Update READMEs

Author: jboolean

README.md

@@ -1,17 +1,18 @@
 # 1940s.nyc
-1940 New York City Street View
 
+1940 New York City Street View
 
-This is a monorepo containing these modules:
+This is a monorepo. See the README in each submodule for more information. `npm install` at the root level can be used to install all submodule dependencies.
 
 ## backend
-The serverless API for search, photo metadata, and payments. 
+
+The serverless API for search, photo metadata, and payments.
 Also, s3 event lambdas used for processing images as part of ingesting from the initial photo scrape.
 
 ![backend deploy](https://github.com/jboolean/1940s.nyc/actions/workflows/backend-deploy.yml/badge.svg)
 
 ## frontend
+
 The frontend, a React app.
 
 [![Netlify Status](https://api.netlify.com/api/v1/badges/29e76d8d-f9ba-4afa-bc07-c89fc03e570a/deploy-status)](https://app.netlify.com/sites/1940s-nyc/deploys)
-

backend/README.md

@@ -0,0 +1,153 @@
+# 1940s.nyc backend
+
+This is a serverless app deployed to AWS lambda. It is written in Node.js and uses the Serverless framework.
+
+## Pre-requisites
+
+### Credentials
+
+First, have AWS credentials on your machine in [a way the serverless framework can use](https://www.serverless.com/framework/docs/providers/aws/guide/credentials#recommended-using-local-credentials) such as in `~/.aws`. These credentials are used to fetch secrets via SSM to connect to the database and other services.
+
+### Node.js
+
+This project was developed with node version specified in in .nvmrc
+
+With `nvm` installed, run `nvm use`
+
+## Development
+
+When building for the first time or if dependencies have changed, run
+
+```
+npm install
+```
+
+To develop,
+
+```
+npm start
+```
+
+## Environments
+
+There are three backend environments (stages), two database environments, unlimited frontend environments, and one Mapbox map.
+
+On the backend, there's production, staging, and your local development environment. Production uses the `fourtiesnyc` database, while other environments use `fourtiesnyc_staging`. This means your local server uses a shared database with staging. This is not ideal and came about because originally the app had only static photo data; it should be improved.
+
+On the frontend, there are ephemeral environments created for each pull request, these all share `staging` as the backend.
+
+There is one Mapbox map that is shared. This means you may see story labels on the map that are not in the staging database and can't be read.
+
+## Deployment
+
+Deployment should _not_ be done from your local machine, but only by Github Actions.
+
+Deployments to production are automated upon merges to `master`.
+
+To deploy to staging, use the [backend-deploy-manual](https://github.com/jboolean/1940s.nyc/actions/workflows/backend-deploy-manual.yml) action and select stage=staging.
+
+## Schema changes
+
+There is no schema change management. Schema changes and migrations are made manually and carefully. It's suggested to try out your schema changes in staging, then create a DDL of the final schema and apply it to production.
+
+Ideally, either TypeORM migrations or something like [Flyway](https://flywaydb.org/) would be used to manage schema changes.
+
+Use the [clone-db](https://github.com/jboolean/1940s.nyc/actions/workflows/clone-db.yml) Action to clone production back to staging if staging becomes too outdated or broken and needs to be reset.
+
+## Frameworks and patterns
+
+### Serverless
+
+Serverless framework is used to manage packaging and deployment.
+
+### Express
+
+Express is used, but most routes are defined with the `tsoa` framework.
+
+### tsoa
+
+The [tsoa](https://github.com/lukeautry/tsoa) API framework is used to define a REST API with type safety and OpenAPI spec generation. `*Controller` classes are scanned, annotations are parsed, and routes are generated. It also validates requests and can return validation messages to the client.
+
+Use `npm run routes` to regenerate the routes file.
+
+### TypeORM
+
+TypeORM is used as a typed ORM. It's used to interact with the database.
+
+### Directory structure
+
+The classic layered architecture is used: api, business, persistence. Dependencies must go downward only.
+
+- `api` - Contains API interaction including Tsoa controllers and request/response types.
+- `cron` - Entry points for cron jobs. At the same "layer" as `api`.
+- `business` - Contains business logic. `*Service` files are defined to provide facades to various subsystems to perform business functions. There are also utils.
+- `entities` - Contains TypeORM entities corresponding to tables and views in the database.
+- `repositories` - TypeORM automatically generates repositories for each entity, but extensions with custom queries can be defined here.
+- `enum` - Enums can be shared between the frontend and backend. They are defined here.
+
+### Cron jobs
+
+Each cron job should be defined as a function in the `cron` directory, then registered in `/cron.ts` and in `serverless.yml` as a lambda function with a cron schedule.
+
+## Features of note
+
+### Photos and geocodes
+
+The core of this app is photo metadata and geocoding records. Each `Photo` has many `GeocodeResult`s from geocoding services run when the app was built. The `effective_geocodes_view` is a materialized view represented by the `EffectiveGeocode` entity which contains the geocode we use for each photo. The query for that view uses a priority order of geocode services, and "corrections" submitted by users (`GeocodeCorrection`). The view is refreshed by a cron job to incorporate corrections.
+
+### Stories
+
+Stories was the first user-generated content feature and is pretty self-contained. It is not connected to Users or authentication as it was built before those features. Stories have their own authentication via jwt-based magic links sent via email which users can use to edit a specific story. Emails give users confirmation that their story was received and later published.
+
+Stories are moderated by admins. All stories are submitted to the moderation queue at http://1940s.nyc/admin/review-stories.
+
+Automatic moderation was considered but most of the rejected stories are not classic spam that could be detected by spam filters or CAPTCHAs but rather trolls and confused people.
+
+### Users and authentication
+
+I didn't want to pay for an authentication service, and it seemed simple enough to build my own.
+I wanted a more seamless user experience without usernames and passwords, and often even without doing anything.
+
+For any route tagged with `@Security('user-token')`, a user is created if one does not exist. The user is then considered logged in immediately without any information and is considered anonymous. Later, the user can provide, and optionally verify an email address. Specific features can check for verified email addresses if that level of security is needed. Corrections to geocodes, for example, require a verified email address. Colorization, however, can be done by anonymous users, allowing a "free trial" experience.
+
+**Log-in process**: The user supplies an email address: if an account exists the user is sent a magic link to log in, or the email is associated with the current possibly anonymous account they are logged in with. Magic links are JWT tokens.
+
+Notably, **Stories** are not connected to Users because Stories were built first. Users primarily support the Colorization feature for payment and credit ledgering and the Corrections feature for safety.
+
+### Credit ledgering
+
+Users can purchase "Color tokens" to colorize images. This is managed via the Ledger system, which is just a ledger of credits issued and images colorized. Users can go negative as we allow one free colorization per day.
+
+`LedgerService.withMeteredUsage` is a wrapper to wrap code that uses requires and consumes credits.
+
+### Admin users
+
+Admin users actually _do_ use an authentication service: Netlify Identity. This was built before end-user authentication and could potentially be updated to use the same system.
+
+Admin users have roles defined in Identity.
+
+A route tag for an admin route looks like `@Security('netlify', ['moderator'])`. This requires an Identity user to be logged in and have the role `moderator`.
+
+### Email campaigns
+
+I was also too cheap to pay for a mailing list service like Mailchimp so I built one.
+
+It's pretty simple. When a campaign is enqueued via the API it just creates a record for every list member. A cron job sends out the emails in batches.
+
+There's currently no sign-up form for the mailing list. Addresses are just added whenever they provide an email via other app features like Stories.
+
+### Map sync
+
+Every night, a cron job refreshes the materialized views, regenerates a set of geojson, pushes it to Mapbox, and triggers Mapbox's regeneration of the map tiles. Note that regenerating map tiles costs money, which is why it's not done continuously.
+
+This important process supports geocode corrections and user story labels.
+
+## Third party services
+
+- Mapbox - For the map
+- AWS SSM - For secrets
+- Postmark - For transactional and campaign emails
+- Netlify Identity - For admin users
+- Stripe - For payments
+- OpenAI - For story title generation
+- Palette - For colorization

frontend/README.md

@@ -1,10 +1,4 @@
-# Julian's Base App
-This repo is my starting place for new frontend apps.
-- Webpack
-- React
-- LESS CSS
-- Typescript
-- Linting and Prettier
+# 1940s.nyc frontend
 
 ## Pre-requisites
 
@@ -24,21 +18,24 @@ To develop,
 
 ```
 npm run watch
-``` 
+```
 
-Starts a development server at `localhost:8080`.
+Starts a development server at http://dev.1940s.nyc:8080.
+The backend must also be running for many functions to work.
 
 ## Build
 
 ```
 npm run build
 ```
 
-bundles javascript and css into `/dist`. 
+bundles javascript and css into `/dist`.
 
 ## Directory structure
 
-The files and directories in `src` are strictly organized into four standard directories. The contents of each directory are limited.
+The files and directories in `src` are strictly organized into standard directories. The contents of each directory are limited.
+
+(Example names from another project are used for illustration)
 
 - `screens` - Contains only sub-directories named for full pages in the UI. If pages have a hierarchy, those sub-directories can contain another `screens` folder for the pages in the hierarchy.
   ```
@@ -50,6 +47,7 @@ The files and directories in `src` are strictly organized into four standard dir
         - Show
   ```
 - `components` - Contains only sub-directories named for UI elements that relate to the screen of the parent directory. A component's subdirectory should contain an `index.jsx` file for the component and a `ComponentName.less` file for styles. If the component has a higher-order connecting component to maintain state, that is in the `index.jsx` file, and `ComponentName.jsx` is a pure underlying component. If there is only one file, a directory is not needed.
+
   ```
   - components
     - Schedule
@@ -58,24 +56,86 @@ The files and directories in `src` are strictly organized into four standard dir
       - Schedule.less // styles used by Schedule.jsx
   ```
 
-- `utils` - Contains only files that export utility functions, objects, or constants. May contain any subdirectories to organize the utilities. 
-- `shared` - A special type of directory, configured in Webpack to make its contents easily importable by decendants in the hierarchy. When importing, webpack will automatically look up the tree in shared folders to find a match, so instead of `import ../../shared/utils/myUtil`, just `import 'utils/myUtil'` will suffice. `shared`  can contain `components`, `screens` or `utils`. `shared` directories can exist on any level to make contents available below that level. 
-  - The top-level `src/shared` directory contains code _not_ specific to WOWD, such as a generic calendar layout component with no knowledge of radio show data, a generic track manager, and types to store date and time data.
-  Anything at this level could potentially be moved out to another repository and npm package.
-  - `src/wowd/shared` contains components and utils used on many screens that _are_ specific to WOWD such as a "show card", a play button, data types for Shows, Djs and Playlists, and an API client.
+- `utils` - Contains only files that export utility functions, objects, or constants. May contain any subdirectories to organize the utilities.
+- `stores` - Contains zustand stores
+- `shared` - A special type of directory, configured in Webpack to make its contents easily importable by descendants in the hierarchy. When importing, webpack will automatically look up the tree in shared folders to find a match, so instead of `import ../../shared/utils/myUtil`, just `import 'utils/myUtil'` will suffice. `shared` can contain `components`, `screens` or `utils`. `shared` directories can exist on any level to make contents available below that level.
+  - The top-level `src/shared` directory contains code _not_ specific to this application, that could potentially become separate packages, such as UI components.
 
 ## Frameworks and patterns
 
-### React / state management
-This project is based on React. 
+### React
+
+This project is based on React.
+
+### State management
+
+Where state management is needed, [zustand](https://github.com/pmndrs/zustand) is used. It was added to this app in 2023, so legacy code uses Context.
+
+Zustand usage in this app follows a particular pattern:
+
+A store must be created in a file called \*Store.ts and exported. Ad-hoc stores shouln't be created in components.
 
-Bring your own flux implementation if desired.
+```typescript
+import create from 'zustand';
+import { immer } from 'zustand/middleware/immer';
+
+interface State {
+  isOpen: boolean;
+  value: number | null;
+}
+
+interface ComputedState {
+  isValueSet: boolean;
+}
+
+interface Actions {
+  setValue: (value: number) => void;
+  reset: () => void;
+}
+
+const useStore = create(
+  immer<State & Actions>((set) => ({
+    isOpen: false,
+    value: null,
+
+    setValue: (value) => {
+      set((draft) => {
+        draft.isOpen = true;
+        draft.value = value;
+      });
+    },
+
+    reset: () => {
+      set((draft) => {
+        draft.isOpen = false;
+        draft.value = null;
+      });
+    },
+  }))
+);
+
+export function useStoreComputeds(): ComputedState {
+  const { value } = useStore();
+  return {
+    isValueSet: value !== null,
+  };
+}
+
+export default useStore;
+```
+
+This template above demonstrates how to structure a Zustand store with Immer for immutability and a separate utility for computed state.
+
+Key Features:
+• State and Actions: Define state and behavior in the same store.
+• Computed State: Use a dedicated custotm hook (useStoreComputeds) to derive and expose computed values from the store within the same file.
 
 ### LESS
 
-LESS CSS ([lesscss.org](http://lesscss.org)) is used for styles with Webpack's [CSS Modules](https://github.com/webpack-contrib/css-loader#modules). The tl;dr of this is: 1) All less files can be imported into javascript as objects and 2) All the class names within a `:local` block in the less file, which should be the entire less file, gets replace with a random string. The exported javascript object is a map from the original class name to the randomized class name. 
+LESS CSS ([lesscss.org](http://lesscss.org)) is used for styles with Webpack's [CSS Modules](https://github.com/webpack-contrib/css-loader#modules). The tl;dr of this is: 1) All less files can be imported into javascript as objects and 2) All the class names within a `:local` block in the less file, which should be the entire less file, gets replace with a random string. The exported javascript object is a map from the original class name to the randomized class name.
 
 MyGreatComponent.less
+
 ```css
 :local {
   .myGreatClass {
@@ -85,6 +145,7 @@ MyGreatComponent.less
 ```
 
 MyGreatComponent.jsx
+
 ```javascript
 import stylesheet from './MyGreatComponent.less'; // { 'myGreatClass' : 'MyGreatComponent-myGreatClass-x1f2'}
 
@@ -94,14 +155,14 @@ export <div className={stylesheet.myGreatClass} />;
 This keeps styles local to a component, prevents them from being used elsewhere unintentionally, and allows for using common classnames like `.body` or `.title` without fear of duplication.
 
 ## Code style
-This project follows Squarespace's JavaScript Styles. Rather than write a Style Guide, I refer to the [Squarespace .eslintrc](https://github.com/Squarespace/eslint-config-squarespace/blob/master/vanilla/.eslintrc), which has been imported into this project. 
+
+This project follows [eslint-config-jboolean](https://github.com/jboolean/eslint-config-jboolean), based on eslint recommended rules and `prettier`.
 
 ```
 npm run lint
 ```
 
-will find style errors, and 
-
+will find style errors, and
 
 ```
 npm run lint-fix
@@ -111,25 +172,14 @@ will fix many of them.
 
 lint errors will be automatically fixed when saving changes while running `npm run watch` as well.
 
-## Types
-This project uses [Flow](https://flow.org) to add static type checking to Javascript.
+Linting is also run on commit via `husky`.
 
-**All** files should begin with the comment `//@flow ` to enable type checking unless there is a compelling reason to turn off type checking.
+### Typescript
 
-Run
+This project uses Typescript.
 
-```
-npm run flow
-```
-
-to check for type errors. It is recommended to install Flow integration into your editor.
-
-### Updating Flow's libdefs
-When dependencies are updated, type definities for third-party libraries must also be updated.
-
-```
-npm run install-libdefs
-```
+### API Client
 
-Sometimes the new libdefs are not backwards compatible, so Flow itself may also need to be upgraded at this time.
+API calls are written manually in utils files and use `axios`, with named exports matching API functions.
 
+There is no automatic generation of API clients, though it is possible to do, since the backend does produce an OpenAPI spec.