From 8e66334fc16a7ccac532f8ab3201f87a9d74a31d Mon Sep 17 00:00:00 2001
From: Corey Albright <Hawaiideveloper@users.noreply.github.com>
Date: Fri, 4 Dec 2020 16:23:53 -0500
Subject: [PATCH 1/3] Update README.md

this is an edit for production env only.

as the reset password function refers users to the localhost when using a production site.  To fix such incident, I have added to the env am environmental update that references a strict address called "RESET_PASSWORD" so that it can be referenced in the auth.js file
---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 42ce86b..4939f94 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,7 @@ MONGO_URI=mongodb://localhost:27017/nodeapi
 PORT=8080
 JWT_SECRET=xxxxxx
 CLIENT_URL=http://localhost:3000
+RESET_PASSWORD=://[enter_public_ip_for_production]
 REACT_APP_GOOGLE_CLIENT_ID=xxxxxx.apps.googleusercontent.com
 ```
 

From b722a8389118631eadf2bc59e9243558924cd06b Mon Sep 17 00:00:00 2001
From: Corey Albright <Hawaiideveloper@users.noreply.github.com>
Date: Fri, 4 Dec 2020 16:24:48 -0500
Subject: [PATCH 2/3] Update auth.js

---
 controllers/auth.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/controllers/auth.js b/controllers/auth.js
index 8e1b66e..97a0b23 100644
--- a/controllers/auth.js
+++ b/controllers/auth.js
@@ -78,10 +78,10 @@ exports.forgotPassword = (req, res) => {
             to: email,
             subject: 'Password Reset Instructions',
             text: `Please use the following link to reset your password: ${
-                process.env.CLIENT_URL
+                process.env.RESET_PASSWORD
             }/reset-password/${token}`,
             html: `<p>Please use the following link to reset your password:</p> <p>${
-                process.env.CLIENT_URL
+                process.env.RESET_PASSWORD
             }/reset-password/${token}</p>`
         };
 

From 0459bd88b94ac9863ed8e9405545f08fcbd8bd97 Mon Sep 17 00:00:00 2001
From: Corey Albright <Hawaiideveloper@users.noreply.github.com>
Date: Fri, 4 Dec 2020 16:31:33 -0500
Subject: [PATCH 3/3] Update auth.js

added new comments on line 76 and 77
lines 81 and 84 have been changed and should only be used for production environments only.  as the developer environment will work fine for localhost, but when in production the email sent should reflect the production address mentioned in the .env file
---
 controllers/auth.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/controllers/auth.js b/controllers/auth.js
index 97a0b23..308dda5 100644
--- a/controllers/auth.js
+++ b/controllers/auth.js
@@ -73,6 +73,8 @@ exports.forgotPassword = (req, res) => {
         const token = jwt.sign({ _id: user._id, iss: process.env.APP_NAME }, process.env.JWT_SECRET);
 
         // email data
+        // Change RESET_PASSWORD to CLIENT_URL if you are in a Development Environment, as
+        // RESET_PASSWORD is only used in production environments
         const emailData = {
             from: 'noreply@node-react.com',
             to: email,