TODO Profile edit page – change email, etc Handle login with email when has FB account and no password Forgot password link Prettify Log page views Fix unknown props warnings Clean up server dir Log from server directory Config file Localization Allow lang override Add user language to logging Build logout route Implement Rollup import aliases Create a client fetch helper function Remove serviceUrl from fetch calls Colorize dev terminal output Add external id to UUID format Add window error handler Theming Tests Upload to remote location Analytics Authentication logic Login route calls Passport local strategy. On success, generate an JWT access token with a short expiry (5 min.). Save the access token to the response cookie with Same site set to strict. When navigating to protected routes, call an authentication api, that checks the access token cookie and if valid, returns a user object. When accessing protected api, check the access token cookie and if valid, allow access to api.