessor if you find it valuable. In this walkthrough, we will be using Sass, but you can also use Less, or another alternative.
 534 | 
 535 | First, let’s install the command-line interface for Sass:
 536 | 
 537 | ```sh
 538 | npm install --save node-sass-chokidar
 539 | ```
 540 | 
 541 | Alternatively you may use `yarn`:
 542 | 
 543 | ```sh
 544 | yarn add node-sass-chokidar
 545 | ```
 546 | 
 547 | Then in `package.json`, add the following lines to `scripts`:
 548 | 
 549 | ```diff
 550 |    "scripts": {
 551 | +    "build-css": "node-sass-chokidar src/ -o src/",
 552 | +    "watch-css": "npm run build-css && node-sass-chokidar src/ -o src/ --watch --recursive",
 553 |      "start": "react-scripts start",
 554 |      "build": "react-scripts build",
 555 |      "test": "react-scripts test --env=jsdom",
 556 | ```
 557 | 
 558 | >Note: To use a different preprocessor, replace `build-css` and `watch-css` commands according to your preprocessor’s documentation.
 559 | 
 560 | Now you can rename `src/App.css` to `src/App.scss` and run `npm run watch-css`. The watcher will find every Sass file in `src` subdirectories, and create a corresponding CSS file next to it, in our case overwriting `src/App.css`. Since `src/App.js` still imports `src/App.css`, the styles become a part of your application. You can now edit `src/App.scss`, and `src/App.css` will be regenerated.
 561 | 
 562 | To share variables between Sass files, you can use Sass imports. For example, `src/App.scss` and other component style files could include `@import "./shared.scss";` with variable definitions.
 563 | 
 564 | To enable importing files without using relative paths, you can add the  `--include-path` option to the command in `package.json`.
 565 | 
 566 | ```
 567 | "build-css": "node-sass-chokidar --include-path ./src --include-path ./node_modules src/ -o src/",
 568 | "watch-css": "npm run build-css && node-sass-chokidar --include-path ./src --include-path ./node_modules src/ -o src/ --watch --recursive",
 569 | ```
 570 | 
 571 | This will allow you to do imports like
 572 | 
 573 | ```scss
 574 | @import 'styles/_colors.scss'; // assuming a styles directory under src/
 575 | @import 'nprogress/nprogress'; // importing a css file from the nprogress node module
 576 | ```
 577 | 
 578 | At this point you might want to remove all CSS files from the source control, and add `src/**/*.css` to your `.gitignore` file. It is generally a good practice to keep the build products outside of the source control.
 579 | 
 580 | As a final step, you may find it convenient to run `watch-css` automatically with `npm start`, and run `build-css` as a part of `npm run build`. You can use the `&&` operator to execute two scripts sequentially. However, there is no cross-platform way to run two scripts in parallel, so we will install a package for this:
 581 | 
 582 | ```sh
 583 | npm install --save npm-run-all
 584 | ```
 585 | 
 586 | Alternatively you may use `yarn`:
 587 | 
 588 | ```sh
 589 | yarn add npm-run-all
 590 | ```
 591 | 
 592 | Then we can change `start` and `build` scripts to include the CSS preprocessor commands:
 593 | 
 594 | ```diff
 595 |    "scripts": {
 596 |      "build-css": "node-sass-chokidar src/ -o src/",
 597 |      "watch-css": "npm run build-css && node-sass-chokidar src/ -o src/ --watch --recursive",
 598 | -    "start": "react-scripts start",
 599 | -    "build": "react-scripts build",
 600 | +    "start-js": "react-scripts start",
 601 | +    "start": "npm-run-all -p watch-css start-js",
 602 | +    "build": "npm run build-css && react-scripts build",
 603 |      "test": "react-scripts test --env=jsdom",
 604 |      "eject": "react-scripts eject"
 605 |    }
 606 | ```
 607 | 
 608 | Now running `npm start` and `npm run build` also builds Sass files.
 609 | 
 610 | **Why `node-sass-chokidar`?**
 611 | 
 612 | `node-sass` has been reported as having the following issues:
 613 | 
 614 | - `node-sass --watch` has been reported to have *performance issues* in certain conditions when used in a virtual machine or with docker.
 615 | 
 616 | - Infinite styles compiling [#1939](https://github.com/facebookincubator/create-react-app/issues/1939)
 617 | 
 618 | - `node-sass` has been reported as having issues with detecting new files in a directory [#1891](https://github.com/sass/node-sass/issues/1891)
 619 | 
 620 |  `node-sass-chokidar` is used here as it addresses these issues.
 621 | 
 622 | ## Adding Images, Fonts, and Files
 623 | 
 624 | With Webpack, using static assets like images and fonts works similarly to CSS.
 625 | 
 626 | You can **`import` a file right in a JavaScript module**. This tells Webpack to include that file in the bundle. Unlike CSS imports, importing a file gives you a string value. This value is the final path you can reference in your code, e.g. as the `src` attribute of an image or the `href` of a link to a PDF.
 627 | 
 628 | To reduce the number of requests to the server, importing images that are less than 10,000 bytes returns a [data URI](https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URIs) instead of a path. This applies to the following file extensions: bmp, gif, jpg, jpeg, and png. SVG files are excluded due to [#1153](https://github.com/facebookincubator/create-react-app/issues/1153).
 629 | 
 630 | Here is an example:
 631 | 
 632 | ```js
 633 | import React from 'react';
 634 | import logo from './logo.png'; // Tell Webpack this JS file uses this image
 635 | 
 636 | console.log(logo); // /logo.84287d09.png
 637 | 
 638 | function Header() {
 639 |   // Import result is the URL of your image
 640 |   return <img src={logo} alt="Logo" />;
 641 | }
 642 | 
 643 | export default Header;
 644 | ```
 645 | 
 646 | This ensures that when the project is built, Webpack will correctly move the images into the build folder, and provide us with correct paths.
 647 | 
 648 | This works in CSS too:
 649 | 
 650 | ```css
 651 | .Logo {
 652 |   background-image: url(./logo.png);
 653 | }
 654 | ```
 655 | 
 656 | Webpack finds all relative module references in CSS (they start with `./`) and replaces them with the final paths from the compiled bundle. If you make a typo or accidentally delete an important file, you will see a compilation error, just like when you import a non-existent JavaScript module. The final filenames in the compiled bundle are generated by Webpack from content hashes. If the file content changes in the future, Webpack will give it a different name in production so you don’t need to worry about long-term caching of assets.
 657 | 
 658 | Please be advised that this is also a custom feature of Webpack.
 659 | 
 660 | **It is not required for React** but many people enjoy it (and React Native uses a similar mechanism for images).<br>
 661 | An alternative way of handling static assets is described in the next section.
 662 | 
 663 | ## Using the `public` Folder
 664 | 
 665 | >Note: this feature is available with `react-scripts@0.5.0` and higher.
 666 | 
 667 | ### Changing the HTML
 668 | 
 669 | The `public` folder contains the HTML file so you can tweak it, for example, to [set the page title](#changing-the-page-title).
 670 | The `<script>` tag with the compiled code will be added to it automatically during the build process.
 671 | 
 672 | ### Adding Assets Outside of the Module System
 673 | 
 674 | You can also add other assets to the `public` folder.
 675 | 
 676 | Note that we normally encourage you to `import` assets in JavaScript files instead.
 677 | For example, see the sections on [adding a stylesheet](#adding-a-stylesheet) and [adding images and fonts](#adding-images-fonts-and-files).
 678 | This mechanism provides a number of benefits:
 679 | 
 680 | * Scripts and stylesheets get minified and bundled together to avoid extra network requests.
 681 | * Missing files cause compilation errors instead of 404 errors for your users.
 682 | * Result filenames include content hashes so you don’t need to worry about browsers caching their old versions.
 683 | 
 684 | However there is an **escape hatch** that you can use to add an asset outside of the module system.
 685 | 
 686 | If you put a file into the `public` folder, it will **not** be processed by Webpack. Instead it will be copied into the build folder untouched.   To reference assets in the `public` folder, you need to use a special variable called `PUBLIC_URL`.
 687 | 
 688 | Inside `index.html`, you can use it like this:
 689 | 
 690 | ```html
 691 | <link rel="shortcut icon" href="%PUBLIC_URL%/favicon.ico">
 692 | ```
 693 | 
 694 | Only files inside the `public` folder will be accessible by `%PUBLIC_URL%` prefix. If you need to use a file from `src` or `node_modules`, you’ll have to copy it there to explicitly specify your intention to make this file a part of the build.
 695 | 
 696 | When you run `npm run build`, Create React App will substitute `%PUBLIC_URL%` with a correct absolute path so your project works even if you use client-side routing or host it at a non-root URL.
 697 | 
 698 | In JavaScript code, you can use `process.env.PUBLIC_URL` for similar purposes:
 699 | 
 700 | ```js
 701 | render() {
 702 |   // Note: this is an escape hatch and should be used sparingly!
 703 |   // Normally we recommend using `import` for getting asset URLs
 704 |   // as described in “Adding Images and Fonts” above this section.
 705 |   return <img src={process.env.PUBLIC_URL + '/img/logo.png'} />;
 706 | }
 707 | ```
 708 | 
 709 | Keep in mind the downsides of this approach:
 710 | 
 711 | * None of the files in `public` folder get post-processed or minified.
 712 | * Missing files will not be called at compilation time, and will cause 404 errors for your users.
 713 | * Result filenames won’t include content hashes so you’ll need to add query arguments or rename them every time they change.
 714 | 
 715 | ### When to Use the `public` Folder
 716 | 
 717 | Normally we recommend importing [stylesheets](#adding-a-stylesheet), [images, and fonts](#adding-images-fonts-and-files) from JavaScript.
 718 | The `public` folder is useful as a workaround for a number of less common cases:
 719 | 
 720 | * You need a file with a specific name in the build output, such as [`manifest.webmanifest`](https://developer.mozilla.org/en-US/docs/Web/Manifest).
 721 | * You have thousands of images and need to dynamically reference their paths.
 722 | * You want to include a small script like [`pace.js`](http://github.hubspot.com/pace/docs/welcome/) outside of the bundled code.
 723 | * Some library may be incompatible with Webpack and you have no other option but to include it as a `<script>` tag.
 724 | 
 725 | Note that if you add a `<script>` that declares global variables, you also need to read the next section on using them.
 726 | 
 727 | ## Using Global Variables
 728 | 
 729 | When you include a script in the HTML file that defines global variables and try to use one of these variables in the code, the linter will complain because it cannot see the definition of the variable.
 730 | 
 731 | You can avoid this by reading the global variable explicitly from the `window` object, for example:
 732 | 
 733 | ```js
 734 | const $ = window.$;
 735 | ```
 736 | 
 737 | This makes it obvious you are using a global variable intentionally rather than because of a typo.
 738 | 
 739 | Alternatively, you can force the linter to ignore any line by adding `// eslint-disable-line` after it.
 740 | 
 741 | ## Adding Bootstrap
 742 | 
 743 | You don’t have to use [React Bootstrap](https://react-bootstrap.github.io) together with React but it is a popular library for integrating Bootstrap with React apps. If you need it, you can integrate it with Create React App by following these steps:
 744 | 
 745 | Install React Bootstrap and Bootstrap from npm. React Bootstrap does not include Bootstrap CSS so this needs to be installed as well:
 746 | 
 747 | ```sh
 748 | npm install --save react-bootstrap bootstrap@3
 749 | ```
 750 | 
 751 | Alternatively you may use `yarn`:
 752 | 
 753 | ```sh
 754 | yarn add react-bootstrap bootstrap@3
 755 | ```
 756 | 
 757 | Import Bootstrap CSS and optionally Bootstrap theme CSS in the beginning of your ```src/index.js``` file:
 758 | 
 759 | ```js
 760 | import 'bootstrap/dist/css/bootstrap.css';
 761 | import 'bootstrap/dist/css/bootstrap-theme.css';
 762 | // Put any other imports below so that CSS from your
 763 | // components takes precedence over default styles.
 764 | ```
 765 | 
 766 | Import required React Bootstrap components within ```src/App.js``` file or your custom component files:
 767 | 
 768 | ```js
 769 | import { Navbar, Jumbotron, Button } from 'react-bootstrap';
 770 | ```
 771 | 
 772 | Now you are ready to use the imported React Bootstrap components within your component hierarchy defined in the render method. Here is an example [`App.js`](https://gist.githubusercontent.com/gaearon/85d8c067f6af1e56277c82d19fd4da7b/raw/6158dd991b67284e9fc8d70b9d973efe87659d72/App.js) redone using React Bootstrap.
 773 | 
 774 | ### Using a Custom Theme
 775 | 
 776 | Sometimes you might need to tweak the visual styles of Bootstrap (or equivalent package).<br>
 777 | We suggest the following approach:
 778 | 
 779 | * Create a new package that depends on the package you wish to customize, e.g. Bootstrap.
 780 | * Add the necessary build steps to tweak the theme, and publish your package on npm.
 781 | * Install your own theme npm package as a dependency of your app.
 782 | 
 783 | Here is an example of adding a [customized Bootstrap](https://medium.com/@tacomanator/customizing-create-react-app-aa9ffb88165) that follows these steps.
 784 | 
 785 | ## Adding Flow
 786 | 
 787 | Flow is a static type checker that helps you write code with fewer bugs. Check out this [introduction to using static types in JavaScript](https://medium.com/@preethikasireddy/why-use-static-types-in-javascript-part-1-8382da1e0adb) if you are new to this concept.
 788 | 
 789 | Recent versions of [Flow](http://flowtype.org/) work with Create React App projects out of the box.
 790 | 
 791 | To add Flow to a Create React App project, follow these steps:
 792 | 
 793 | 1. Run `npm install --save flow-bin` (or `yarn add flow-bin`).
 794 | 2. Add `"flow": "flow"` to the `scripts` section of your `package.json`.
 795 | 3. Run `npm run flow init` (or `yarn flow init`) to create a [`.flowconfig` file](https://flowtype.org/docs/advanced-configuration.html) in the root directory.
 796 | 4. Add `// @flow` to any files you want to type check (for example, to `src/App.js`).
 797 | 
 798 | Now you can run `npm run flow` (or `yarn flow`) to check the files for type errors.
 799 | You can optionally use an IDE like [Nuclide](https://nuclide.io/docs/languages/flow/) for a better integrated experience.
 800 | In the future we plan to integrate it into Create React App even more closely.
 801 | 
 802 | To learn more about Flow, check out [its documentation](https://flowtype.org/).
 803 | 
 804 | ## Adding Custom Environment Variables
 805 | 
 806 | >Note: this feature is available with `react-scripts@0.2.3` and higher.
 807 | 
 808 | Your project can consume variables declared in your environment as if they were declared locally in your JS files. By
 809 | default you will have `NODE_ENV` defined for you, and any other environment variables starting with
 810 | `REACT_APP_`.
 811 | 
 812 | **The environment variables are embedded during the build time**. Since Create React App produces a static HTML/CSS/JS bundle, it can’t possibly read them at runtime. To read them at runtime, you would need to load HTML into memory on the server and replace placeholders in runtime, just like [described here](#injecting-data-from-the-server-into-the-page). Alternatively you can rebuild the app on the server anytime you change them.
 813 | 
 814 | >Note: You must create custom environment variables beginning with `REACT_APP_`. Any other variables except `NODE_ENV` will be ignored to avoid accidentally [exposing a private key on the machine that could have the same name](https://github.com/facebookincubator/create-react-app/issues/865#issuecomment-252199527). Changing any environment variables will require you to restart the development server if it is running.
 815 | 
 816 | These environment variables will be defined for you on `process.env`. For example, having an environment
 817 | variable named `REACT_APP_SECRET_CODE` will be exposed in your JS as `process.env.REACT_APP_SECRET_CODE`.
 818 | 
 819 | There is also a special built-in environment variable called `NODE_ENV`. You can read it from `process.env.NODE_ENV`. When you run `npm start`, it is always equal to `'development'`, when you run `npm test` it is always equal to `'test'`, and when you run `npm run build` to make a production bundle, it is always equal to `'production'`. **You cannot override `NODE_ENV` manually.** This prevents developers from accidentally deploying a slow development build to production.
 820 | 
 821 | These environment variables can be useful for displaying information conditionally based on where the project is
 822 | deployed or consuming sensitive data that lives outside of version control.
 823 | 
 824 | First, you need to have environment variables defined. For example, let’s say you wanted to consume a secret defined
 825 | in the environment inside a `<form>`:
 826 | 
 827 | ```jsx
 828 | render() {
 829 |   return (
 830 |     <div>
 831 |       <small>You are running this application in <b>{process.env.NODE_ENV}</b> mode.</small>
 832 |       <form>
 833 |         <input type="hidden" defaultValue={process.env.REACT_APP_SECRET_CODE} />
 834 |       </form>
 835 |     </div>
 836 |   );
 837 | }
 838 | ```
 839 | 
 840 | During the build, `process.env.REACT_APP_SECRET_CODE` will be replaced with the current value of the `REACT_APP_SECRET_CODE` environment variable. Remember that the `NODE_ENV` variable will be set for you automatically.
 841 | 
 842 | When you load the app in the browser and inspect the `<input>`, you will see its value set to `abcdef`, and the bold text will show the environment provided when using `npm start`:
 843 | 
 844 | ```html
 845 | <div>
 846 |   <small>You are running this application in <b>development</b> mode.</small>
 847 |   <form>
 848 |     <input type="hidden" value="abcdef" />
 849 |   </form>
 850 | </div>
 851 | ```
 852 | 
 853 | The above form is looking for a variable called `REACT_APP_SECRET_CODE` from the environment. In order to consume this
 854 | value, we need to have it defined in the environment. This can be done using two ways: either in your shell or in
 855 | a `.env` file. Both of these ways are described in the next few sections.
 856 | 
 857 | Having access to the `NODE_ENV` is also useful for performing actions conditionally:
 858 | 
 859 | ```js
 860 | if (process.env.NODE_ENV !== 'production') {
 861 |   analytics.disable();
 862 | }
 863 | ```
 864 | 
 865 | When you compile the app with `npm run build`, the minification step will strip out this condition, and the resulting bundle will be smaller.
 866 | 
 867 | ### Referencing Environment Variables in the HTML
 868 | 
 869 | >Note: this feature is available with `react-scripts@0.9.0` and higher.
 870 | 
 871 | You can also access the environment variables starting with `REACT_APP_` in the `public/index.html`. For example:
 872 | 
 873 | ```html
 874 | <title>%REACT_APP_WEBSITE_NAME%</title>
 875 | ```
 876 | 
 877 | Note that the caveats from the above section apply:
 878 | 
 879 | * Apart from a few built-in variables (`NODE_ENV` and `PUBLIC_URL`), variable names must start with `REACT_APP_` to work.
 880 | * The environment variables are injected at build time. If you need to inject them at runtime, [follow this approach instead](#generating-dynamic-meta-tags-on-the-server).
 881 | 
 882 | ### Adding Temporary Environment Variables In Your Shell
 883 | 
 884 | Defining environment variables can vary between OSes. It’s also important to know that this manner is temporary for the
 885 | life of the shell session.
 886 | 
 887 | #### Windows (cmd.exe)
 888 | 
 889 | ```cmd
 890 | set REACT_APP_SECRET_CODE=abcdef&&npm start
 891 | ```
 892 | 
 893 | (Note: the lack of whitespace is intentional.)
 894 | 
 895 | #### Linux, macOS (Bash)
 896 | 
 897 | ```bash
 898 | REACT_APP_SECRET_CODE=abcdef npm start
 899 | ```
 900 | 
 901 | ### Adding Development Environment Variables In `.env`
 902 | 
 903 | >Note: this feature is available with `react-scripts@0.5.0` and higher.
 904 | 
 905 | To define permanent environment variables, create a file called `.env` in the root of your project:
 906 | 
 907 | ```
 908 | REACT_APP_SECRET_CODE=abcdef
 909 | ```
 910 | 
 911 | `.env` files **should be** checked into source control (with the exclusion of `.env*.local`).
 912 | 
 913 | #### What other `.env` files are can be used?
 914 | 
 915 | >Note: this feature is **available with `react-scripts@1.0.0` and higher**.
 916 | 
 917 | * `.env`: Default.
 918 | * `.env.local`: Local overrides. **This file is loaded for all environments except test.**
 919 | * `.env.development`, `.env.test`, `.env.production`: Environment-specific settings.
 920 | * `.env.development.local`, `.env.test.local`, `.env.production.local`: Local overrides of environment-specific settings.
 921 | 
 922 | Files on the left have more priority than files on the right:
 923 | 
 924 | * `npm start`: `.env.development.local`, `.env.development`, `.env.local`, `.env`
 925 | * `npm run build`: `.env.production.local`, `.env.production`, `.env.local`, `.env`
 926 | * `npm test`: `.env.test.local`, `.env.test`, `.env` (note `.env.local` is missing)
 927 | 
 928 | These variables will act as the defaults if the machine does not explicitly set them.<br>
 929 | Please refer to the [dotenv documentation](https://github.com/motdotla/dotenv) for more details.
 930 | 
 931 | >Note: If you are defining environment variables for development, your CI and/or hosting platform will most likely need
 932 | these defined as well. Consult their documentation how to do this. For example, see the documentation for [Travis CI](https://docs.travis-ci.com/user/environment-variables/) or [Heroku](https://devcenter.heroku.com/articles/config-vars).
 933 | 
 934 | ## Can I Use Decorators?
 935 | 
 936 | Many popular libraries use [decorators](https://medium.com/google-developers/exploring-es7-decorators-76ecb65fb841) in their documentation.<br>
 937 | Create React App doesn’t support decorator syntax at the moment because:
 938 | 
 939 | * It is an experimental proposal and is subject to change.
 940 | * The current specification version is not officially supported by Babel.
 941 | * If the specification changes, we won’t be able to write a codemod because we don’t use them internally at Facebook.
 942 | 
 943 | However in many cases you can rewrite decorator-based code without decorators just as fine.<br>
 944 | Please refer to these two threads for reference:
 945 | 
 946 | * [#214](https://github.com/facebookincubator/create-react-app/issues/214)
 947 | * [#411](https://github.com/facebookincubator/create-react-app/issues/411)
 948 | 
 949 | Create React App will add decorator support when the specification advances to a stable stage.
 950 | 
 951 | ## Integrating with an API Backend
 952 | 
 953 | These tutorials will help you to integrate your app with an API backend running on another port,
 954 | using `fetch()` to access it.
 955 | 
 956 | ### Node
 957 | Check out [this tutorial](https://www.fullstackreact.com/articles/using-create-react-app-with-a-server/).
 958 | You can find the companion GitHub repository [here](https://github.com/fullstackreact/food-lookup-demo).
 959 | 
 960 | ### Ruby on Rails
 961 | 
 962 | Check out [this tutorial](https://www.fullstackreact.com/articles/how-to-get-create-react-app-to-work-with-your-rails-api/).
 963 | You can find the companion GitHub repository [here](https://github.com/fullstackreact/food-lookup-demo-rails).
 964 | 
 965 | ## Proxying API Requests in Development
 966 | 
 967 | >Note: this feature is available with `react-scripts@0.2.3` and higher.
 968 | 
 969 | People often serve the front-end React app from the same host and port as their backend implementation.<br>
 970 | For example, a production setup might look like this after the app is deployed:
 971 | 
 972 | ```
 973 | /             - static server returns index.html with React app
 974 | /todos        - static server returns index.html with React app
 975 | /api/todos    - server handles any /api/* requests using the backend implementation
 976 | ```
 977 | 
 978 | Such setup is **not** required. However, if you **do** have a setup like this, it is convenient to write requests like `fetch('/api/todos')` without worrying about redirecting them to another host or port during development.
 979 | 
 980 | To tell the development server to proxy any unknown requests to your API server in development, add a `proxy` field to your `package.json`, for example:
 981 | 
 982 | ```js
 983 |   "proxy": "http://localhost:4000",
 984 | ```
 985 | 
 986 | This way, when you `fetch('/api/todos')` in development, the development server will recognize that it’s not a static asset, and will proxy your request to `http://localhost:4000/api/todos` as a fallback. The development server will only attempt to send requests without a `text/html` accept header to the proxy.
 987 | 
 988 | Conveniently, this avoids [CORS issues](http://stackoverflow.com/questions/21854516/understanding-ajax-cors-and-security-considerations) and error messages like this in development:
 989 | 
 990 | ```
 991 | Fetch API cannot load http://localhost:4000/api/todos. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
 992 | ```
 993 | 
 994 | Keep in mind that `proxy` only has effect in development (with `npm start`), and it is up to you to ensure that URLs like `/api/todos` point to the right thing in production. You don’t have to use the `/api` prefix. Any unrecognized request without a `text/html` accept header will be redirected to the specified `proxy`.
 995 | 
 996 | The `proxy` option supports HTTP, HTTPS and WebSocket connections.<br>
 997 | If the `proxy` option is **not** flexible enough for you, alternatively you can:
 998 | 
 999 | * [Configure the proxy yourself](#configuring-the-proxy-manually)
1000 | * Enable CORS on your server ([here’s how to do it for Express](http://enable-cors.org/server_expressjs.html)).
1001 | * Use [environment variables](#adding-custom-environment-variables) to inject the right server host and port into your app.
1002 | 
1003 | ### "Invalid Host Header" Errors After Configuring Proxy
1004 | 
1005 | When you enable the `proxy` option, you opt into a more strict set of host checks. This is necessary because leaving the backend open to remote hosts makes your computer vulnerable to DNS rebinding attacks. The issue is explained in [this article](https://medium.com/webpack/webpack-dev-server-middleware-security-issues-1489d950874a) and [this issue](https://github.com/webpack/webpack-dev-server/issues/887).
1006 | 
1007 | This shouldn’t affect you when developing on `localhost`, but if you develop remotely like [described here](https://github.com/facebookincubator/create-react-app/issues/2271), you will see this error in the browser after enabling the `proxy` option:
1008 | 
1009 | >Invalid Host header
1010 | 
1011 | To work around it, you can specify your public development host in a file called `.env.development` in the root of your project:
1012 | 
1013 | ```
1014 | HOST=mypublicdevhost.com
1015 | ```
1016 | 
1017 | If you restart the development server now and load the app from the specified host, it should work.
1018 | 
1019 | If you are still having issues or if you’re using a more exotic environment like a cloud editor, you can bypass the host check completely by adding a line to `.env.development.local`. **Note that this is dangerous and exposes your machine to remote code execution from malicious websites:**
1020 | 
1021 | ```
1022 | # NOTE: THIS IS DANGEROUS!
1023 | # It exposes your machine to attacks from the websites you visit.
1024 | DANGEROUSLY_DISABLE_HOST_CHECK=true
1025 | ```
1026 | 
1027 | We don’t recommend this approach.
1028 | 
1029 | ### Configuring the Proxy Manually
1030 | 
1031 | >Note: this feature is available with `react-scripts@1.0.0` and higher.
1032 | 
1033 | If the `proxy` option is **not** flexible enough for you, you can specify an object in the following form (in `package.json`).<br>
1034 | You may also specify any configuration value [`http-proxy-middleware`](https://github.com/chimurai/http-proxy-middleware#options) or [`http-proxy`](https://github.com/nodejitsu/node-http-proxy#options) supports.
1035 | ```js
1036 | {
1037 |   // ...
1038 |   "proxy": {
1039 |     "/api": {
1040 |       "target": "<url>",
1041 |       "ws": true
1042 |       // ...
1043 |     }
1044 |   }
1045 |   // ...
1046 | }
1047 | ```
1048 | 
1049 | All requests matching this path will be proxies, no exceptions. This includes requests for `text/html`, which the standard `proxy` option does not proxy.
1050 | 
1051 | If you need to specify multiple proxies, you may do so by specifying additional entries.
1052 | You may also narrow down matches using `*` and/or `**`, to match the path exactly or any subpath.
1053 | ```js
1054 | {
1055 |   // ...
1056 |   "proxy": {
1057 |     // Matches any request starting with /api
1058 |     "/api": {
1059 |       "target": "<url_1>",
1060 |       "ws": true
1061 |       // ...
1062 |     },
1063 |     // Matches any request starting with /foo
1064 |     "/foo": {
1065 |       "target": "<url_2>",
1066 |       "ssl": true,
1067 |       "pathRewrite": {
1068 |         "^/foo": "/foo/beta"
1069 |       }
1070 |       // ...
1071 |     },
1072 |     // Matches /bar/abc.html but not /bar/sub/def.html
1073 |     "/bar/*.html": {
1074 |       "target": "<url_3>",
1075 |       // ...
1076 |     },
1077 |     // Matches /baz/abc.html and /baz/sub/def.html
1078 |     "/baz/**/*.html": {
1079 |       "target": "<url_4>"
1080 |       // ...
1081 |     }
1082 |   }
1083 |   // ...
1084 | }
1085 | ```
1086 | 
1087 | ### Configuring a WebSocket Proxy
1088 | 
1089 | When setting up a WebSocket proxy, there are a some extra considerations to be aware of.
1090 | 
1091 | If you’re using a WebSocket engine like [Socket.io](https://socket.io/), you must have a Socket.io server running that you can use as the proxy target. Socket.io will not work with a standard WebSocket server. Specifically, don't expect Socket.io to work with [the websocket.org echo test](http://websocket.org/echo.html).
1092 | 
1093 | There’s some good documentation available for [setting up a Socket.io server](https://socket.io/docs/).
1094 | 
1095 | Standard WebSockets **will** work with a standard WebSocket server as well as the websocket.org echo test. You can use libraries like [ws](https://github.com/websockets/ws) for the server, with [native WebSockets in the browser](https://developer.mozilla.org/en-US/docs/Web/API/WebSocket).
1096 | 
1097 | Either way, you can proxy WebSocket requests manually in `package.json`:
1098 | 
1099 | ```js
1100 | {
1101 |   // ...
1102 |   "proxy": {
1103 |     "/socket": {
1104 |       // Your compatible WebSocket server
1105 |       "target": "ws://<socket_url>",
1106 |       // Tell http-proxy-middleware that this is a WebSocket proxy.
1107 |       // Also allows you to proxy WebSocket requests without an additional HTTP request
1108 |       // https://github.com/chimurai/http-proxy-middleware#external-websocket-upgrade
1109 |       "ws": true
1110 |       // ...
1111 |     }
1112 |   }
1113 |   // ...
1114 | }
1115 | ```
1116 | 
1117 | ## Using HTTPS in Development
1118 | 
1119 | >Note: this feature is available with `react-scripts@0.4.0` and higher.
1120 | 
1121 | You may require the dev server to serve pages over HTTPS. One particular case where this could be useful is when using [the "proxy" feature](#proxying-api-requests-in-development) to proxy requests to an API server when that API server is itself serving HTTPS.
1122 | 
1123 | To do this, set the `HTTPS` environment variable to `true`, then start the dev server as usual with `npm start`:
1124 | 
1125 | #### Windows (cmd.exe)
1126 | 
1127 | ```cmd
1128 | set HTTPS=true&&npm start
1129 | ```
1130 | 
1131 | (Note: the lack of whitespace is intentional.)
1132 | 
1133 | #### Linux, macOS (Bash)
1134 | 
1135 | ```bash
1136 | HTTPS=true npm start
1137 | ```
1138 | 
1139 | Note that the server will use a self-signed certificate, so your web browser will almost definitely display a warning upon accessing the page.
1140 | 
1141 | ## Generating Dynamic `<meta>` Tags on the Server
1142 | 
1143 | Since Create React App doesn’t support server rendering, you might be wondering how to make `<meta>` tags dynamic and reflect the current URL. To solve this, we recommend to add placeholders into the HTML, like this:
1144 | 
1145 | ```html
1146 | <!doctype html>
1147 | <html lang="en">
1148 |   <head>
1149 |     <meta property="og:title" content="__OG_TITLE__">
1150 |     <meta property="og:description" content="__OG_DESCRIPTION__">
1151 | ```
1152 | 
1153 | Then, on the server, regardless of the backend you use, you can read `index.html` into memory and replace `__OG_TITLE__`, `__OG_DESCRIPTION__`, and any other placeholders with values depending on the current URL. Just make sure to sanitize and escape the interpolated values so that they are safe to embed into HTML!
1154 | 
1155 | If you use a Node server, you can even share the route matching logic between the client and the server. However duplicating it also works fine in simple cases.
1156 | 
1157 | ## Pre-Rendering into Static HTML Files
1158 | 
1159 | If you’re hosting your `build` with a static hosting provider you can use [react-snapshot](https://www.npmjs.com/package/react-snapshot) to generate HTML pages for each route, or relative link, in your application. These pages will then seamlessly become active, or “hydrated”, when the JavaScript bundle has loaded.
1160 | 
1161 | There are also opportunities to use this outside of static hosting, to take the pressure off the server when generating and caching routes.
1162 | 
1163 | The primary benefit of pre-rendering is that you get the core content of each page _with_ the HTML payload—regardless of whether or not your JavaScript bundle successfully downloads. It also increases the likelihood that each route of your application will be picked up by search engines.
1164 | 
1165 | You can read more about [zero-configuration pre-rendering (also called snapshotting) here](https://medium.com/superhighfives/an-almost-static-stack-6df0a2791319).
1166 | 
1167 | ## Injecting Data from the Server into the Page
1168 | 
1169 | Similarly to the previous section, you can leave some placeholders in the HTML that inject global variables, for example:
1170 | 
1171 | ```js
1172 | <!doctype html>
1173 | <html lang="en">
1174 |   <head>
1175 |     <script>
1176 |       window.SERVER_DATA = __SERVER_DATA__;
1177 |     </script>
1178 | ```
1179 | 
1180 | Then, on the server, you can replace `__SERVER_DATA__` with a JSON of real data right before sending the response. The client code can then read `window.SERVER_DATA` to use it. **Make sure to [sanitize the JSON before sending it to the client](https://medium.com/node-security/the-most-common-xss-vulnerability-in-react-js-applications-2bdffbcc1fa0) as it makes your app vulnerable to XSS attacks.**
1181 | 
1182 | ## Running Tests
1183 | 
1184 | >Note: this feature is available with `react-scripts@0.3.0` and higher.<br>
1185 | >[Read the migration guide to learn how to enable it in older projects!](https://github.com/facebookincubator/create-react-app/blob/master/CHANGELOG.md#migrating-from-023-to-030)
1186 | 
1187 | Create React App uses [Jest](https://facebook.github.io/jest/) as its test runner. To prepare for this integration, we did a [major revamp](https://facebook.github.io/jest/blog/2016/09/01/jest-15.html) of Jest so if you heard bad things about it years ago, give it another try.
1188 | 
1189 | Jest is a Node-based runner. This means that the tests always run in a Node environment and not in a real browser. This lets us enable fast iteration speed and prevent flakiness.
1190 | 
1191 | While Jest provides browser globals such as `window` thanks to [jsdom](https://github.com/tmpvar/jsdom), they are only approximations of the real browser behavior. Jest is intended to be used for unit tests of your logic and your components rather than the DOM quirks.
1192 | 
1193 | We recommend that you use a separate tool for browser end-to-end tests if you need them. They are beyond the scope of Create React App.
1194 | 
1195 | ### Filename Conventions
1196 | 
1197 | Jest will look for test files with any of the following popular naming conventions:
1198 | 
1199 | * Files with `.js` suffix in `__tests__` folders.
1200 | * Files with `.test.js` suffix.
1201 | * Files with `.spec.js` suffix.
1202 | 
1203 | The `.test.js` / `.spec.js` files (or the `__tests__` folders) can be located at any depth under the `src` top level folder.
1204 | 
1205 | We recommend to put the test files (or `__tests__` folders) next to the code they are testing so that relative imports appear shorter. For example, if `App.test.js` and `App.js` are in the same folder, the test just needs to `import App from './App'` instead of a long relative path. Colocation also helps find tests more quickly in larger projects.
1206 | 
1207 | ### Command Line Interface
1208 | 
1209 | When you run `npm test`, Jest will launch in the watch mode. Every time you save a file, it will re-run the tests, just like `npm start` recompiles the code.
1210 | 
1211 | The watcher includes an interactive command-line interface with the ability to run all tests, or focus on a search pattern. It is designed this way so that you can keep it open and enjoy fast re-runs. You can learn the commands from the “Watch Usage” note that the watcher prints after every run:
1212 | 
1213 | ![Jest watch mode](http://facebook.github.io/jest/img/blog/15-watch.gif)
1214 | 
1215 | ### Version Control Integration
1216 | 
1217 | By default, when you run `npm test`, Jest will only run the tests related to files changed since the last commit. This is an optimization designed to make your tests run fast regardless of how many tests you have. However it assumes that you don’t often commit the code that doesn’t pass the tests.
1218 | 
1219 | Jest will always explicitly mention that it only ran tests related to the files changed since the last commit. You can also press `a` in the watch mode to force Jest to run all tests.
1220 | 
1221 | Jest will always run all tests on a [continuous integration](#continuous-integration) server or if the project is not inside a Git or Mercurial repository.
1222 | 
1223 | ### Writing Tests
1224 | 
1225 | To create tests, add `it()` (or `test()`) blocks with the name of the test and its code. You may optionally wrap them in `describe()` blocks for logical grouping but this is neither required nor recommended.
1226 | 
1227 | Jest provides a built-in `expect()` global function for making assertions. A basic test could look like this:
1228 | 
1229 | ```js
1230 | import sum from './sum';
1231 | 
1232 | it('sums numbers', () => {
1233 |   expect(sum(1, 2)).toEqual(3);
1234 |   expect(sum(2, 2)).toEqual(4);
1235 | });
1236 | ```
1237 | 
1238 | All `expect()` matchers supported by Jest are [extensively documented here](http://facebook.github.io/jest/docs/expect.html).<br>
1239 | You can also use [`jest.fn()` and `expect(fn).toBeCalled()`](http://facebook.github.io/jest/docs/expect.html#tohavebeencalled) to create “spies” or mock functions.
1240 | 
1241 | ### Testing Components
1242 | 
1243 | There is a broad spectrum of component testing techniques. They range from a “smoke test” verifying that a component renders without throwing, to shallow rendering and testing some of the output, to full rendering and testing component lifecycle and state changes.
1244 | 
1245 | Different projects choose different testing tradeoffs based on how often components change, and how much logic they contain. If you haven’t decided on a testing strategy yet, we recommend that you start with creating simple smoke tests for your components:
1246 | 
1247 | ```js
1248 | import React from 'react';
1249 | import ReactDOM from 'react-dom';
1250 | import App from './App';
1251 | 
1252 | it('renders without crashing', () => {
1253 |   const div = document.createElement('div');
1254 |   ReactDOM.render(<App />, div);
1255 | });
1256 | ```
1257 | 
1258 | This test mounts a component and makes sure that it didn’t throw during rendering. Tests like this provide a lot value with very little effort so they are great as a starting point, and this is the test you will find in `src/App.test.js`.
1259 | 
1260 | When you encounter bugs caused by changing components, you will gain a deeper insight into which parts of them are worth testing in your application. This might be a good time to introduce more specific tests asserting specific expected output or behavior.
1261 | 
1262 | If you’d like to test components in isolation from the child components they render, we recommend using [`shallow()` rendering API](http://airbnb.io/enzyme/docs/api/shallow.html) from [Enzyme](http://airbnb.io/enzyme/). To install it, run:
1263 | 
1264 | ```sh
1265 | npm install --save enzyme react-test-renderer
1266 | ```
1267 | 
1268 | Alternatively you may use `yarn`:
1269 | 
1270 | ```sh
1271 | yarn add enzyme react-test-renderer
1272 | ```
1273 | 
1274 | You can write a smoke test with it too:
1275 | 
1276 | ```js
1277 | import React from 'react';
1278 | import { shallow } from 'enzyme';
1279 | import App from './App';
1280 | 
1281 | it('renders without crashing', () => {
1282 |   shallow(<App />);
1283 | });
1284 | ```
1285 | 
1286 | Unlike the previous smoke test using `ReactDOM.render()`, this test only renders `<App>` and doesn’t go deeper. For example, even if `<App>` itself renders a `<Button>` that throws, this test will pass. Shallow rendering is great for isolated unit tests, but you may still want to create some full rendering tests to ensure the components integrate correctly. Enzyme supports [full rendering with `mount()`](http://airbnb.io/enzyme/docs/api/mount.html), and you can also use it for testing state changes and component lifecycle.
1287 | 
1288 | You can read the [Enzyme documentation](http://airbnb.io/enzyme/) for more testing techniques. Enzyme documentation uses Chai and Sinon for assertions but you don’t have to use them because Jest provides built-in `expect()` and `jest.fn()` for spies.
1289 | 
1290 | Here is an example from Enzyme documentation that asserts specific output, rewritten to use Jest matchers:
1291 | 
1292 | ```js
1293 | import React from 'react';
1294 | import { shallow } from 'enzyme';
1295 | import App from './App';
1296 | 
1297 | it('renders welcome message', () => {
1298 |   const wrapper = shallow(<App />);
1299 |   const welcome = <h2>Welcome to React</h2>;
1300 |   // expect(wrapper.contains(welcome)).to.equal(true);
1301 |   expect(wrapper.contains(welcome)).toEqual(true);
1302 | });
1303 | ```
1304 | 
1305 | All Jest matchers are [extensively documented here](http://facebook.github.io/jest/docs/expect.html).<br>
1306 | Nevertheless you can use a third-party assertion library like [Chai](http://chaijs.com/) if you want to, as described below.
1307 | 
1308 | Additionally, you might find [jest-enzyme](https://github.com/blainekasten/enzyme-matchers) helpful to simplify your tests with readable matchers. The above `contains` code can be written simpler with jest-enzyme.
1309 | 
1310 | ```js
1311 | expect(wrapper).toContainReact(welcome)
1312 | ```
1313 | 
1314 | To enable this, install `jest-enzyme`:
1315 | 
1316 | ```sh
1317 | npm install --save jest-enzyme
1318 | ```
1319 | 
1320 | Alternatively you may use `yarn`:
1321 | 
1322 | ```sh
1323 | yarn add jest-enzyme
1324 | ```
1325 | 
1326 | Import it in [`src/setupTests.js`](#initializing-test-environment) to make its matchers available in every test:
1327 | 
1328 | ```js
1329 | import 'jest-enzyme';
1330 | ```
1331 | 
1332 | ### Using Third Party Assertion Libraries
1333 | 
1334 | We recommend that you use `expect()` for assertions and `jest.fn()` for spies. If you are having issues with them please [file those against Jest](https://github.com/facebook/jest/issues/new), and we’ll fix them. We intend to keep making them better for React, supporting, for example, [pretty-printing React elements as JSX](https://github.com/facebook/jest/pull/1566).
1335 | 
1336 | However, if you are used to other libraries, such as [Chai](http://chaijs.com/) and [Sinon](http://sinonjs.org/), or if you have existing code using them that you’d like to port over, you can import them normally like this:
1337 | 
1338 | ```js
1339 | import sinon from 'sinon';
1340 | import { expect } from 'chai';
1341 | ```
1342 | 
1343 | and then use them in your tests like you normally do.
1344 | 
1345 | ### Initializing Test Environment
1346 | 
1347 | >Note: this feature is available with `react-scripts@0.4.0` and higher.
1348 | 
1349 | If your app uses a browser API that you need to mock in your tests or if you just need a global setup before running your tests, add a `src/setupTests.js` to your project. It will be automatically executed before running your tests.
1350 | 
1351 | For example:
1352 | 
1353 | #### `src/setupTests.js`
1354 | ```js
1355 | const localStorageMock = {
1356 |   getItem: jest.fn(),
1357 |   setItem: jest.fn(),
1358 |   clear: jest.fn()
1359 | };
1360 | global.localStorage = localStorageMock
1361 | ```
1362 | 
1363 | ### Focusing and Excluding Tests
1364 | 
1365 | You can replace `it()` with `xit()` to temporarily exclude a test from being executed.<br>
1366 | Similarly, `fit()` lets you focus on a specific test without running any other tests.
1367 | 
1368 | ### Coverage Reporting
1369 | 
1370 | Jest has an integrated coverage reporter that works well with ES6 and requires no configuration.<br>
1371 | Run `npm test -- --coverage` (note extra `--` in the middle) to include a coverage report like this:
1372 | 
1373 | ![coverage report](http://i.imgur.com/5bFhnTS.png)
1374 | 
1375 | Note that tests run much slower with coverage so it is recommended to run it separately from your normal workflow.
1376 | 
1377 | ### Continuous Integration
1378 | 
1379 | By default `npm test` runs the watcher with interactive CLI. However, you can force it to run tests once and finish the process by setting an environment variable called `CI`.
1380 | 
1381 | When creating a build of your application with `npm run build` linter warnings are not checked by default. Like `npm test`, you can force the build to perform a linter warning check by setting the environment variable `CI`. If any warnings are encountered then the build fails.
1382 | 
1383 | Popular CI servers already set the environment variable `CI` by default but you can do this yourself too:
1384 | 
1385 | ### On CI servers
1386 | #### Travis CI
1387 | 
1388 | 1. Following the [Travis Getting started](https://docs.travis-ci.com/user/getting-started/) guide for syncing your GitHub repository with Travis.  You may need to initialize some settings manually in your [profile](https://travis-ci.org/profile) page.
1389 | 1. Add a `.travis.yml` file to your git repository.
1390 | ```
1391 | language: node_js
1392 | node_js:
1393 |   - 6
1394 | cache:
1395 |   directories:
1396 |     - node_modules
1397 | script:
1398 |   - npm run build
1399 |   - npm test
1400 | ```
1401 | 1. Trigger your first build with a git push.
1402 | 1. [Customize your Travis CI Build](https://docs.travis-ci.com/user/customizing-the-build/) if needed.
1403 | 
1404 | #### CircleCI
1405 | 
1406 | Follow [this article](https://medium.com/@knowbody/circleci-and-zeits-now-sh-c9b7eebcd3c1) to set up CircleCI with a Create React App project.
1407 | 
1408 | ### On your own environment
1409 | ##### Windows (cmd.exe)
1410 | 
1411 | ```cmd
1412 | set CI=true&&npm test
1413 | ```
1414 | 
1415 | ```cmd
1416 | set CI=true&&npm run build
1417 | ```
1418 | 
1419 | (Note: the lack of whitespace is intentional.)
1420 | 
1421 | ##### Linux, macOS (Bash)
1422 | 
1423 | ```bash
1424 | CI=true npm test
1425 | ```
1426 | 
1427 | ```bash
1428 | CI=true npm run build
1429 | ```
1430 | 
1431 | The test command will force Jest to run tests once instead of launching the watcher.
1432 | 
1433 | >  If you find yourself doing this often in development, please [file an issue](https://github.com/facebookincubator/create-react-app/issues/new) to tell us about your use case because we want to make watcher the best experience and are open to changing how it works to accommodate more workflows.
1434 | 
1435 | The build command will check for linter warnings and fail if any are found.
1436 | 
1437 | ### Disabling jsdom
1438 | 
1439 | By default, the `package.json` of the generated project looks like this:
1440 | 
1441 | ```js
1442 |   "scripts": {
1443 |     "start": "react-scripts start",
1444 |     "build": "react-scripts build",
1445 |     "test": "react-scripts test --env=jsdom"
1446 | ```
1447 | 
1448 | If you know that none of your tests depend on [jsdom](https://github.com/tmpvar/jsdom), you can safely remove `--env=jsdom`, and your tests will run faster:
1449 | 
1450 | ```diff
1451 |   "scripts": {
1452 |     "start": "react-scripts start",
1453 |     "build": "react-scripts build",
1454 | -   "test": "react-scripts test --env=jsdom"
1455 | +   "test": "react-scripts test"
1456 | ```
1457 | 
1458 | To help you make up your mind, here is a list of APIs that **need jsdom**:
1459 | 
1460 | * Any browser globals like `window` and `document`
1461 | * [`ReactDOM.render()`](https://facebook.github.io/react/docs/top-level-api.html#reactdom.render)
1462 | * [`TestUtils.renderIntoDocument()`](https://facebook.github.io/react/docs/test-utils.html#renderintodocument) ([a shortcut](https://github.com/facebook/react/blob/34761cf9a252964abfaab6faf74d473ad95d1f21/src/test/ReactTestUtils.js#L83-L91) for the above)
1463 | * [`mount()`](http://airbnb.io/enzyme/docs/api/mount.html) in [Enzyme](http://airbnb.io/enzyme/index.html)
1464 | 
1465 | In contrast, **jsdom is not needed** for the following APIs:
1466 | 
1467 | * [`TestUtils.createRenderer()`](https://facebook.github.io/react/docs/test-utils.html#shallow-rendering) (shallow rendering)
1468 | * [`shallow()`](http://airbnb.io/enzyme/docs/api/shallow.html) in [Enzyme](http://airbnb.io/enzyme/index.html)
1469 | 
1470 | Finally, jsdom is also not needed for [snapshot testing](http://facebook.github.io/jest/blog/2016/07/27/jest-14.html).
1471 | 
1472 | ### Snapshot Testing
1473 | 
1474 | Snapshot testing is a feature of Jest that automatically generates text snapshots of your components and saves them on the disk so if the UI output changes, you get notified without manually writing any assertions on the component output. [Read more about snapshot testing.](http://facebook.github.io/jest/blog/2016/07/27/jest-14.html)
1475 | 
1476 | ### Editor Integration
1477 | 
1478 | If you use [Visual Studio Code](https://code.visualstudio.com), there is a [Jest extension](https://github.com/orta/vscode-jest) which works with Create React App out of the box. This provides a lot of IDE-like features while using a text editor: showing the status of a test run with potential fail messages inline, starting and stopping the watcher automatically, and offering one-click snapshot updates.
1479 | 
1480 | ![VS Code Jest Preview](https://cloud.githubusercontent.com/assets/49038/20795349/a032308a-b7c8-11e6-9b34-7eeac781003f.png)
1481 | 
1482 | ## Developing Components in Isolation
1483 | 
1484 | Usually, in an app, you have a lot of UI components, and each of them has many different states.
1485 | For an example, a simple button component could have following states:
1486 | 
1487 | * In a regular state, with a text label.
1488 | * In the disabled mode.
1489 | * In a loading state.
1490 | 
1491 | Usually, it’s hard to see these states without running a sample app or some examples.
1492 | 
1493 | Create React App doesn’t include any tools for this by default, but you can easily add [Storybook for React](https://storybook.js.org) ([source](https://github.com/storybooks/storybook)) or [React Styleguidist](https://react-styleguidist.js.org/) ([source](https://github.com/styleguidist/react-styleguidist)) to your project. **These are third-party tools that let you develop components and see all their states in isolation from your app**.
1494 | 
1495 | ![Storybook for React Demo](http://i.imgur.com/7CIAWpB.gif)
1496 | 
1497 | You can also deploy your Storybook or style guide as a static app. This way, everyone in your team can view and review different states of UI components without starting a backend server or creating an account in your app.
1498 | 
1499 | ### Getting Started with Storybook
1500 | 
1501 | Storybook is a development environment for React UI components. It allows you to browse a component library, view the different states of each component, and interactively develop and test components.
1502 | 
1503 | First, install the following npm package globally:
1504 | 
1505 | ```sh
1506 | npm install -g @storybook/cli
1507 | ```
1508 | 
1509 | Then, run the following command inside your app’s directory:
1510 | 
1511 | ```sh
1512 | getstorybook
1513 | ```
1514 | 
1515 | After that, follow the instructions on the screen.
1516 | 
1517 | Learn more about React Storybook:
1518 | 
1519 | * Screencast: [Getting Started with React Storybook](https://egghead.io/lessons/react-getting-started-with-react-storybook)
1520 | * [GitHub Repo](https://github.com/storybooks/storybook)
1521 | * [Documentation](https://storybook.js.org/basics/introduction/)
1522 | * [Snapshot Testing UI](https://github.com/storybooks/storybook/tree/master/addons/storyshots) with Storybook + addon/storyshot
1523 | 
1524 | ### Getting Started with Styleguidist
1525 | 
1526 | Styleguidist combines a style guide, where all your components are presented on a single page with their props documentation and usage examples, with an environment for developing components in isolation, similar to Storybook. In Styleguidist you write examples in Markdown, where each code snippet is rendered as a live editable playground.
1527 | 
1528 | First, install Styleguidist:
1529 | 
1530 | ```sh
1531 | npm install --save react-styleguidist
1532 | ```
1533 | 
1534 | Alternatively you may use `yarn`:
1535 | 
1536 | ```sh
1537 | yarn add react-styleguidist
1538 | ```
1539 | 
1540 | Then, add these scripts to your `package.json`:
1541 | 
1542 | ```diff
1543 |    "scripts": {
1544 | +    "styleguide": "styleguidist server",
1545 | +    "styleguide:build": "styleguidist build",
1546 |      "start": "react-scripts start",
1547 | ```
1548 | 
1549 | Then, run the following command inside your app’s directory:
1550 | 
1551 | ```sh
1552 | npm run styleguide
1553 | ```
1554 | 
1555 | After that, follow the instructions on the screen.
1556 | 
1557 | Learn more about React Styleguidist:
1558 | 
1559 | * [GitHub Repo](https://github.com/styleguidist/react-styleguidist)
1560 | * [Documentation](https://react-styleguidist.js.org/docs/getting-started.html)
1561 | 
1562 | ## Making a Progressive Web App
1563 | 
1564 | By default, the production build is a fully functional, offline-first
1565 | [Progressive Web App](https://developers.google.com/web/progressive-web-apps/).
1566 | 
1567 | Progressive Web Apps are faster and more reliable than traditional web pages, and provide an engaging mobile experience:
1568 | 
1569 |  * All static site assets are cached so that your page loads fast on subsequent visits, regardless of network connectivity (such as 2G or 3G). Updates are downloaded in the background.
1570 |  * Your app will work regardless of network state, even if offline. This means your users will be able to use your app at 10,000 feet and on the Subway.
1571 |  * On mobile devices, your app can be added directly to the user's home screen, app icon and all. You can also re-engage users using web **push notifications**. This eliminates the need for the app store.
1572 | 
1573 | The [`sw-precache-webpack-plugin`](https://github.com/goldhand/sw-precache-webpack-plugin)
1574 | is integrated into production configuration,
1575 | and it will take care of generating a service worker file that will automatically
1576 | precache all of your local assets and keep them up to date as you deploy updates.
1577 | The service worker will use a [cache-first strategy](https://developers.google.com/web/fundamentals/instant-and-offline/offline-cookbook/#cache-falling-back-to-network)
1578 | for handling all requests for local assets, including the initial HTML, ensuring
1579 | that your web app is reliably fast, even on a slow or unreliable network.
1580 | 
1581 | ### Opting Out of Caching
1582 | 
1583 | If you would prefer not to enable service workers prior to your initial
1584 | production deployment, then remove the call to `serviceWorkerRegistration.register()`
1585 | from [`src/index.js`](src/index.js).
1586 | 
1587 | If you had previously enabled service workers in your production deployment and
1588 | have decided that you would like to disable them for all your existing users,
1589 | you can swap out the call to `serviceWorkerRegistration.register()` in
1590 | [`src/index.js`](src/index.js) with a call to `serviceWorkerRegistration.unregister()`.
1591 | After the user visits a page that has `serviceWorkerRegistration.unregister()`,
1592 | the service worker will be uninstalled. Note that depending on how `/service-worker.js` is served,
1593 | it may take up to 24 hours for the cache to be invalidated.
1594 | 
1595 | ### Offline-First Considerations
1596 | 
1597 | 1. Service workers [require HTTPS](https://developers.google.com/web/fundamentals/getting-started/primers/service-workers#you_need_https),
1598 | although to facilitate local testing, that policy
1599 | [does not apply to `localhost`](http://stackoverflow.com/questions/34160509/options-for-testing-service-workers-via-http/34161385#34161385).
1600 | If your production web server does not support HTTPS, then the service worker
1601 | registration will fail, but the rest of your web app will remain functional.
1602 | 
1603 | 1. Service workers are [not currently supported](https://jakearchibald.github.io/isserviceworkerready/)
1604 | in all web browsers. Service worker registration [won't be attempted](src/registerServiceWorker.js)
1605 | on browsers that lack support.
1606 | 
1607 | 1. The service worker is only enabled in the [production environment](#deployment),
1608 | e.g. the output of `npm run build`. It's recommended that you do not enable an
1609 | offline-first service worker in a development environment, as it can lead to
1610 | frustration when previously cached assets are used and do not include the latest
1611 | changes you've made locally.
1612 | 
1613 | 1. If you *need* to test your offline-first service worker locally, build
1614 | the application (using `npm run build`) and run a simple http server from your
1615 | build directory. After running the build script, `create-react-app` will give
1616 | instructions for one way to test your production build locally and the [deployment instructions](#deployment) have
1617 | instructions for using other methods. *Be sure to always use an
1618 | incognito window to avoid complications with your browser cache.*
1619 | 
1620 | 1. If possible, configure your production environment to serve the generated
1621 | `service-worker.js` [with HTTP caching disabled](http://stackoverflow.com/questions/38843970/service-worker-javascript-update-frequency-every-24-hours).
1622 | If that's not possible—[GitHub Pages](#github-pages), for instance, does not
1623 | allow you to change the default 10 minute HTTP cache lifetime—then be aware
1624 | that if you visit your production site, and then revisit again before
1625 | `service-worker.js` has expired from your HTTP cache, you'll continue to get
1626 | the previously cached assets from the service worker. If you have an immediate
1627 | need to view your updated production deployment, performing a shift-refresh
1628 | will temporarily disable the service worker and retrieve all assets from the
1629 | network.
1630 | 
1631 | 1. Users aren't always familiar with offline-first web apps. It can be useful to
1632 | [let the user know](https://developers.google.com/web/fundamentals/instant-and-offline/offline-ux#inform_the_user_when_the_app_is_ready_for_offline_consumption)
1633 | when the service worker has finished populating your caches (showing a "This web
1634 | app works offline!" message) and also let them know when the service worker has
1635 | fetched the latest updates that will be available the next time they load the
1636 | page (showing a "New content is available; please refresh." message). Showing
1637 | this messages is currently left as an exercise to the developer, but as a
1638 | starting point, you can make use of the logic included in [`src/registerServiceWorker.js`](src/registerServiceWorker.js), which
1639 | demonstrates which service worker lifecycle events to listen for to detect each
1640 | scenario, and which as a default, just logs appropriate messages to the
1641 | JavaScript console.
1642 | 
1643 | 1. By default, the generated service worker file will not intercept or cache any
1644 | cross-origin traffic, like HTTP [API requests](#integrating-with-an-api-backend),
1645 | images, or embeds loaded from a different domain. If you would like to use a
1646 | runtime caching strategy for those requests, you can [`eject`](#npm-run-eject)
1647 | and then configure the
1648 | [`runtimeCaching`](https://github.com/GoogleChrome/sw-precache#runtimecaching-arrayobject)
1649 | option in the `SWPrecacheWebpackPlugin` section of
1650 | [`webpack.config.prod.js`](../config/webpack.config.prod.js).
1651 | 
1652 | ### Progressive Web App Metadata
1653 | 
1654 | The default configuration includes a web app manifest located at
1655 | [`public/manifest.json`](public/manifest.json), that you can customize with
1656 | details specific to your web application.
1657 | 
1658 | When a user adds a web app to their homescreen using Chrome or Firefox on
1659 | Android, the metadata in [`manifest.json`](public/manifest.json) determines what
1660 | icons, names, and branding colors to use when the web app is displayed.
1661 | [The Web App Manifest guide](https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/)
1662 | provides more context about what each field means, and how your customizations
1663 | will affect your users' experience.
1664 | 
1665 | ## Analyzing the Bundle Size
1666 | 
1667 | [Source map explorer](https://www.npmjs.com/package/source-map-explorer) analyzes
1668 | JavaScript bundles using the source maps. This helps you understand where code
1669 | bloat is coming from.
1670 | 
1671 | To add Source map explorer to a Create React App project, follow these steps:
1672 | 
1673 | ```sh
1674 | npm install --save source-map-explorer
1675 | ```
1676 | 
1677 | Alternatively you may use `yarn`:
1678 | 
1679 | ```sh
1680 | yarn add source-map-explorer
1681 | ```
1682 | 
1683 | Then in `package.json`, add the following line to `scripts`:
1684 | 
1685 | ```diff
1686 |    "scripts": {
1687 | +    "analyze": "source-map-explorer build/static/js/main.*",
1688 |      "start": "react-scripts start",
1689 |      "build": "react-scripts build",
1690 |      "test": "react-scripts test --env=jsdom",
1691 | ```
1692 | 
1693 | Then to analyze the bundle run the production build then run the analyze
1694 | script.
1695 | 
1696 | ```
1697 | npm run build
1698 | npm run analyze
1699 | ```
1700 | 
1701 | ## Deployment
1702 | 
1703 | `npm run build` creates a `build` directory with a production build of your app. Set up your favourite HTTP server so that a visitor to your site is served `index.html`, and requests to static paths like `/static/js/main.<hash>.js` are served with the contents of the `/static/js/main.<hash>.js` file.
1704 | 
1705 | ### Static Server
1706 | 
1707 | For environments using [Node](https://nodejs.org/), the easiest way to handle this would be to install [serve](https://github.com/zeit/serve) and let it handle the rest:
1708 | 
1709 | ```sh
1710 | npm install -g serve
1711 | serve -s build
1712 | ```
1713 | 
1714 | The last command shown above will serve your static site on the port **5000**. Like many of [serve](https://github.com/zeit/serve)’s internal settings, the port can be adjusted using the `-p` or `--port` flags.
1715 | 
1716 | Run this command to get a full list of the options available:
1717 | 
1718 | ```sh
1719 | serve -h
1720 | ```
1721 | 
1722 | ### Other Solutions
1723 | 
1724 | You don’t necessarily need a static server in order to run a Create React App project in production. It works just as fine integrated into an existing dynamic one.
1725 | 
1726 | Here’s a programmatic example using [Node](https://nodejs.org/) and [Express](http://expressjs.com/):
1727 | 
1728 | ```javascript
1729 | const express = require('express');
1730 | const path = require('path');
1731 | const app = express();
1732 | 
1733 | app.use(express.static(path.join(__dirname, 'build')));
1734 | 
1735 | app.get('/', function (req, res) {
1736 |   res.sendFile(path.join(__dirname, 'build', 'index.html'));
1737 | });
1738 | 
1739 | app.listen(9000);
1740 | ```
1741 | 
1742 | The choice of your server software isn’t important either. Since Create React App is completely platform-agnostic, there’s no need to explicitly use Node.
1743 | 
1744 | The `build` folder with static assets is the only output produced by Create React App.
1745 | 
1746 | However this is not quite enough if you use client-side routing. Read the next section if you want to support URLs like `/todos/42` in your single-page app.
1747 | 
1748 | ### Serving Apps with Client-Side Routing
1749 | 
1750 | If you use routers that use the HTML5 [`pushState` history API](https://developer.mozilla.org/en-US/docs/Web/API/History_API#Adding_and_modifying_history_entries) under the hood (for example, [React Router](https://github.com/ReactTraining/react-router) with `browserHistory`), many static file servers will fail. For example, if you used React Router with a route for `/todos/42`, the development server will respond to `localhost:3000/todos/42` properly, but an Express serving a production build as above will not.
1751 | 
1752 | This is because when there is a fresh page load for a `/todos/42`, the server looks for the file `build/todos/42` and does not find it. The server needs to be configured to respond to a request to `/todos/42` by serving `index.html`. For example, we can amend our Express example above to serve `index.html` for any unknown paths:
1753 | 
1754 | ```diff
1755 |  app.use(express.static(path.join(__dirname, 'build')));
1756 | 
1757 | -app.get('/', function (req, res) {
1758 | +app.get('/*', function (req, res) {
1759 |    res.sendFile(path.join(__dirname, 'build', 'index.html'));
1760 |  });
1761 | ```
1762 | 
1763 | If you’re using [Apache HTTP Server](https://httpd.apache.org/), you need to create a `.htaccess` file in the `public` folder that looks like this:
1764 | 
1765 | ```
1766 |     Options -MultiViews
1767 |     RewriteEngine On
1768 |     RewriteCond %{REQUEST_FILENAME} !-f
1769 |     RewriteRule ^ index.html [QSA,L]
1770 | ```
1771 | 
1772 | It will get copied to the `build` folder when you run `npm run build`. 
1773 | 
1774 | If you’re using [Apache Tomcat](http://tomcat.apache.org/), you need to follow [this Stack Overflow answer](https://stackoverflow.com/a/41249464/4878474).
1775 | 
1776 | Now requests to `/todos/42` will be handled correctly both in development and in production.
1777 | 
1778 | On a production build, and in a browser that supports [service workers](https://developers.google.com/web/fundamentals/getting-started/primers/service-workers),
1779 | the service worker will automatically handle all navigation requests, like for
1780 | `/todos/42`, by serving the cached copy of your `index.html`. This
1781 | service worker navigation routing can be configured or disabled by
1782 | [`eject`ing](#npm-run-eject) and then modifying the
1783 | [`navigateFallback`](https://github.com/GoogleChrome/sw-precache#navigatefallback-string)
1784 | and [`navigateFallbackWhitelist`](https://github.com/GoogleChrome/sw-precache#navigatefallbackwhitelist-arrayregexp)
1785 | options of the `SWPreachePlugin` [configuration](../config/webpack.config.prod.js).
1786 | 
1787 | ### Building for Relative Paths
1788 | 
1789 | By default, Create React App produces a build assuming your app is hosted at the server root.<br>
1790 | To override this, specify the `homepage` in your `package.json`, for example:
1791 | 
1792 | ```js
1793 |   "homepage": "http://mywebsite.com/relativepath",
1794 | ```
1795 | 
1796 | This will let Create React App correctly infer the root path to use in the generated HTML file.
1797 | 
1798 | **Note**: If you are using `react-router@^4`, you can root `<Link>`s using the `basename` prop on any `<Router>`.<br>
1799 | More information [here](https://reacttraining.com/react-router/web/api/BrowserRouter/basename-string).<br>
1800 | <br>
1801 | For example:
1802 | ```js
1803 | <BrowserRouter basename="/calendar"/>
1804 | <Link to="/today"/> // renders <a href="/calendar/today">
1805 | ```
1806 | 
1807 | #### Serving the Same Build from Different Paths
1808 | 
1809 | >Note: this feature is available with `react-scripts@0.9.0` and higher.
1810 | 
1811 | If you are not using the HTML5 `pushState` history API or not using client-side routing at all, it is unnecessary to specify the URL from which your app will be served. Instead, you can put this in your `package.json`:
1812 | 
1813 | ```js
1814 |   "homepage": ".",
1815 | ```
1816 | 
1817 | This will make sure that all the asset paths are relative to `index.html`. You will then be able to move your app from `http://mywebsite.com` to `http://mywebsite.com/relativepath` or even `http://mywebsite.com/relative/path` without having to rebuild it.
1818 | 
1819 | ### Azure
1820 | 
1821 | See [this](https://medium.com/@to_pe/deploying-create-react-app-on-microsoft-azure-c0f6686a4321) blog post on how to deploy your React app to [Microsoft Azure](https://azure.microsoft.com/).
1822 | 
1823 | ### Firebase
1824 | 
1825 | Install the Firebase CLI if you haven’t already by running `npm install -g firebase-tools`. Sign up for a [Firebase account](https://console.firebase.google.com/) and create a new project. Run `firebase login` and login with your previous created Firebase account.
1826 | 
1827 | Then run the `firebase init` command from your project’s root. You need to choose the **Hosting: Configure and deploy Firebase Hosting sites** and choose the Firebase project you created in the previous step. You will need to agree with `database.rules.json` being created, choose `build` as the public directory, and also agree to **Configure as a single-page app** by replying with `y`.
1828 | 
1829 | ```sh
1830 |     === Project Setup
1831 | 
1832 |     First, let's associate this project directory with a Firebase project.
1833 |     You can create multiple project aliases by running firebase use --add,
1834 |     but for now we'll just set up a default project.
1835 | 
1836 |     ? What Firebase project do you want to associate as default? Example app (example-app-fd690)
1837 | 
1838 |     === Database Setup
1839 | 
1840 |     Firebase Realtime Database Rules allow you to define how your data should be
1841 |     structured and when your data can be read from and written to.
1842 | 
1843 |     ? What file should be used for Database Rules? database.rules.json
1844 |     ✔  Database Rules for example-app-fd690 have been downloaded to database.rules.json.
1845 |     Future modifications to database.rules.json will update Database Rules when you run
1846 |     firebase deploy.
1847 | 
1848 |     === Hosting Setup
1849 | 
1850 |     Your public directory is the folder (relative to your project directory) that
1851 |     will contain Hosting assets to uploaded with firebase deploy. If you
1852 |     have a build process for your assets, use your build's output directory.
1853 | 
1854 |     ? What do you want to use as your public directory? build
1855 |     ? Configure as a single-page app (rewrite all urls to /index.html)? Yes
1856 |     ✔  Wrote build/index.html
1857 | 
1858 |     i  Writing configuration info to firebase.json...
1859 |     i  Writing project information to .firebaserc...
1860 | 
1861 |     ✔  Firebase initialization complete!
1862 | ```
1863 | 
1864 | Now, after you create a production build with `npm run build`, you can deploy it by running `firebase deploy`.
1865 | 
1866 | ```sh
1867 |     === Deploying to 'example-app-fd690'...
1868 | 
1869 |     i  deploying database, hosting
1870 |     ✔  database: rules ready to deploy.
1871 |     i  hosting: preparing build directory for upload...
1872 |     Uploading: [==============================          ] 75%✔  hosting: build folder uploaded successfully
1873 |     ✔  hosting: 8 files uploaded successfully
1874 |     i  starting release process (may take several minutes)...
1875 | 
1876 |     ✔  Deploy complete!
1877 | 
1878 |     Project Console: https://console.firebase.google.com/project/example-app-fd690/overview
1879 |     Hosting URL: https://example-app-fd690.firebaseapp.com
1880 | ```
1881 | 
1882 | For more information see [Add Firebase to your JavaScript Project](https://firebase.google.com/docs/web/setup).
1883 | 
1884 | ### GitHub Pages
1885 | 
1886 | >Note: this feature is available with `react-scripts@0.2.0` and higher.
1887 | 
1888 | #### Step 1: Add `homepage` to `package.json`
1889 | 
1890 | **The step below is important!**<br>
1891 | **If you skip it, your app will not deploy correctly.**
1892 | 
1893 | Open your `package.json` and add a `homepage` field:
1894 | 
1895 | ```js
1896 |   "homepage": "https://myusername.github.io/my-app",
1897 | ```
1898 | 
1899 | Create React App uses the `homepage` field to determine the root URL in the built HTML file.
1900 | 
1901 | #### Step 2: Install `gh-pages` and add `deploy` to `scripts` in `package.json`
1902 | 
1903 | Now, whenever you run `npm run build`, you will see a cheat sheet with instructions on how to deploy to GitHub Pages.
1904 | 
1905 | To publish it at [https://myusername.github.io/my-app](https://myusername.github.io/my-app), run:
1906 | 
1907 | ```sh
1908 | npm install --save gh-pages
1909 | ```
1910 | 
1911 | Alternatively you may use `yarn`:
1912 | 
1913 | ```sh
1914 | yarn add gh-pages
1915 | ```
1916 | 
1917 | Add the following scripts in your `package.json`:
1918 | 
1919 | ```diff
1920 |   "scripts": {
1921 | +   "predeploy": "npm run build",
1922 | +   "deploy": "gh-pages -d build",
1923 |     "start": "react-scripts start",
1924 |     "build": "react-scripts build",
1925 | ```
1926 | 
1927 | The `predeploy` script will run automatically before `deploy` is run.
1928 | 
1929 | #### Step 3: Deploy the site by running `npm run deploy`
1930 | 
1931 | Then run:
1932 | 
1933 | ```sh
1934 | npm run deploy
1935 | ```
1936 | 
1937 | #### Step 4: Ensure your project’s settings use `gh-pages`
1938 | 
1939 | Finally, make sure **GitHub Pages** option in your GitHub project settings is set to use the `gh-pages` branch:
1940 | 
1941 | <img src="http://i.imgur.com/HUjEr9l.png" width="500" alt="gh-pages branch setting">
1942 | 
1943 | #### Step 5: Optionally, configure the domain
1944 | 
1945 | You can configure a custom domain with GitHub Pages by adding a `CNAME` file to the `public/` folder.
1946 | 
1947 | #### Notes on client-side routing
1948 | 
1949 | GitHub Pages doesn’t support routers that use the HTML5 `pushState` history API under the hood (for example, React Router using `browserHistory`). This is because when there is a fresh page load for a url like `http://user.github.io/todomvc/todos/42`, where `/todos/42` is a frontend route, the GitHub Pages server returns 404 because it knows nothing of `/todos/42`. If you want to add a router to a project hosted on GitHub Pages, here are a couple of solutions:
1950 | 
1951 | * You could switch from using HTML5 history API to routing with hashes. If you use React Router, you can switch to `hashHistory` for this effect, but the URL will be longer and more verbose (for example, `http://user.github.io/todomvc/#/todos/42?_k=yknaj`). [Read more](https://reacttraining.com/react-router/web/api/Router) about different history implementations in React Router.
1952 | * Alternatively, you can use a trick to teach GitHub Pages to handle 404 by redirecting to your `index.html` page with a special redirect parameter. You would need to add a `404.html` file with the redirection code to the `build` folder before deploying your project, and you’ll need to add code handling the redirect parameter to `index.html`. You can find a detailed explanation of this technique [in this guide](https://github.com/rafrex/spa-github-pages).
1953 | 
1954 | ### Heroku
1955 | 
1956 | Use the [Heroku Buildpack for Create React App](https://github.com/mars/create-react-app-buildpack).<br>
1957 | You can find instructions in [Deploying React with Zero Configuration](https://blog.heroku.com/deploying-react-with-zero-configuration).
1958 | 
1959 | #### Resolving Heroku Deployment Errors
1960 | 
1961 | Sometimes `npm run build` works locally but fails during deploy via Heroku. Following are the most common cases.
1962 | 
1963 | ##### "Module not found: Error: Cannot resolve 'file' or 'directory'"
1964 | 
1965 | If you get something like this:
1966 | 
1967 | ```
1968 | remote: Failed to create a production build. Reason:
1969 | remote: Module not found: Error: Cannot resolve 'file' or 'directory'
1970 | MyDirectory in /tmp/build_1234/src
1971 | ```
1972 | 
1973 | It means you need to ensure that the lettercase of the file or directory you `import` matches the one you see on your filesystem or on GitHub.
1974 | 
1975 | This is important because Linux (the operating system used by Heroku) is case sensitive. So `MyDirectory` and `mydirectory` are two distinct directories and thus, even though the project builds locally, the difference in case breaks the `import` statements on Heroku remotes.
1976 | 
1977 | ##### "Could not find a required file."
1978 | 
1979 | If you exclude or ignore necessary files from the package you will see a error similar this one:
1980 | 
1981 | ```
1982 | remote: Could not find a required file.
1983 | remote:   Name: `index.html`
1984 | remote:   Searched in: /tmp/build_a2875fc163b209225122d68916f1d4df/public
1985 | remote:
1986 | remote: npm ERR! Linux 3.13.0-105-generic
1987 | remote: npm ERR! argv "/tmp/build_a2875fc163b209225122d68916f1d4df/.heroku/node/bin/node" "/tmp/build_a2875fc163b209225122d68916f1d4df/.heroku/node/bin/npm" "run" "build"
1988 | ```
1989 | 
1990 | In this case, ensure that the file is there with the proper lettercase and that’s not ignored on your local `.gitignore` or `~/.gitignore_global`.
1991 | 
1992 | ### Netlify
1993 | 
1994 | **To do a manual deploy to Netlify’s CDN:**
1995 | 
1996 | ```sh
1997 | npm install netlify-cli
1998 | netlify deploy
1999 | ```
2000 | 
2001 | Choose `build` as the path to deploy.
2002 | 
2003 | **To setup continuous delivery:**
2004 | 
2005 | With this setup Netlify will build and deploy when you push to git or open a pull request:
2006 | 
2007 | 1. [Start a new netlify project](https://app.netlify.com/signup)
2008 | 2. Pick your Git hosting service and select your repository
2009 | 3. Click `Build your site`
2010 | 
2011 | **Support for client-side routing:**
2012 | 
2013 | To support `pushState`, make sure to create a `public/_redirects` file with the following rewrite rules:
2014 | 
2015 | ```
2016 | /*  /index.html  200
2017 | ```
2018 | 
2019 | When you build the project, Create React App will place the `public` folder contents into the build output.
2020 | 
2021 | ### Now
2022 | 
2023 | [now](https://zeit.co/now) offers a zero-configuration single-command deployment. You can use `now` to deploy your app for free.
2024 | 
2025 | 1. Install the `now` command-line tool either via the recommended [desktop tool](https://zeit.co/download) or via node with `npm install -g now`.
2026 | 
2027 | 2. Build your app by running `npm run build`.
2028 | 
2029 | 3. Move into the build directory by running `cd build`.
2030 | 
2031 | 4. Run `now --name your-project-name` from within the build directory. You will see a **now.sh** URL in your output like this:
2032 | 
2033 |     ```
2034 |     > Ready! https://your-project-name-tpspyhtdtk.now.sh (copied to clipboard)
2035 |     ```
2036 | 
2037 |     Paste that URL into your browser when the build is complete, and you will see your deployed app.
2038 | 
2039 | Details are available in [this article.](https://zeit.co/blog/unlimited-static)
2040 | 
2041 | ### S3 and CloudFront
2042 | 
2043 | See this [blog post](https://medium.com/@omgwtfmarc/deploying-create-react-app-to-s3-or-cloudfront-48dae4ce0af) on how to deploy your React app to Amazon Web Services [S3](https://aws.amazon.com/s3) and [CloudFront](https://aws.amazon.com/cloudfront/).
2044 | 
2045 | ### Surge
2046 | 
2047 | Install the Surge CLI if you haven’t already by running `npm install -g surge`. Run the `surge` command and log in you or create a new account.
2048 | 
2049 | When asked about the project path, make sure to specify the `build` folder, for example:
2050 | 
2051 | ```sh
2052 |        project path: /path/to/project/build
2053 | ```
2054 | 
2055 | Note that in order to support routers that use HTML5 `pushState` API, you may want to rename the `index.html` in your build folder to `200.html` before deploying to Surge. This [ensures that every URL falls back to that file](https://surge.sh/help/adding-a-200-page-for-client-side-routing).
2056 | 
2057 | ## Advanced Configuration
2058 | 
2059 | You can adjust various development and production settings by setting environment variables in your shell or with [.env](#adding-development-environment-variables-in-env).
2060 | 
2061 | Variable | Development | Production | Usage
2062 | :--- | :---: | :---: | :---
2063 | BROWSER | :white_check_mark: | :x: | By default, Create React App will open the default system browser, favoring Chrome on macOS. Specify a [browser](https://github.com/sindresorhus/opn#app) to override this behavior, or set it to `none` to disable it completely. If you need to customize the way the browser is launched, you can specify a node script instead. Any arguments passed to `npm start` will also be passed to this script, and the url where your app is served will be the last argument. Your script's file name must have the `.js` extension.
2064 | HOST | :white_check_mark: | :x: | By default, the development web server binds to `localhost`. You may use this variable to specify a different host.
2065 | PORT | :white_check_mark: | :x: | By default, the development web server will attempt to listen on port 3000 or prompt you to attempt the next available port. You may use this variable to specify a different port.
2066 | HTTPS | :white_check_mark: | :x: | When set to `true`, Create React App will run the development server in `https` mode.
2067 | PUBLIC_URL | :x: | :white_check_mark: | Create React App assumes your application is hosted at the serving web server's root or a subpath as specified in [`package.json` (`homepage`)](#building-for-relative-paths). Normally, Create React App ignores the hostname. You may use this variable to force assets to be referenced verbatim to the url you provide (hostname included). This may be particularly useful when using a CDN to host your application.
2068 | CI | :large_orange_diamond: | :white_check_mark: | When set to `true`, Create React App treats warnings as failures in the build. It also makes the test runner non-watching. Most CIs set this flag by default.
2069 | REACT_EDITOR | :white_check_mark: | :x: | When an app crashes in development, you will see an error overlay with clickable stack trace. When you click on it, Create React App will try to determine the editor you are using based on currently running processes, and open the relevant source file. You can [send a pull request to detect your editor of choice](https://github.com/facebookincubator/create-react-app/issues/2636). Setting this environment variable overrides the automatic detection. If you do it, make sure your systems [PATH](https://en.wikipedia.org/wiki/PATH_(variable)) environment variable points to your editor’s bin folder.
2070 | CHOKIDAR_USEPOLLING | :white_check_mark: | :x: | When set to `true`, the watcher runs in polling mode, as necessary inside a VM. Use this option if `npm start` isn't detecting changes.
2071 | GENERATE_SOURCEMAP | :x: | :white_check_mark: | When set to `false`, source maps are not generated for a production build. This solves OOM issues on some smaller machines.
2072 | 
2073 | ## Troubleshooting
2074 | 
2075 | ### `npm start` doesn’t detect changes
2076 | 
2077 | When you save a file while `npm start` is running, the browser should refresh with the updated code.<br>
2078 | If this doesn’t happen, try one of the following workarounds:
2079 | 
2080 | * If your project is in a Dropbox folder, try moving it out.
2081 | * If the watcher doesn’t see a file called `index.js` and you’re referencing it by the folder name, you [need to restart the watcher](https://github.com/facebookincubator/create-react-app/issues/1164) due to a Webpack bug.
2082 | * Some editors like Vim and IntelliJ have a “safe write” feature that currently breaks the watcher. You will need to disable it. Follow the instructions in [“Adjusting Your Text Editor”](https://webpack.js.org/guides/development/#adjusting-your-text-editor).
2083 | * If your project path contains parentheses, try moving the project to a path without them. This is caused by a [Webpack watcher bug](https://github.com/webpack/watchpack/issues/42).
2084 | * On Linux and macOS, you might need to [tweak system settings](https://webpack.github.io/docs/troubleshooting.html#not-enough-watchers) to allow more watchers.
2085 | * If the project runs inside a virtual machine such as (a Vagrant provisioned) VirtualBox, create an `.env` file in your project directory if it doesn’t exist, and add `CHOKIDAR_USEPOLLING=true` to it. This ensures that the next time you run `npm start`, the watcher uses the polling mode, as necessary inside a VM.
2086 | 
2087 | If none of these solutions help please leave a comment [in this thread](https://github.com/facebookincubator/create-react-app/issues/659).
2088 | 
2089 | ### `npm test` hangs on macOS Sierra
2090 | 
2091 | If you run `npm test` and the console gets stuck after printing `react-scripts test --env=jsdom` to the console there might be a problem with your [Watchman](https://facebook.github.io/watchman/) installation as described in [facebookincubator/create-react-app#713](https://github.com/facebookincubator/create-react-app/issues/713).
2092 | 
2093 | We recommend deleting `node_modules` in your project and running `npm install` (or `yarn` if you use it) first. If it doesn't help, you can try one of the numerous workarounds mentioned in these issues:
2094 | 
2095 | * [facebook/jest#1767](https://github.com/facebook/jest/issues/1767)
2096 | * [facebook/watchman#358](https://github.com/facebook/watchman/issues/358)
2097 | * [ember-cli/ember-cli#6259](https://github.com/ember-cli/ember-cli/issues/6259)
2098 | 
2099 | It is reported that installing Watchman 4.7.0 or newer fixes the issue. If you use [Homebrew](http://brew.sh/), you can run these commands to update it:
2100 | 
2101 | ```
2102 | watchman shutdown-server
2103 | brew update
2104 | brew reinstall watchman
2105 | ```
2106 | 
2107 | You can find [other installation methods](https://facebook.github.io/watchman/docs/install.html#build-install) on the Watchman documentation page.
2108 | 
2109 | If this still doesn’t help, try running `launchctl unload -F ~/Library/LaunchAgents/com.github.facebook.watchman.plist`.
2110 | 
2111 | There are also reports that *uninstalling* Watchman fixes the issue. So if nothing else helps, remove it from your system and try again.
2112 | 
2113 | ### `npm run build` exits too early
2114 | 
2115 | It is reported that `npm run build` can fail on machines with limited memory and no swap space, which is common in cloud environments. Even with small projects this command can increase RAM usage in your system by hundreds of megabytes, so if you have less than 1 GB of available memory your build is likely to fail with the following message:
2116 | 
2117 | >  The build failed because the process exited too early. This probably means the system ran out of memory or someone called `kill -9` on the process.
2118 | 
2119 | If you are completely sure that you didn't terminate the process, consider [adding some swap space](https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04) to the machine you’re building on, or build the project locally.
2120 | 
2121 | ### `npm run build` fails on Heroku
2122 | 
2123 | This may be a problem with case sensitive filenames.
2124 | Please refer to [this section](#resolving-heroku-deployment-errors).
2125 | 
2126 | ### Moment.js locales are missing
2127 | 
2128 | If you use a [Moment.js](https://momentjs.com/), you might notice that only the English locale is available by default. This is because the locale files are large, and you probably only need a subset of [all the locales provided by Moment.js](https://momentjs.com/#multiple-locale-support).
2129 | 
2130 | To add a specific Moment.js locale to your bundle, you need to import it explicitly.<br>
2131 | For example:
2132 | 
2133 | ```js
2134 | import moment from 'moment';
2135 | import 'moment/locale/fr';
2136 | ```
2137 | 
2138 | If import multiple locales this way, you can later switch between them by calling `moment.locale()` with the locale name:
2139 | 
2140 | ```js
2141 | import moment from 'moment';
2142 | import 'moment/locale/fr';
2143 | import 'moment/locale/es';
2144 | 
2145 | // ...
2146 | 
2147 | moment.locale('fr');
2148 | ```
2149 | 
2150 | This will only work for locales that have been explicitly imported before.
2151 | 
2152 | ### `npm run build` fails to minify
2153 | 
2154 | You may occasionally find a package you depend on needs compiled or ships code for a non-browser environment.<br>
2155 | This is considered poor practice in the ecosystem and does not have an escape hatch in Create React App.<br>
2156 | <br>
2157 | To resolve this:
2158 | 1. Open an issue on the dependency's issue tracker and ask that the package be published pre-compiled (retaining ES6 Modules).
2159 | 2. Fork the package and publish a corrected version yourself.
2160 | 3. If the dependency is small enough, copy it to your `src/` folder and treat it as application code.
2161 | 
2162 | ## Something Missing?
2163 | 
2164 | If you have ideas for more “How To” recipes that should be on this page, [let us know](https://github.com/facebookincubator/create-react-app/issues) or [contribute some!](https://github.com/facebookincubator/create-react-app/edit/master/packages/react-scripts/template/README.md)
2165 | 


--------------------------------------------------------------------------------
/example/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "react-oauth2-hook-example",
 3 |   "homepage": "https://zemnmez.github.io/react-oauth2-hook",
 4 |   "version": "0.0.0",
 5 |   "license": "MIT",
 6 |   "private": true,
 7 |   "dependencies": {
 8 |     "prop-types": "^15.6.2",
 9 |     "react-oauth2-hook": "link:.."
10 |     "fast-levenshtein": "^2.0.6",
11 |     "immutable": "link:../node_modules/immutable",
12 |     "prop-types": "^15.6.2",
13 |     "react": "link:../node_modules/react",
14 |     "react-dom": "link:../node_modules/react-dom",
15 |     "react-oauth2-hook": "link:..",
16 |     "react-router-dom": "^5.0.1",
17 |     "react-scripts": "^1.1.4"
18 |   },
19 |   "scripts": {
20 |     "start": "react-scripts start",
21 |     "build": "react-scripts build",
22 |     "test": "react-scripts test --env=jsdom",
23 |     "eject": "react-scripts eject"
24 |   }
25 | }
26 | 


--------------------------------------------------------------------------------
/example/public/index.html:
--------------------------------------------------------------------------------
 1 | <!doctype html>
 2 | <html lang="en">
 3 |   <head>
 4 |     <meta charset="utf-8">
 5 |     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
 6 |     <meta name="theme-color" content="#000000">
 7 | 
 8 |     <link rel="manifest" href="%PUBLIC_URL%/manifest.json">
 9 | 
10 |     <title>react-oauth2-hook</title>
11 |   </head>
12 | 
13 |   <body>
14 |     <noscript>
15 |       You need to enable JavaScript to run this app.
16 |     </noscript>
17 | 
18 |     <div id="root"></div>
19 |   </body>
20 | </html>
21 | 


--------------------------------------------------------------------------------
/example/public/manifest.json:
--------------------------------------------------------------------------------
1 | {
2 |   "short_name": "react-oauth2-hook",
3 |   "name": "react-oauth2-hook",
4 |   "start_url": "./index.html",
5 |   "display": "standalone",
6 |   "theme_color": "#000000",
7 |   "background_color": "#ffffff"
8 | }
9 | 


--------------------------------------------------------------------------------
/example/src/.tern-port:
--------------------------------------------------------------------------------
1 | 56722


--------------------------------------------------------------------------------
/example/src/App.js:
--------------------------------------------------------------------------------
1 | import example from './example';
2 | 
3 | export default example
4 | 


--------------------------------------------------------------------------------
/example/src/example.js:
--------------------------------------------------------------------------------
 1 | import React from 'react'
 2 | import { BrowserRouter as Router, Switch } from 'react-router-dom'
 3 | import { useOAuth2Token, OAuthCallback } from 'react-oauth2-hook'
 4 | 
 5 | // in this example, we get a Spotify OAuth
 6 | // token and use it to show a user's saved
 7 | // tracks.
 8 | 
 9 | export default () => <Router>
10 |   <Switch>
11 |     <Route path="/callback" component={OAuthCallback}/>
12 |     <Route component={SavedTracks}/>
13 |   </Switch>
14 | </Router>
15 | 
16 | const SavedTracks = () => {
17 |   const [token, getToken] = useOAuth2Token({
18 |     authorizeUrl: "https://accounts.spotify.com/authorize",
19 |     scope: ["user-library-read"],
20 |     clientID: "bd9844d654f242f782509461bdba068c",
21 |     redirectUri: document.location.href+"/callback"
22 |   })
23 | 
24 |   const [tracks, setTracks] = React.useState();
25 |   const [error, setError] = React.useState();
26 | 
27 |   // query spotify when we get a token
28 |   React.useEffect(() => {
29 |     fetch(
30 |       'https://api.spotify.com/v1/me/tracks?limit=50'
31 |     ).then(response => response.json()).then(
32 |       data => setTracks(data)
33 |     ).catch(error => setError(error))
34 |   }, [token])
35 | 
36 |   return <div>
37 |     {error && `Error occurred: ${error}`}
38 |     {(!token || !savedTracks) && <div
39 |       onClick={getToken}>
40 |         login with Spotify
41 |     </div>}
42 |     {savedTracks && `
43 |       Your Saved Tracks: ${JSON.stringify(savedTracks)}
44 |     `}
45 |   </div>
46 | }
47 | 


--------------------------------------------------------------------------------
/example/src/index.css:
--------------------------------------------------------------------------------
1 | body {
2 |   margin: 0;
3 |   padding: 0;
4 |   font-family: sans-serif;
5 | }
6 | 


--------------------------------------------------------------------------------
/example/src/index.js:
--------------------------------------------------------------------------------
1 | import React from 'react'
2 | import ReactDOM from 'react-dom'
3 | 
4 | import './index.css'
5 | import App from './App'
6 | 
7 | ReactDOM.render(<App />, document.getElementById('root'))
8 | 


--------------------------------------------------------------------------------
/globals.md:
--------------------------------------------------------------------------------
  1 | > ## [react-oauth2-hook](README.md)
  2 | 
  3 | [Globals]() / [react-oauth2-hook](globals.md) /
  4 | 
  5 | # External module: react-oauth2-hook
  6 | 
  7 | > Retrieve OAuth2 implicit grant tokens purely on the client without destroying application state.
  8 | 
  9 | **`requires`** prop-types
 10 | 
 11 | **`requires`** react
 12 | 
 13 | **`requires`** react-dom
 14 | 
 15 | **`summary`** Retrieve OAuth2 implicit grant tokens purely on the client without destroying application state.
 16 | 
 17 | **`version`** 1.0.4
 18 | 
 19 | **`author`** zemnmez
 20 | 
 21 | **`copyright`** zemnmez 2019
 22 | 
 23 | **`license`** MIT
 24 | ## Installation
 25 | 
 26 | ```bash
 27 | yarn add react-oauth2-hook
 28 | ```
 29 | ## Overview
 30 | This package provides an entirely client-side flow to get OAuth2 implicit grant tokens.
 31 | It's implemented as a react hook, [useOAuth2Token](globals.md#const-useoauth2token), with a fairly simple API
 32 | and a react component, [OAuthCallback](globals.md#const-oauthcallback) which should be mounted at the
 33 | OAuth callback endpoint.
 34 | 
 35 | Take a look at the [Example](#Example) for usage information.
 36 | 
 37 | ## Security Considerations
 38 | OAuth 2 is a very sensitive protocol. I've done my best to provide good security
 39 | guarantees with this package.
 40 | 
 41 | I assume that your application follows reasonable best practices like using `X-Frame-Options`
 42 | to prevent clickjacking based attacks.
 43 | 
 44 | ### State
 45 | The State token prevents an attacker from forcing a user to sign in as the attacker's
 46 | account using a kind of CSRF. Here, I am cautious against multiple types of attacks.
 47 | 
 48 | My state token is not signed, it's a completely static concatenation of some entropy
 49 | generated by webcrypto and a key, composed of `JSON.stringify({ authUrl, clientID, scopes })`.
 50 | When the callback is recieved by [OAuthCallback](globals.md#const-oauthcallback), it is compared strictly
 51 | to the stored value, and otherwise rejected.
 52 | 
 53 | This prevents both attacks where an attacker would try to submit a token to the user's
 54 | browser without their consent, and attacks where a malicious OAuth server would
 55 | (re)use the n-once to authenticate a callback from a different server.
 56 | 
 57 | ### Timing attacks
 58 | 
 59 | The state token is *not* compared using a fixed-time string comparison.
 60 | Where typically, this would lead to an attacker being able to use a lot of time
 61 | and statistics to side-channel out the state token, this
 62 | should be irrelevant in this configuration, this should be extremely difficult
 63 | to pull off accurately as any timing information would be inaccessible or heavily
 64 | diluted.
 65 | 
 66 | ## Refresh tokens
 67 | This library in-and-of-itself does not acquire long lived refresh tokens. Though
 68 | some OAuth servers allow implicit clients to acquire refresh tokens without an
 69 | OAuth secret, this isn't part of the OAuth standard. Instead, consider
 70 | simply triggering the authorize flow when the token expires -- if the user
 71 | is still authorized, the window should almost immediately close. Otherwise,
 72 | you can use any special APIs that would let you do this, or skip this library
 73 | entirely and try PKCE.
 74 | ## Example
 75 | 
 76 | **`example`** 
 77 | 
 78 | ```javascript
 79 | import React from 'react'
 80 | import { BrowserRouter as Router, Switch } from 'react-router-dom'
 81 | import { useOAuth2Token, OAuthCallback } from 'react-oauth2-hook'
 82 | 
 83 | // in this example, we get a Spotify OAuth
 84 | // token and use it to show a user's saved
 85 | // tracks.
 86 | 
 87 | export default () => <Router>
 88 | <Switch>
 89 | <Route path="/callback" component={OAuthCallback}/>
 90 | <Route component={SavedTracks}/>
 91 | </Switch>
 92 | </Router>
 93 | 
 94 | const SavedTracks = () => {
 95 | const [token, getToken] = useOAuth2Token({
 96 | authorizeUrl: "https://accounts.spotify.com/authorize",
 97 | scope: ["user-library-read"],
 98 | clientID: "bd9844d654f242f782509461bdba068c",
 99 | redirectUri: document.location.href+"/callback"
100 | })
101 | 
102 | const [tracks, setTracks] = React.useState();
103 | const [error, setError] = React.useState();
104 | 
105 | // query spotify when we get a token
106 | React.useEffect(() => {
107 | fetch(
108 | 'https://api.spotify.com/v1/me/tracks?limit=50'
109 | ).then(response => response.json()).then(
110 | data => setTracks(data)
111 | ).catch(error => setError(error))
112 | }, [token])
113 | 
114 | return <div>
115 | {error && `Error occurred: ${error}`}
116 | {(!token || !savedTracks) && <div
117 | onClick={getToken}>
118 | login with Spotify
119 | </div>}
120 | {savedTracks && `
121 | Your Saved Tracks: ${JSON.stringify(savedTracks)}
122 | `}
123 | </div>
124 | }
125 | ```
126 | 
127 | ### Index
128 | 
129 | #### Variables
130 | 
131 | * [ErrIncorrectStateToken](globals.md#const-errincorrectstatetoken)
132 | * [ErrNoAccessToken](globals.md#const-errnoaccesstoken)
133 | 
134 | #### Functions
135 | 
136 | * [OAuthCallback](globals.md#const-oauthcallback)
137 | * [useOAuth2Token](globals.md#const-useoauth2token)
138 | 
139 | ## Variables
140 | 
141 | ### `Const` ErrIncorrectStateToken
142 | 
143 | ● **ErrIncorrectStateToken**: *`Error`* =  new Error('incorrect state token')
144 | 
145 | *Defined in [index.tsx:187](https://github.com/Zemnmez/react-oauth2-hook/blob/f05e04d/src/index.tsx#L187)*
146 | 
147 | This error is thrown by the [OAuthCallback](globals.md#const-oauthcallback)
148 | when the state token recieved is incorrect or does not exist.
149 | 
150 | ___
151 | 
152 | ### `Const` ErrNoAccessToken
153 | 
154 | ● **ErrNoAccessToken**: *`Error`* =  new Error('no access_token')
155 | 
156 | *Defined in [index.tsx:193](https://github.com/Zemnmez/react-oauth2-hook/blob/f05e04d/src/index.tsx#L193)*
157 | 
158 | This error is thrown by the [OAuthCallback](globals.md#const-oauthcallback)
159 | if no access_token is recieved.
160 | 
161 | ___
162 | 
163 | ## Functions
164 | 
165 | ### `Const` OAuthCallback
166 | 
167 | ▸ **OAuthCallback**(`__namedParameters`: object): *`Element`*
168 | 
169 | *Defined in [index.tsx:255](https://github.com/Zemnmez/react-oauth2-hook/blob/f05e04d/src/index.tsx#L255)*
170 | 
171 | OAuthCallback is a React component that handles the callback
172 | step of the OAuth2 protocol.
173 | 
174 | OAuth2Callback is expected to be rendered on the url corresponding
175 | to your redirect_uri.
176 | 
177 | By default, this component will deal with errors by closing the window,
178 | via its own React error boundary. Pass `{ errorBoundary: false }`
179 | to handle this functionality yourself.
180 | 
181 | **Parameters:**
182 | 
183 | ■` __namedParameters`: *object*
184 | 
185 | Name | Type | Default |
186 | ------ | ------ | ------ |
187 | `errorBoundary` | boolean | true |
188 | 
189 | **Returns:** *`Element`*
190 | 
191 | ___
192 | 
193 | ### `Const` useOAuth2Token
194 | 
195 | ▸ **useOAuth2Token**(`__namedParameters`: object): *string | function[]*
196 | 
197 | *Defined in [index.tsx:95](https://github.com/Zemnmez/react-oauth2-hook/blob/f05e04d/src/index.tsx#L95)*
198 | 
199 | useOAuth2Token is a React hook providing an OAuth2 implicit grant token.
200 | 
201 | When useToken is called, it will attempt to retrieve an existing
202 | token by the criteria of `{ authorizeUrl, scopes, clientID }`.
203 | If a token by these specifications does not exist, the first
204 | item in the returned array will be `undefined`.
205 | 
206 | If the user wishes to retrieve a new token, they can call `getToken()`,
207 | a function returned by the second parameter. When called, the function
208 | will open a window for the user to confirm the OAuth grant, and
209 | pass it back as expected via the hook.
210 | 
211 | The OAuth token must be passed to a static endpoint. As
212 | such, the `callbackUrl` must be passed with this endpoint.
213 | The `callbackUrl` should render the `Callback` component,
214 | which will securely verify the token and pass it back,
215 | before closing the window.
216 | 
217 | All instances of this hook requesting the same token and scopes
218 | from the same place are synchronised. In concrete terms,
219 | if you have many components waiting for a Facebook OAuth token
220 | to make a call, they will all immediately update when any component
221 | gets a token.
222 | 
223 | Finally, in advanced cases the user can manually overwrite any
224 | stored token by capturing and calling the third item in
225 | the reponse array with the new value.
226 | 
227 | **Parameters:**
228 | 
229 | ■` __namedParameters`: *object*
230 | 
231 | Name | Type | Default | Description |
232 | ------ | ------ | ------ | ------ |
233 | `authorizeUrl` | string | - | The OAuth authorize URL to retrieve the token from. |
234 | `clientID` | string | - | The OAuth `client_id` corresponding to the requesting client. |
235 | `redirectUri` | string | - | The OAuth `redirect_uri` callback. |
236 | `scope` | string[] |  [] | The OAuth scopes to request. |
237 | 
238 | **Returns:** *string | function[]*
239 | 
240 | ___


--------------------------------------------------------------------------------
/header.md:
--------------------------------------------------------------------------------
 1 | 
 2 | # react-oauth2-hook
 3 | 
 4 | > Retrieve OAuth2 implicit grant tokens purely on the client without destroying application state.
 5 | 
 6 | Licence: MIT
 7 | 
 8 | [![NPM](https://img.shields.io/npm/v/react-oauth2-hook.svg)](https://www.npmjs.com/package/react-oauth2-hook) [![JavaScript Style Guide](https://img.shields.io/badge/code_style-standard-brightgreen.svg)](https://standardjs.com)
 9 | 
10 | ## Install
11 | 
12 | ```bash
13 | yarn add react-oauth2-hook
14 | ```
15 | 
16 | 


--------------------------------------------------------------------------------
/modules/_test_.md:
--------------------------------------------------------------------------------
1 | > ## [react-oauth2-hook](../README.md)
2 | 
3 | [Globals](../globals.md) / ["test"](_test_.md) /
4 | 
5 | # External module: "test"


--------------------------------------------------------------------------------
/modules/react_oauth2_hook.md:
--------------------------------------------------------------------------------
  1 | > ## [react-oauth2-hook](../README.md)
  2 | 
  3 | [Globals](../globals.md) / [react-oauth2-hook](react_oauth2_hook.md) /
  4 | 
  5 | # External module: react-oauth2-hook
  6 | 
  7 | > Retrieve OAuth2 implicit grant tokens purely on the client without destroying application state.
  8 | 
  9 | **`requires`** prop-types
 10 | 
 11 | **`requires`** react
 12 | 
 13 | **`requires`** react-dom
 14 | 
 15 | **`summary`** Retrieve OAuth2 implicit grant tokens purely on the client without destroying application state.
 16 | 
 17 | **`version`** 1.0.3
 18 | 
 19 | **`author`** zemnmez
 20 | 
 21 | **`copyright`** zemnmez 2019
 22 | 
 23 | **`license`** MIT
 24 | ## Installation
 25 | 
 26 | ```bash
 27 | yarn add react-oauth2-hook
 28 | ```
 29 | ## Overview
 30 | This package provides an entirely client-side flow to get OAuth2 implicit grant tokens.
 31 | It's implemented as a react hook, [useOAuth2Token](react_oauth2_hook.md#const-useoauth2token), with a fairly simple API
 32 | and a react component, [OAuthCallback](react_oauth2_hook.md#const-oauthcallback) which should be mounted at the
 33 | OAuth callback endpoint.
 34 | 
 35 | Take a look at the [Example](#Example) for usage information.
 36 | 
 37 | ## Security Considerations
 38 | OAuth 2 is a very sensitive protocol. I've done my best to provide good security
 39 | guarantees with this package.
 40 | 
 41 | I assume that your application follows reasonable best practices like using `X-Frame-Options`
 42 | to prevent clickjacking based attacks.
 43 | 
 44 | ### State
 45 | The State token prevents an attacker from forcing a user to sign in as the attacker's
 46 | account using a kind of CSRF. Here, I am cautious against multiple types of attacks.
 47 | 
 48 | My state token is not signed, it's a completely static concatenation of some entropy
 49 | generated by webcrypto and a key, composed of `JSON.stringify({ authUrl, clientID, scopes })`.
 50 | When the callback is recieved by [OAuthCallback](react_oauth2_hook.md#const-oauthcallback), it is compared strictly
 51 | to the stored value, and otherwise rejected.
 52 | 
 53 | This prevents both attacks where an attacker would try to submit a token to the user's
 54 | browser without their consent, and attacks where a malicious OAuth server would
 55 | (re)use the n-once to authenticate a callback from a different server.
 56 | 
 57 | ### Timing attacks
 58 | 
 59 | The state token is *not* compared using a fixed-time string comparison.
 60 | Where typically, this would lead to an attacker being able to use a lot of time
 61 | and statistics to side-channel out the state token, this
 62 | should be irrelevant in this configuration, this should be extremely difficult
 63 | to pull off accurately as any timing information would be inaccessible or heavily
 64 | diluted.
 65 | 
 66 | ## Refresh tokens
 67 | This library in-and-of-itself does not acquire long lived refresh tokens. Though
 68 | some OAuth servers allow implicit clients to acquire refresh tokens without an
 69 | OAuth secret, this isn't part of the OAuth standard. Instead, consider
 70 | simply triggering the authorize flow when the token expires -- if the user
 71 | is still authorized, the window should almost immediately close. Otherwise,
 72 | you can use any special APIs that would let you do this, or skip this library
 73 | entirely and try PKCE.
 74 | ## Example
 75 | 
 76 | **`example`** 
 77 | 
 78 | ```javascript
 79 | import React from 'react'
 80 | import { BrowserRouter as Router, Switch } from 'react-router-dom'
 81 | import { useOAuth2Token, OAuthCallback } from 'react-oauth2-hook'
 82 | 
 83 | // in this example, we get a Spotify OAuth
 84 | // token and use it to show a user's saved
 85 | // tracks.
 86 | 
 87 | export default () => <Router>
 88 | <Switch>
 89 | <Route path="/callback" component={OAuthCallback}/>
 90 | <Route component={SavedTracks}/>
 91 | </Switch>
 92 | </Router>
 93 | 
 94 | const SavedTracks = () => {
 95 | const [token, getToken] = useOAuth2Token({
 96 | authorizeUrl: "https://accounts.spotify.com/authorize",
 97 | scope: ["user-library-read"],
 98 | clientID: "bd9844d654f242f782509461bdba068c",
 99 | redirectUri: document.location.href+"/callback"
100 | })
101 | 
102 | const [tracks, setTracks] = React.useState();
103 | const [error, setError] = React.useState();
104 | 
105 | // query spotify when we get a token
106 | React.useEffect(() => {
107 | fetch(
108 | 'https://api.spotify.com/v1/me/tracks?limit=50'
109 | ).then(response => response.json()).then(
110 | data => setTracks(data)
111 | ).catch(error => setError(error))
112 | }, [token])
113 | 
114 | return <div>
115 | {error && `Error occurred: ${error}`}
116 | {(!token || !savedTracks) && <div
117 | onClick={getToken}>
118 | login with Spotify
119 | </div>}
120 | {savedTracks && `
121 | Your Saved Tracks: ${JSON.stringify(savedTracks)}
122 | `}
123 | </div>
124 | }
125 | ```
126 | 
127 | ### Index
128 | 
129 | #### Variables
130 | 
131 | * [ErrIncorrectStateToken](react_oauth2_hook.md#const-errincorrectstatetoken)
132 | * [ErrNoAccessToken](react_oauth2_hook.md#const-errnoaccesstoken)
133 | 
134 | #### Functions
135 | 
136 | * [OAuthCallback](react_oauth2_hook.md#const-oauthcallback)
137 | * [useOAuth2Token](react_oauth2_hook.md#const-useoauth2token)
138 | 
139 | ## Variables
140 | 
141 | ### `Const` ErrIncorrectStateToken
142 | 
143 | ● **ErrIncorrectStateToken**: *`Error`* =  new Error('incorrect state token')
144 | 
145 | *Defined in [index.tsx:187](https://github.com/Zemnmez/react-oauth2-hook/blob/6ed3dac/src/index.tsx#L187)*
146 | 
147 | This error is thrown by the [OAuthCallback](react_oauth2_hook.md#const-oauthcallback)
148 | when the state token recieved is incorrect or does not exist.
149 | 
150 | ___
151 | 
152 | ### `Const` ErrNoAccessToken
153 | 
154 | ● **ErrNoAccessToken**: *`Error`* =  new Error('no access_token')
155 | 
156 | *Defined in [index.tsx:193](https://github.com/Zemnmez/react-oauth2-hook/blob/6ed3dac/src/index.tsx#L193)*
157 | 
158 | This error is thrown by the [OAuthCallback](react_oauth2_hook.md#const-oauthcallback)
159 | if no access_token is recieved.
160 | 
161 | ___
162 | 
163 | ## Functions
164 | 
165 | ### `Const` OAuthCallback
166 | 
167 | ▸ **OAuthCallback**(`__namedParameters`: object): *`Element`*
168 | 
169 | *Defined in [index.tsx:255](https://github.com/Zemnmez/react-oauth2-hook/blob/6ed3dac/src/index.tsx#L255)*
170 | 
171 | OAuthCallback is a React component that handles the callback
172 | step of the OAuth2 protocol.
173 | 
174 | OAuth2Callback is expected to be rendered on the url corresponding
175 | to your redirect_uri.
176 | 
177 | By default, this component will deal with errors by closing the window,
178 | via its own React error boundary. Pass `{ errorBoundary: false }`
179 | to handle this functionality yourself.
180 | 
181 | **Parameters:**
182 | 
183 | ■` __namedParameters`: *object*
184 | 
185 | Name | Type | Default |
186 | ------ | ------ | ------ |
187 | `errorBoundary` | boolean | true |
188 | 
189 | **Returns:** *`Element`*
190 | 
191 | ___
192 | 
193 | ### `Const` useOAuth2Token
194 | 
195 | ▸ **useOAuth2Token**(`__namedParameters`: object): *string | function[]*
196 | 
197 | *Defined in [index.tsx:95](https://github.com/Zemnmez/react-oauth2-hook/blob/6ed3dac/src/index.tsx#L95)*
198 | 
199 | useOAuth2Token is a React hook providing an OAuth2 implicit grant token.
200 | 
201 | When useToken is called, it will attempt to retrieve an existing
202 | token by the criteria of `{ authorizeUrl, scopes, clientID }`.
203 | If a token by these specifications does not exist, the first
204 | item in the returned array will be `undefined`.
205 | 
206 | If the user wishes to retrieve a new token, they can call `getToken()`,
207 | a function returned by the second parameter. When called, the function
208 | will open a window for the user to confirm the OAuth grant, and
209 | pass it back as expected via the hook.
210 | 
211 | The OAuth token must be passed to a static endpoint. As
212 | such, the `callbackUrl` must be passed with this endpoint.
213 | The `callbackUrl` should render the `Callback` component,
214 | which will securely verify the token and pass it back,
215 | before closing the window.
216 | 
217 | All instances of this hook requesting the same token and scopes
218 | from the same place are synchronised. In concrete terms,
219 | if you have many components waiting for a Facebook OAuth token
220 | to make a call, they will all immediately update when any component
221 | gets a token.
222 | 
223 | Finally, in advanced cases the user can manually overwrite any
224 | stored token by capturing and calling the third item in
225 | the reponse array with the new value.
226 | 
227 | **Parameters:**
228 | 
229 | ■` __namedParameters`: *object*
230 | 
231 | Name | Type | Default | Description |
232 | ------ | ------ | ------ | ------ |
233 | `authorizeUrl` | string | - | The OAuth authorize URL to retrieve the token from. |
234 | `clientID` | string | - | The OAuth `client_id` corresponding to the requesting client. |
235 | `redirectUri` | string | - | The OAuth `redirect_uri` callback. |
236 | `scope` | string[] |  [] | The OAuth scopes to request. |
237 | 
238 | **Returns:** *string | function[]*
239 | 
240 | ___


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "react-oauth2-hook",
 3 |   "version": "1.0.12",
 4 |   "description": "Retrieve OAuth2 implicit grant tokens purely on the client without destroying application state.",
 5 |   "author": "zemnmez",
 6 |   "license": "MIT",
 7 |   "repository": "zemnmez/react-oauth2-hook",
 8 |   "main": "dist/index.js",
 9 |   "module": "dist/index.es.js",
10 |   "jsnext:main": "dist/index.es.js",
11 |   "engines": {
12 |     "node": ">=8",
13 |     "npm": ">=5"
14 |   },
15 |   "scripts": {
16 |     "test": "cross-env CI=1 react-scripts test --env=jsdom",
17 |     "test:watch": "react-scripts test --env=jsdom",
18 |     "build": "yarn make README.md dist",
19 |     "make": "make -j",
20 |     "start": "rollup -c -w",
21 |     "predeploy": "cd example && yarn install && yarn run build",
22 |     "deploy": "gh-pages -d example/build"
23 |   },
24 |   "dependencies": {},
25 |   "peerDependencies": {
26 |     "immutable": "^4.0.0-rc.12",
27 |     "prop-types": "^15.5.4",
28 |     "react": "^15.0.0 || ^16.0.0",
29 |     "react-dom": "^15.0.0 || ^16.0.0",
30 |     "react-storage-hook": "^1.0.2"
31 |   },
32 |   "devDependencies": {
33 |     "@svgr/rollup": "^2.4.1",
34 |     "@types/jest": "^23.1.5",
35 |     "@types/react": "^16.3.13",
36 |     "@types/react-dom": "^16.0.5",
37 |     "babel-core": "^6.26.3",
38 |     "babel-runtime": "^6.26.0",
39 |     "cross-env": "^5.1.4",
40 |     "gh-pages": "^1.2.0",
41 |     "immutable": "^4.0.0-rc.12",
42 |     "react": "^16.4.1",
43 |     "react-dom": "^16.4.1",
44 |     "react-scripts-ts": "^2.16.0",
45 |     "react-storage-hook": "^1.0.2",
46 |     "rollup": "^0.62.0",
47 |     "rollup-plugin-babel": "^3.0.7",
48 |     "rollup-plugin-commonjs": "^9.1.3",
49 |     "rollup-plugin-node-resolve": "^3.3.0",
50 |     "rollup-plugin-peer-deps-external": "^2.2.0",
51 |     "rollup-plugin-postcss": "^1.6.2",
52 |     "rollup-plugin-typescript2": "^0.17.0",
53 |     "rollup-plugin-url": "^1.4.0",
54 |     "typedoc": "^0.14.2",
55 |     "typedoc-plugin-external-module-name": "^2.1.0",
56 |     "typedoc-plugin-markdown": "^2.0.5",
57 |     "typescript": "^2.8.3"
58 |   },
59 |   "files": [
60 |     "dist"
61 |   ]
62 | }
63 | 


--------------------------------------------------------------------------------
/rollup.config.js:
--------------------------------------------------------------------------------
 1 | import typescript from 'rollup-plugin-typescript2'
 2 | import commonjs from 'rollup-plugin-commonjs'
 3 | import external from 'rollup-plugin-peer-deps-external'
 4 | // import postcss from 'rollup-plugin-postcss-modules'
 5 | import postcss from 'rollup-plugin-postcss'
 6 | import resolve from 'rollup-plugin-node-resolve'
 7 | import url from 'rollup-plugin-url'
 8 | import svgr from '@svgr/rollup'
 9 | 
10 | import pkg from './package.json'
11 | 
12 | export default {
13 |   input: 'src/index.tsx',
14 |   output: [
15 |     {
16 |       file: pkg.main,
17 |       format: 'cjs',
18 |       exports: 'named',
19 |       sourcemap: true
20 |     },
21 |     {
22 |       file: pkg.module,
23 |       format: 'es',
24 |       exports: 'named',
25 |       sourcemap: true
26 |     }
27 |   ],
28 |   plugins: [
29 |     external(),
30 |     postcss({
31 |       modules: true
32 |     }),
33 |     url(),
34 |     svgr(),
35 |     resolve(),
36 |     typescript({
37 |       rollupCommonJSResolveHack: true,
38 |       clean: true
39 |     }),
40 |     commonjs()
41 |   ]
42 | }
43 | 


--------------------------------------------------------------------------------
/src/.eslintrc:
--------------------------------------------------------------------------------
1 | {
2 |   "env": {
3 |     "jest": true
4 |   }
5 | }
6 | 


--------------------------------------------------------------------------------
/src/doc.tsx:
--------------------------------------------------------------------------------
  1 | /**
  2 |  * @module react-oauth2-hook
  3 |  * @requires immutable
  4 |  * @requires prop-types
  5 |  * @requires react
  6 |  * @requires react-dom
  7 |  * @requires react-storage-hook
  8 |  * @summary Retrieve OAuth2 implicit grant tokens purely on the client without destroying application state.
  9 |  * @version 1.0.11
 10 |  * @author zemnmez
 11 |  * @copyright zemnmez 2019
 12 |  * @license MIT
 13 |  * ## Installation
 14 |  * 
 15 |  * ```bash
 16 |  * yarn add react-oauth2-hook
 17 |  * ```
 18 |  * ## Overview
 19 |  * This package provides an entirely client-side flow to get OAuth2 implicit grant tokens.
 20 |  * It's implemented as a react hook, [[useOAuth2Token]], with a fairly simple API
 21 |  * and a react component, [[OAuthCallback]] which should be mounted at the
 22 |  * OAuth callback endpoint.
 23 |  * 
 24 |  * Take a look at the [Example](#example) for usage information.
 25 |  * 
 26 |  * ## Security Considerations
 27 |  * OAuth 2 is a very sensitive protocol. I've done my best to provide good security
 28 |  * guarantees with this package.
 29 |  * 
 30 |  * I assume that your application follows reasonable best practices like using `X-Frame-Options`
 31 |  * to prevent clickjacking based attacks.
 32 |  * 
 33 |  * ### State
 34 |  * The State token prevents an attacker from forcing a user to sign in as the attacker's
 35 |  * account using a kind of CSRF. Here, I am cautious against multiple types of attacks.
 36 |  * 
 37 |  * My state token is not signed, it's a completely static concatenation of some entropy
 38 |  * generated by webcrypto and a key, composed of `JSON.stringify({ authUrl, clientID, scopes })`.
 39 |  * When the callback is recieved by [[OAuthCallback]], it is compared strictly
 40 |  * to the stored value, and otherwise rejected.
 41 |  * 
 42 |  * This prevents both attacks where an attacker would try to submit a token to the user's
 43 |  * browser without their consent, and attacks where a malicious OAuth server would
 44 |  * (re)use the n-once to authenticate a callback from a different server.
 45 |  * 
 46 |  * ### Timing attacks
 47 |  * 
 48 |  * The state token is *not* compared using a fixed-time string comparison.
 49 |  * Where typically, this would lead to an attacker being able to use a lot of time
 50 |  * and statistics to side-channel out the state token, this
 51 |  * should be irrelevant in this configuration, this should be extremely difficult
 52 |  * to pull off accurately as any timing information would be inaccessible or heavily
 53 |  * diluted.
 54 |  * 
 55 |  * ## Refresh tokens
 56 |  * This library in-and-of-itself does not acquire long lived refresh tokens. Though
 57 |  * some OAuth servers allow implicit clients to acquire refresh tokens without an
 58 |  * OAuth secret, this isn't part of the OAuth standard. Instead, consider
 59 |  * simply triggering the authorize flow when the token expires -- if the user
 60 |  * is still authorized, the window should almost immediately close. Otherwise,
 61 |  * you can use any special APIs that would let you do this, or skip this library
 62 |  * entirely and try PKCE.
 63 |  * ## Example
 64 |  * @example
 65 |  * 
 66 |  * ```javascript
 67 |  * import React from 'react'
 68 |  * import { BrowserRouter as Router, Switch } from 'react-router-dom'
 69 |  * import { useOAuth2Token, OAuthCallback } from 'react-oauth2-hook'
 70 |  * 
 71 |  * // in this example, we get a Spotify OAuth
 72 |  * // token and use it to show a user's saved
 73 |  * // tracks.
 74 |  * 
 75 |  * export default () => <Router>
 76 |  *   <Switch>
 77 |  *     <Route path="/callback" component={OAuthCallback}/>
 78 |  *     <Route component={SavedTracks}/>
 79 |  *   </Switch>
 80 |  * </Router>
 81 |  * 
 82 |  * const SavedTracks = () => {
 83 |  *   const [token, getToken] = useOAuth2Token({
 84 |  *     authorizeUrl: "https://accounts.spotify.com/authorize",
 85 |  *     scope: ["user-library-read"],
 86 |  *     clientID: "bd9844d654f242f782509461bdba068c",
 87 |  *     redirectUri: document.location.href+"/callback"
 88 |  *   })
 89 |  * 
 90 |  *   const [tracks, setTracks] = React.useState();
 91 |  *   const [error, setError] = React.useState();
 92 |  * 
 93 |  *   // query spotify when we get a token
 94 |  *   React.useEffect(() => {
 95 |  *     fetch(
 96 |  *       'https://api.spotify.com/v1/me/tracks?limit=50'
 97 |  *     ).then(response => response.json()).then(
 98 |  *       data => setTracks(data)
 99 |  *     ).catch(error => setError(error))
100 |  *   }, [token])
101 |  * 
102 |  *   return <div>
103 |  *     {error && `Error occurred: ${error}`}
104 |  *     {(!token || !savedTracks) && <div
105 |  *       onClick={getToken}>
106 |  *         login with Spotify
107 |  *     </div>}
108 |  *     {savedTracks && `
109 |  *       Your Saved Tracks: ${JSON.stringify(savedTracks)}
110 |  *     `}
111 |  *   </div>
112 |  * }
113 |  * ```
114 |  * 
115 |  */
116 | 
117 | /**
118 |  *  
119 |  */
120 | 
121 | 
122 | 


--------------------------------------------------------------------------------
/src/index.tsx:
--------------------------------------------------------------------------------
  1 | /**
  2 |  * @module react-oauth2-hook
  3 |  */
  4 | 
  5 | /**
  6 |  *
  7 |  */
  8 | 
  9 | import * as React from 'react'
 10 | 
 11 | // react-storage-hook.d.ts
 12 | import { useStorage } from 'react-storage-hook'
 13 | 
 14 | import { Map } from 'immutable'
 15 | import * as PropTypes from 'prop-types'
 16 | 
 17 | /**
 18 |  * @hidden
 19 |  */
 20 | const storagePrefix = 'react-oauth2-hook'
 21 | 
 22 | /**
 23 |  * @hidden
 24 |  */
 25 | const oauthStateName = storagePrefix + '-state-token-challenge'
 26 | 
 27 | export interface Options {
 28 |   /**
 29 |    * The OAuth authorize URL to retrieve the token from.
 30 |    */
 31 |   authorizeUrl: string;
 32 |   /**
 33 |    * The OAuth scopes to request.
 34 |    */
 35 |   scope?: string[];
 36 |   /**
 37 |    * The OAuth `redirect_uri` callback.
 38 |    */
 39 |   redirectUri: string;
 40 |   /**
 41 |    * The OAuth `client_id` corresponding to the requesting client.
 42 |    */
 43 |   clientID: string;
 44 | }
 45 | 
 46 | /**
 47 |  * useOAuth2Token is a React hook providing an OAuth2 implicit grant token.
 48 |  *
 49 |  * When useToken is called, it will attempt to retrieve an existing
 50 |  * token by the criteria of `{ authorizeUrl, scopes, clientID }`.
 51 |  * If a token by these specifications does not exist, the first
 52 |  * item in the returned array will be `undefined`.
 53 |  *
 54 |  * If the user wishes to retrieve a new token, they can call `getToken()`,
 55 |  * a function returned by the second parameter. When called, the function
 56 |  * will open a window for the user to confirm the OAuth grant, and
 57 |  * pass it back as expected via the hook.
 58 |  *
 59 |  * The OAuth token must be passed to a static endpoint. As
 60 |  * such, the `callbackUrl` must be passed with this endpoint.
 61 |  * The `callbackUrl` should render the [[OAuthCallback]] component,
 62 |  * which will securely verify the token and pass it back,
 63 |  * before closing the window.
 64 |  *
 65 |  * All instances of this hook requesting the same token and scopes
 66 |  * from the same place are synchronised. In concrete terms,
 67 |  * if you have many components waiting for a Facebook OAuth token
 68 |  * to make a call, they will all immediately update when any component
 69 |  * gets a token.
 70 |  *
 71 |  * Finally, in advanced cases the user can manually overwrite any
 72 |  * stored token by capturing and calling the third item in
 73 |  * the reponse array with the new value.
 74 |  *
 75 |  * @param authorizeUrl The OAuth authorize URL to retrieve the token from.
 76 |  * @param scope The OAuth scopes to request.
 77 |  * @param redirectUri The OAuth redirect_uri callback URL.
 78 |  * @param clientID The OAuth client_id corresponding to the requesting client.
 79 |  * @example
 80 |  *const SpotifyTracks = () => {
 81 |  * const [token, getToken] = useOAuth2Token({
 82 |  *     authorizeUrl: "https://accounts.spotify.com/authorize",
 83 |  *     scope: ["user-library-read"],
 84 |  *     clientID: "abcdefg",
 85 |  *     redirectUri: document.location.origin + "/callback"
 86 |  * })
 87 |  *
 88 |  * const [response, setResponse] = React.useState()
 89 |  * const [error, setError] = React.useState()
 90 |  *
 91 |  * // when we get a token, query spotify
 92 |  * React.useEffect(() => {
 93 |  *     if (token == undefined) {return}
 94 |  *     fetch('https://api.spotify.com/v1/me/tracks', {
 95 |  *         headers: {
 96 |  *             Authorization: `Bearer ${token}`
 97 |  *         }
 98 |  *     }).then(
 99 |  *         json => response.json()
100 |  *     ).then(
101 |  *         data => setResponse(data)
102 |  *     ).catch(
103 |  *         error => setError(error)
104 |  *     )
105 |  * }, [token])
106 |  *
107 |  * if (!token || error) return <div onClick={getToken}> login with Spotify </div>
108 |  *
109 |  *return <div>
110 |  * Your saved tracks on Spotify: {JSON.stringify(response)}
111 |  *</div>
112 |  *}
113 |  */
114 | export const useOAuth2Token = ({
115 |   /**
116 |    * The OAuth authorize URL to retrieve the token
117 |    * from.
118 |    */
119 |   authorizeUrl,
120 |   /**
121 |    * The OAuth scopes to request.
122 |    */
123 |   scope = [],
124 |   /**
125 |    * The OAuth `redirect_uri` callback.
126 |    */
127 |   redirectUri,
128 |   /**
129 |    * The OAuth `client_id` corresponding to the
130 |    * requesting client.
131 |    */
132 |   clientID
133 | }: Options): [
134 |   OAuthToken | undefined,
135 |   getToken,
136 |   setToken
137 | ] => {
138 |   const target = {
139 |     authorizeUrl, scope, clientID
140 |   }
141 | 
142 |   const [token, setToken] = useStorage<string>(
143 |     storagePrefix + '-' + JSON.stringify(target)
144 |   )
145 | 
146 |   let [state, setState] = useStorage<string>(
147 |     oauthStateName
148 |   )
149 | 
150 |   const getToken = () => {
151 |     setState(state = JSON.stringify({
152 |       nonce: cryptoRandomString(),
153 |       target
154 |     }))
155 | 
156 |     window.open(OAuth2AuthorizeURL({
157 |       scope,
158 |       clientID,
159 |       authorizeUrl,
160 |       state,
161 |       redirectUri
162 |     }))
163 |   }
164 | 
165 |   return [token, getToken, setToken]
166 | }
167 | 
168 | /**
169 |  * OAuthToken represents an OAuth2 implicit grant token.
170 |  */
171 | export type OAuthToken = string
172 | 
173 | /**
174 |  * getToken is returned by [[useOAuth2Token]].
175 |  * When called, it prompts the user to authorize.
176 |  */
177 | export type getToken = () => void
178 | 
179 | /**
180 |  * setToken is returned by [[useOAuth2Token]].
181 |  * When called, it overwrites any stored OAuth token.
182 |  * `setToken(undefined)` can be used to synchronously
183 |  * invalidate all instances of this OAuth token.
184 |  */
185 | export type setToken = (newValue: OAuthToken | undefined) => void
186 | 
187 | /**
188 |  * @hidden
189 |  */
190 | const cryptoRandomString = () => {
191 |   const entropy = new Uint32Array(10)
192 |   window.crypto.getRandomValues(entropy)
193 | 
194 |   return window.btoa([...entropy].join(','))
195 | }
196 | 
197 | /**
198 |  * @hidden
199 |  */
200 | const OAuth2AuthorizeURL = ({
201 |   scope,
202 |   clientID,
203 |   state,
204 |   authorizeUrl,
205 |   redirectUri
206 | }: {
207 |   scope: string[],
208 |   clientID: string,
209 |   state: string,
210 |   authorizeUrl: string,
211 |   redirectUri: string
212 | }) => `${authorizeUrl}?${Object.entries({
213 |   scope: scope.join(','),
214 |   client_id: clientID,
215 |   state,
216 |   redirect_uri: redirectUri,
217 |   response_type: 'token'
218 | }).map(([k, v]) => [k, v].map(encodeURIComponent).join('=')).join('&')}`
219 | 
220 | /**
221 |  * This error is thrown by the [[OAuthCallback]]
222 |  * when the state token recieved is incorrect or does not exist.
223 |  */
224 | export const ErrIncorrectStateToken = new Error('incorrect state token')
225 | 
226 | /**
227 |  * This error is thrown by the [[OAuthCallback]]
228 |  * if no access_token is recieved.
229 |  */
230 | export const ErrNoAccessToken = new Error('no access_token')
231 | 
232 | 
233 | /**
234 |  * @hidden
235 |  */
236 | const urlDecode = (urlString: string): Map<string,string> => Map(urlString.split('&').map<[string,string]>(
237 |   (param: string): [string,string] => {
238 |     const sepIndex = param.indexOf("=")
239 |     const k = decodeURIComponent(param.slice(0, sepIndex))
240 |     const v = decodeURIComponent(param.slice(sepIndex + 1))
241 |     return [k, v]
242 |   }))
243 | 
244 | /**
245 |  * @hidden
246 |  */
247 | const OAuthCallbackHandler: React.FunctionComponent<{}> = ({ children }) => {
248 |   const [state] = useStorage<string>(oauthStateName)
249 |   const { target } = JSON.parse(state)
250 |   const [ /* token */, setToken ] = useStorage(
251 |     storagePrefix + '-' + JSON.stringify(target)
252 |   )
253 | 
254 |   console.log('rendering OAuthCallbackHandler')
255 | 
256 |   React.useEffect(() => {
257 |     const params: Map<string,string> = Map([
258 |       ...urlDecode(window.location.search.slice(1)),
259 |       ...urlDecode(window.location.hash.slice(1))
260 |     ])
261 | 
262 |     if (state !== params.get('state')) throw ErrIncorrectStateToken
263 | 
264 |     const token: string | undefined = params.get('access_token')
265 |     if (token == undefined) throw ErrNoAccessToken
266 | 
267 |     setToken(token)
268 |     window.close()
269 |   }, [])
270 | 
271 |   return <React.Fragment>{children || "please wait..."}</React.Fragment>
272 | }
273 | 
274 | /**
275 |  * OAuthCallback is a React component that handles the callback
276 |  * step of the OAuth2 protocol.
277 |  *
278 |  * OAuth2Callback is expected to be rendered on the url corresponding
279 |  * to your redirect_uri.
280 |  *
281 |  * By default, this component will deal with errors by closing the window,
282 |  * via its own React error boundary. Pass `{ errorBoundary: false }`
283 |  * to handle this functionality yourself.
284 |  *
285 |  * @example
286 |  * <Route exact path="/callback" component={OAuthCallback} />} />
287 |  */
288 | export const OAuthCallback: React.FunctionComponent<{
289 |   errorBoundary?: boolean
290 | }> = ({
291 |   /**
292 |    * When set to true, errors are thrown
293 |    * instead of just closing the window.
294 |    */
295 |   errorBoundary = true,
296 |   children
297 | }) => {
298 |   if (errorBoundary === false) return <OAuthCallbackHandler>{children}</OAuthCallbackHandler>
299 |   return <ClosingErrorBoundary>
300 |     <OAuthCallbackHandler>{children}</OAuthCallbackHandler>
301 |   </ClosingErrorBoundary>
302 | }
303 | 
304 | OAuthCallback.propTypes = {
305 |   errorBoundary: PropTypes.bool
306 | }
307 | 
308 | /**
309 |  * @hidden
310 |  */
311 | class ClosingErrorBoundary extends React.PureComponent {
312 |   state = { errored: false }
313 | 
314 |   static getDerivedStateFromError(error: string) {
315 |     console.log(error)
316 |     // window.close()
317 |     return { errored: true }
318 |   }
319 | 
320 |   static propTypes = {
321 |     children: PropTypes.func.isRequired
322 |   }
323 | 
324 |   render() { return this.state.errored ? null : this.props.children }
325 | }
326 | 
327 | 
328 | export default "this module has no default export.";
329 | 


--------------------------------------------------------------------------------
/src/react-storage-hook.d.ts:
--------------------------------------------------------------------------------
1 | declare module 'react-storage-hook' {
2 |   export function useStorage(name: string, {
3 |     placeholder, storageArea
4 |   }?: { placeholder?: string, storageArea?: any }): [
5 |     string,
6 |     (newValue: string) => void
7 |   ]
8 | }
9 | 


--------------------------------------------------------------------------------
/src/styles.css:
--------------------------------------------------------------------------------
1 | /* add css styles here (optional) */
2 | 
3 | .test {
4 |   display: inline-block;
5 |   margin: 2em auto;
6 |   border: 2px solid #000;
7 |   font-size: 2em;
8 | }
9 | 


--------------------------------------------------------------------------------
/src/test.js:
--------------------------------------------------------------------------------
1 | import ExampleComponent from './'
2 | 
3 | describe('ExampleComponent', () => {
4 |   it('is truthy', () => {
5 |     expect(ExampleComponent).toBeTruthy()
6 |   })
7 | })
8 | 


--------------------------------------------------------------------------------
/src/test.ts:
--------------------------------------------------------------------------------
1 | import ExampleComponent from './'
2 | 
3 | describe('ExampleComponent', () => {
4 |   it('is truthy', () => {
5 |     expect(ExampleComponent).toBeTruthy()
6 |   })
7 | })
8 | 


--------------------------------------------------------------------------------
/src/typings.d.ts:
--------------------------------------------------------------------------------
 1 | /**
 2 |  * Default CSS definition for typescript,
 3 |  * will be overridden with file-specific definitions by rollup
 4 |  */
 5 | declare module '*.css' {
 6 |   const content: { [className: string]: string };
 7 |   export default content;
 8 | }
 9 | 
10 | interface SvgrComponent extends React.StatelessComponent<React.SVGAttributes<SVGElement>> {}
11 | 
12 | declare module '*.svg' {
13 |   const svgUrl: string;
14 |   const svgComponent: SvgrComponent;
15 |   export default svgUrl;
16 |   export { svgComponent as ReactComponent }
17 | }
18 | 


--------------------------------------------------------------------------------
/templates/pkgdoc_templ.jq:
--------------------------------------------------------------------------------
 1 | def jsdoc: "/**\n" + (. | split("\n") | map(" * " + .) | join("\n")) + "\n */";
 2 | 
 3 | ("
 4 | @module \(.name)
 5 | \(.requirements | map("@requires " + .) | join("\n") )
 6 | @summary \(.description)
 7 | @version \(.version)
 8 | @author \(.author)
 9 | @copyright \(.author) \(.year)
10 | @license \(.license)
11 | ## Installation
12 | 
13 | ```bash
14 | yarn add \(.name)
15 | ```
16 | \(.documentation)
17 | ## Example
18 | @example
19 | 
20 | ```javascript
21 | \(.example)
22 | ```
23 | 
24 | " | ltrimstr("\n") | rtrimstr("\n") | jsdoc) + "\n\n" + (" " |jsdoc) + "\n\n"
25 | 


--------------------------------------------------------------------------------
/templates/readme.hbs:
--------------------------------------------------------------------------------
 1 | {{#module name="react-oauth2-hook"}}
 2 | # {{>sig-name~}}
 3 | {{>deprecated~}}
 4 | {{>scope~}}
 5 | > {{>summary~}}
 6 | {{>augments~}}
 7 | {{>implements~}}
 8 | {{>mixes~}}
 9 | {{>default~}}
10 | {{>chainable~}}
11 | {{>overrides~}}
12 | {{>returns~}}
13 | {{>category~}}
14 | {{>throws~}}
15 | {{>fires~}}
16 | {{>this~}}
17 | {{>access~}}
18 | {{>readOnly~}}
19 | {{>requires~}}
20 | {{>customTags~}}
21 | {{>see~}}
22 | {{>since~}}
23 | {{>version~}}
24 | {{>authors~}}
25 | {{>license~}}
26 | {{>copyright~}}
27 | {{>todo~}}
28 | {{>params~}}
29 | {{>properties~}}
30 | {{>member-index~}}
31 | {{>separator~}}
32 | > {{>summary~}}
33 | {{>heading-indent~}} Installation
34 | ```bash
35 | yarn install {{>sig-name~}}
36 | ```
37 | {{>heading-indent~}}# Examples
38 | {{>examples~}}
39 | 
40 | {{>heading-indent~}} Reference
41 | {{>description~}}
42 | 
43 | {{>members~}}
44 | 
45 | {{/module}}
46 | 


--------------------------------------------------------------------------------
/templates/readme.jq:
--------------------------------------------------------------------------------
 1 | def code(lang): "```\(lang)
 2 | \(.)
 3 | ```";
 4 | 
 5 | def filter(f): [.[] | select(f)];
 6 | 
 7 | [
 8 | 
 9 | # module header
10 | (.[] | select(.kind == "module") | "# \(.name)
11 | 
12 | > \(.summary)
13 | 
14 | [![NPM](https://img.shields.io/npm/v/\(.name).svg)](https://www.npmjs.com/package/\(.name))
15 | 
16 | | | |
17 | |----|----|
18 | | licence | \(.license) |
19 | | version | \(.version) |
20 | | requires | \(.requires | map(. | ltrimstr("module:") |
21 | "[\(.)](//npmjs.com/package/\(.))"
22 | ) | join(" ")) |
23 | | | |
24 | 
25 | # Install
26 | ```bash
27 | yarn add \(.name)
28 | ```
29 | # Example
30 | \((.examples[] | code("javascript")))
31 | 
32 | \(.description)
33 | 
34 | "),
35 | 
36 | "
37 | ## Reference
38 | - Exports",
39 | 
40 | 
41 | (. | filter(.meta.code.name) | filter(.meta.code.name | test("^exports\\.")) | map(
42 | " - [\(.name)(\(.params | select(.) | map(.name) | join(", ") ))](#\(.name))"
43 | ) | join("\n")),
44 | "
45 | ",
46 | 
47 | (.[] | select(.kind == "member") |
48 | "## \(.name)
49 | 
50 | \(. | select(.params) |
51 | 	"### Params
52 | \(.params | map ( "- `\(.name)` \(.description)" ) | join("\n"))
53 | 	"
54 | )
55 | 
56 | \(.description)
57 | 
58 | \(select(.examples) |
59 | "### Example
60 | \(.examples | map(. | code("javascript")) | join("\n"))")")
61 | 
62 | ] |  join("\n")
63 | 


--------------------------------------------------------------------------------
/tsconfig.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "compilerOptions": {
 3 |     "outDir": "build",
 4 |     "module": "esnext",
 5 |     "target": "es6",
 6 |     "lib": ["es6", "dom", "es2016", "es2017"],
 7 |     "sourceMap": true,
 8 |     "allowJs": false,
 9 |     "jsx": "react",
10 |     "declaration": true,
11 |     "moduleResolution": "node",
12 |     "forceConsistentCasingInFileNames": true,
13 |     "noImplicitReturns": true,
14 |     "noImplicitThis": true,
15 |     "noImplicitAny": true,
16 |     "strictNullChecks": true,
17 |     "suppressImplicitAnyIndexErrors": true,
18 |     "noUnusedLocals": true,
19 |     "noUnusedParameters": true,
20 |     "downlevelIteration": true
21 |   },
22 |   "include": ["src"],
23 |   "exclude": ["node_modules", "build", "dist", "example", "rollup.config.js"]
24 | }
25 | 


--------------------------------------------------------------------------------
/tsconfig.test.json:
--------------------------------------------------------------------------------
1 | {
2 |   "extends": "./tsconfig.json",
3 |   "compilerOptions": {
4 |     "module": "commonjs"
5 |   }
6 | }


--------------------------------------------------------------------------------