chore: move week2 to a separate PR

Author: magdazelena

courses/backend/node/README.md

@@ -4,10 +4,10 @@ This module is part of the Backend specialism and focuses on using Node.js to bu
 
 ## Contents
 
-| Week | Topic                    | Preparation                         | Lesson Plan                          | Assignment                          |
-| ---- | ------------------------ | ----------------------------------- | ------------------------------------ | ----------------------------------- |
-| 1.   | Express                  | [Preparation](week1/preparation.md) | [Homework](week1/homework/README.md) | [Lesson plan](week1/lesson-plan.md) |
-| 2.   | Database connection; API | [Preparation](week2/preparation.md) | [Homework](week2/homework/README.md) | [Lesson plan](week2/lesson-plan.md) |
+| Week | Topic                    | Preparation                         | Lesson Plan                         | Assignment                            |
+| ---- | ------------------------ | ----------------------------------- | ----------------------------------- | ------------------------------------- |
+| 1.   | Express                  | [Preparation](week1/preparation.md) | [Assignment](./week1/assignment.md) | [Session plan](week1/session-plan.md) |
+| 2.   | Database connection; API | [Preparation](week2/preparation.md) | [Assignment](./week1/assignment.md) | [Session plan](week2/session-plan.md) |
 
 ## Module Learning Goals
 

courses/backend/node/week1/README.md

@@ -64,8 +64,8 @@ There are a few good extensions or middleware that is easy to plug into express
 ### Relevant links
 
 - [Preparation](preparation.md)
-- [Homework](homework/README.md)
-- [Lesson plan](lesson-plan.md)
+- [Assignment](./assignment.md)
+- [Session plan](./session-plan.md)
 
 ### Express.js
 

courses/backend/node/week1/assignment.md

@@ -197,4 +197,3 @@ Your usage of Knex should be getting a bit more advanced now. You will move from
 - `.del` (for deletion)
 
 Check out the [Knex cheatsheet](https://devhints.io/knex)!
-

courses/backend/node/week2/README.md

@@ -1,46 +0,0 @@
-# Session plan (Week 2)
-
-In this session we will focus on connecting to a database, building an API, and using Postman to test our API endpoints. We will also cover how to structure our code for better maintainability and scalability.
-
-## Contents
-
-- [Preparation](./preparation.md)
-- [Session Plan](./session-plan.md) (for mentors)
-- [Assignment](./assignment.md)
-
-## Session Learning goals
-
-By the end of this session, you will be able to:
-TODO - Format as `verb`
-
-- [ ] Database interaction
-  - [ ] Connecting to mysql using Knex
-    - [ ] Environment variables
-  - [ ] Executing queries using knex
-- [ ] API
-  - [ ] REST
-  - [ ] CRUD
-    - [ ] Router verb `GET`, `POST`, `DELETE`, `PUT`
-    - [ ] POST mention express.json middleware
-  - [ ] Postman
-
-TODO - Move this content somewhere else
-
-### 1. What is Representational State Transfer (REST)?
-
-Building software is like building houses: architecture is everything. The design of each part is just as important as the utility of it. REST is a specific architectural style for web applications. It serves to organise code in **predictable** ways.
-
-The most important features of REST are:
-
-- An application has a `frontend` (client) and a `backend` (server). This is called [separation of concerns](https://medium.com/machine-words/separation-of-concerns-1d735b703a60): each section has its specific job to do. The frontend deals with presenting data in a user friendly way, the backend deals with all the logic and data manipulation
-- The server is `stateless`, which means that it doesn't store any data about a client session. Whenever a client sends a request to the server, each request from the client to server must contain all of the information necessary to understand the request, and cannot take advantage of any stored context on the server. This makes it possible to handle requests from millions of users.
-- Server responses can be temporarily stored on the client (a browser) using a process called `caching`: storing files like images or webpages in the browser to load the next time you enter a website (instead of getting them from the server, which generally takes longer to do).
-- Client-server communication is done through `Hypertext Transfer Protocol (HTTP)` (more on that later), which serves as the style (the how) of communication.
-
-It's important to know about REST because it teaches us how web applications are designed and holds us to a standard that makes development and usage predictable. However, don't worry if you don't know what any of this means just yet. It's good to be exposed to it, and understanding will come with experience.
-
-For more research, check the following resource:
-
-- [What is REST: a simple explanation for beginners](https://medium.com/extend/what-is-rest-a-simple-explanation-for-beginners-part-1-introduction-b4a072f8740f)
-
-- [@NoerGitKat (lots of web app clones/examples to learn from)](https://github.com/NoerGitKat)

courses/backend/node/week2/assignment.md

@@ -1,208 +0,0 @@
-# Assignment
-
-Once again, you will deliver 2 pull requests:
-
-- A pull request for the **Warmup** - in your regular hyf-homework repository
-- A pull request for the additional **meal sharing endpoints** - in the meal-sharing repository
-
-In both repositories, create a `nodejs-week2` branch from `main` to work on the homework (`git checkout -b nodejs-week2` ).
-
-## Warmup
-
-For the warmup you will be handed a Contacts API with a single endpoint:
-
-- `GET /api/contacts`
-
-This endpoint accepts a query parameter `sort`. Here's how you can use it:
-
-- `GET /api/contacts?sort=first_name%20ASC`
-  - Sorts contacts by first name, ascending
-- `GET /api/contacts?sort=last_name%20DESC`
-  - Sorts contacts by last name, descending
-
-But this `sort` query parameter has been introduced with a SQL injection vulnerability and the goal is to demonstrate the issue and then fix and remove the vulnerability.
-
-### Setup
-
-TODO - Review assignment to work with sqlite.
-
-Go to `nodejs/week2` in your `hyf-homework` repo:
-
-```shell
-npm init -y
-npm i express sqlite3 knex
-npm set-script dev "node --watch app.js"
-```
-
-Make sure you have `"type": "module"` in your `package.json`.
-
-You should also ensure that the `node_modules/` folder is ignored by Git:
-
-```shell
-echo node_modules/ >> .gitignore
-```
-
-Create a database/schema called `hyf_node_week2_warmup` with a `contacts` table:
-
-```sql
-CREATE TABLE `contacts` (
-  `id` int unsigned NOT NULL AUTO_INCREMENT,
-  `first_name` varchar(255) NOT NULL,
-  `last_name` varchar(255) NOT NULL,
-  `email` varchar(255) DEFAULT NULL,
-  `phone` varchar(255) DEFAULT NULL,
-  PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
-
--- Sample data
-insert into contacts (id, first_name, last_name, email, phone) values (1, 'Selig', 'Matussov', 'smatussov0@pinterest.com', '176-630-4577');
-insert into contacts (id, first_name, last_name, email, phone) values (2, 'Kenny', 'Yerrington', null, null);
-insert into contacts (id, first_name, last_name, email, phone) values (3, 'Emilie', 'Gaitskell', null, null);
-insert into contacts (id, first_name, last_name, email, phone) values (4, 'Jordon', 'Tokell', null, null);
-insert into contacts (id, first_name, last_name, email, phone) values (5, 'Sallyann', 'Persse', 'spersse4@webnode.com', '219-157-2368');
-insert into contacts (id, first_name, last_name, email, phone) values (6, 'Berri', 'Bulter', null, null);
-insert into contacts (id, first_name, last_name, email, phone) values (7, 'Lanni', 'Ivanilov', 'livanilov6@fda.gov', null);
-insert into contacts (id, first_name, last_name, email, phone) values (8, 'Dagny', 'Milnthorpe', null, null);
-insert into contacts (id, first_name, last_name, email, phone) values (9, 'Annadiane', 'Bansal', null, null);
-insert into contacts (id, first_name, last_name, email, phone) values (10, 'Tawsha', 'Hackley', null, null);
-insert into contacts (id, first_name, last_name, email, phone) values (11, 'Rubetta', 'Ozelton', null, null);
-insert into contacts (id, first_name, last_name, email, phone) values (12, 'Charles', 'Boughey', 'cbougheyb@senate.gov', '605-358-5664');
-insert into contacts (id, first_name, last_name, email, phone) values (13, 'Shantee', 'Robbe', null, null);
-insert into contacts (id, first_name, last_name, email, phone) values (14, 'Gleda', 'Peat', null, null);
-insert into contacts (id, first_name, last_name, email, phone) values (15, 'Arlinda', 'Ethersey', 'aetherseye@biglobe.ne.jp', '916-139-1300');
-insert into contacts (id, first_name, last_name, email, phone) values (16, 'Armando', 'Meachem', 'ameachemf@oaic.gov.au', '631-442-5339');
-insert into contacts (id, first_name, last_name, email, phone) values (17, 'Codi', 'Redhouse', null, '401-953-6897');
-insert into contacts (id, first_name, last_name, email, phone) values (18, 'Ann', 'Buncombe', 'abuncombeh@ow.ly', '210-338-0748');
-insert into contacts (id, first_name, last_name, email, phone) values (19, 'Louis', 'Matzkaitis', 'lmatzkaitisi@ebay.com', '583-996-6979');
-insert into contacts (id, first_name, last_name, email, phone) values (20, 'Jessey', 'Pala', null, null);
-insert into contacts (id, first_name, last_name, email, phone) values (21, 'Archy', 'Scipsey', 'ascipseyk@ask.com', '420-983-2426');
-insert into contacts (id, first_name, last_name, email, phone) values (22, 'Benoit', 'Mould', 'bmouldl@bing.com', '271-217-9218');
-insert into contacts (id, first_name, last_name, email, phone) values (23, 'Sherm', 'Girardey', 'sgirardeym@guardian.co.uk', '916-999-2957');
-insert into contacts (id, first_name, last_name, email, phone) values (24, 'Raquel', 'Mudge', 'rmudgen@slate.com', '789-830-7473');
-insert into contacts (id, first_name, last_name, email, phone) values (25, 'Tabor', 'Reavey', null, null);
-```
-
-Create `app.js`:
-
-```js
-import knex from "knex";
-import express from "express";
-
-const dbFile = "PATH_TO_YOUR_SQLITE_DB";
-
-const knexInstance = knex({
-  client: "sqlite3",
-  connection: {
-    filename: dbFile,
-  },
-});
-
-const app = express();
-const port = process.env.PORT || 3000;
-
-app.use(express.json());
-
-const apiRouter = express.Router();
-app.use("/api", apiRouter);
-
-const contactsAPIRouter = express.Router();
-apiRouter.use("/contacts", contactsAPIRouter);
-
-contactsAPIRouter.get("/", async (req, res) => {
-  let query = knexInstance.select("*").from("contacts");
-
-  if ("sort" in req.query) {
-    const orderBy = req.query.sort.toString();
-    if (orderBy.length > 0) {
-      query = query.orderByRaw(orderBy);
-    }
-  }
-
-  console.log("SQL", query.toSQL().sql);
-
-  try {
-    const data = await query;
-    res.json({ data });
-  } catch (e) {
-    console.error(e);
-    res.status(500).json({ error: "Internal server error" });
-  }
-});
-
-app.listen(port, () => {
-  console.log(`Listening on port ${port}`);
-});
-```
-
-As mentioned above, the `sort` query parameter has been introduced with a SQL injection vulnerability.
-
-First, you should demonstrate the SQL injection and that it for instance is possible to drop/delete the `contacts` table with the `sort` query parameter.
-You can for instance demonstrate this with a screen recording and include it in the PR description.
-
-After having demonstrated the SQL injection vulnerability, the goal is then to fix the issue by updating `app.js`.
-
-**Hint:** the `multipleStatements: true` part in the configuration indicates how you can use the vulnerability. The configuration should not be changed though, the SQL injection should be fixed by making changes in the `/api/contacts` route.
-
-## Meal sharing endpoints
-
-You will continue working in the meal-sharing repository for this task.
-
-You should have the basic [CRUD](https://www.freecodecamp.org/news/crud-operations-explained/) endpoints for **meals** and **reservations** as the result of last week's homework. This week, you will add **query parameters**, that will allow you to **sort** and **filter** the information retrieved from the database.
-
-### Routes
-
-#### Meals
-
-Work with your `GET api/meals` route to add the query parameters.
-Make sure that the query parameters can be combined, f.x. <nobr>`?limit=4&maxPrice=90`.<nobr/>
-
-| Parameter               | Data type | Description                                                                                                                             | Example                                             |
-| ----------------------- | --------- | --------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------- |
-| `maxPrice`              | Number    | Returns all meals that are cheaper than `maxPrice`.                                                                                     | <nobr>`api/meals?maxPrice=90`<nobr/>                |
-| `availableReservations` | Boolean   | Returns all meals that still have available spots left, if `true`. If `false`, return meals that have no available spots left.[^1]      | <nobr>`api/meals?availableReservations=true`<nobr/> |
-| `title`                 | String    | Returns all meals that partially match the given title. `Rød grød` will match the meal with the title `Rød grød med fløde`.             | <nobr>`api/meals?title=Indian%20platter`<nobr/>     |
-| `dateAfter`             | Date      | Returns all meals where the date for `when` is after the given date.                                                                    | `api/meals?dateAfter=2022-10-01`                    |
-| `dateBefore`            | Date      | Returns all meals where the date for `when` is before the given date.                                                                   | `api/meals?dateBefore=2022-08-08`                   |
-| `limit`                 | Number    | Returns the given number of meals.                                                                                                      | `api/meals?limit=7`                                 |
-| `sortKey`[^2]           | String    | Returns all meals sorted by the given key. Allows `when`, `max_reservations` and `price` as keys. Default sorting order is asc(ending). | `api/meals?sortKey=price`                           |
-| `sortDir`[^3]           | String    | Returns all meals sorted in the given direction. Only works combined with the `sortKey` and allows `asc` or `desc`.                     | <nobr>`api/meals?sortKey=price&sortDir=desc`<nobr/> |
-
-[^1]: `availableReservations` requires you to work with several database tables at once. Try practicing the right query in MySQL Workbench first (you might have it from Database week2 homework) and once you have it working, build it with `knex`.
-
-[^2]: This used to be `sort_key` in a previous version of the homework text.
-
-[^3]: This used to be `sort_dir` in a previous version of the homework text.
-
-#### Reviews
-
-By now, you have the basic set of endpoints for **meals** and **reservations** and even a collection of query parameters for **meals**. To practice a bit more and finalize the basic backend functionality, create the set of routes for **reviews**:
-
-| Route                         | HTTP method | Description                              |
-| ----------------------------- | ----------- | ---------------------------------------- |
-| `/api/reviews`                | GET         | Returns all reviews.                     |
-| `/api/meals/:meal_id/reviews` | GET         | Returns all reviews for a specific meal. |
-| `/api/reviews`                | POST        | Adds a new review to the database.       |
-| `/api/reviews/:id`            | GET         | Returns a review by `id`.                |
-| `/api/reviews/:id`            | PUT         | Updates the review by `id`.              |
-| `/api/reviews/:id`            | DELETE      | Deletes the review by `id`.              |
-
-#### Knex
-
-You should try to avoid using `knex.raw` and instead use the different `knex` functions, for example:
-
-- `.select`, `.from`, `.where`, `join`, `leftJoin`
-- `.insert`
-- `.update`
-- `.del` (for deletion)
-
-Check out the [Knex cheatsheet](https://devhints.io/knex)!
-
-## Hand in homework
-
-Need to brush up on the homework hand-in process?
-
-Check [this resource](https://github.com/HackYourFuture-CPH/Git/blob/main/homework-submission.md) to remember how to hand in the homework correctly!
-
-## Feedback
-
-And finally, please take two minutes to answer the survey [here](https://forms.gle/YG5KCnSCPhb8dJAL9) to give feedback to the staff and mentors.

courses/backend/node/week2/preparation.md

@@ -1,5 +0,0 @@
-# Preparation
-
-- [NodeJS Web API with KNEX and Express](https://www.youtube.com/watch?v=QNw9q4YXR4E) (15 min)
-- <https://fullstackopen.com/en/part3/node_js_and_express#rest> up until the `The Visual Studio Code REST client` section (15 min)
-- <https://jsonplaceholder.typicode.com/> - Free API for testing and prototyping. (5 min)

courses/backend/node/week2/session-plan.md

@@ -1,54 +0,0 @@
-# Lesson plan
-
-- Focus on having lots of in class exercises.
-- DON'T teach everything, let the students investigate topics on their own as well!
-- Focus on how to read documentation, google answers and google errors!!
-- Teach towards the students being able to solve the homework.
-
-Remember to add the code you wrote in the class to the relevant class branch's class work folder. If the branch has not been created just create and push it :) If you don't have access, write to one from the core team. You can see an example below!
-
-If you find anything that could be improved then please create a pull request! We welcome changes, so please get involved if you have any ideas!!!
-
----
-
-- Database interaction
-  - Connecting to mysql using knex
-  - Executing queries
-    - `select`, `create`. You could let the students figure out how `delete` and `update` works
-  - [Code inspiration](#phonebook-database) especially focus on the promise and query part
-- API
-  - REST
-  - CRUD
-    - Router verb `GET`, `POST`, `DELETE`, `PUT`
-      - Especially focus on post with `app.use(express.urlencoded({ extended: true }));` and `app.use(express.json());`
-  - [Code inspiration](#phonebook-api)
-- Postman
-  - `POST`, `DELETE`, `PUT` requests
-- Exercise finish concerts api
-
-## Code inspiration
-
-### Phonebook database
-
-- Go to the `teacher-live-coding` [repo](https://github.com/HackYourFuture-CPH/teacher-live-coding), to the relevant folder
-- Copy the `.env.example` and rename the copied file to `.env`
-- Run `npm install`
-- Start the application by running `node --watch ./src/backend/phonebook-database-queries.js`
-
-Try and implement this functionality from the bottom while explaining.
-
-### Phonebook api
-
-Start the application by running `node --watch ./src/backend/create-an-api.js`.
-
-The following two routes have been created, get help by the students to create some of the other routes.
-
-| Url                 | Verb   | Functionality               | Example              |
-| ------------------- | ------ | --------------------------- | -------------------- |
-| `api/contacts/`     | GET    | Returns all contacts        | `GET api/contacts/`  |
-| `api/contacts/`     | POST   | Adds a new contact          | `POST api/contacts/` |
-| `api/contacts/{id}` | GET    | Returns contact by `id`     | `GET api/contacts/2` |
-| `api/contacts/{id}` | PUT    | Updates the contact by `id` | `PUT api/contacts/2` |
-| `api/contacts/{id}` | DELETE | Deletes the contact by `id` | `DELETE contacts/2`  |
-
-Thank you very much for teaching NodeJS. Please don't hesitate to give feedback by clicking [here](https://forms.gle/sAuVhsTmJ1qSmjgJ6) (teachers and teacher assistants). For homework reviewers, please access the survey [here](https://forms.gle/nVbX9ShusF2a5Aa87).