1. UI
a. What did you struggle with when adding logins and authorization to your front-end?
	I struggled a lot with creating the Material UI elements for the login and logout page. I also struggled with figuring out how the website should flow now that accounts and authorization needed to be added.


2. Login Endpoint
a. What did you struggle with when adding logins and authorization to your back-end?
	I struggled a little with implementing logins and authorization to the back-end. I had to refactor the book table to include a user id (for editing and deletion permissions), which made made had to refactor the Jest tests slightly. After that, it was a matter of properly implementing cookies, token storage, and authorization checks. Activity 4a proved to be really helpful and made this part of the homework not as bad as implementing the front-end.


3. Security Audit
a. If your app was vulnerable to XSS attacks, explain what you did to mitigate them. If it wasn’t, explain why.
	As far as I can tell, my site has some protection against XSS attacks. In my live version, I tried adding books and authors with a <script> tag, and thankfully the code is not executed as JS. I assume this has to do with Zod and TypeScript making sure fields are strings and not HTML tags.

b. If your app was vulnerable to CSRF attacks, explain what you did to mitigate them. If it wasn’t, explain why.
	As far as I can tell, my site has some protection against CSRF attacks. I logged into an account and ran another HTML file that attempted to modify the database. In response, my server sent back the JSON object { authorization: false }, which means the login token was undefined. This is due to the cookie options I set, which does not allow JS to touch the token cookie or have the cookie be used by other sites.

c. If you added rate limiting with a firewall, include what commands you ran/packages you used. If you added rate limiting to your application code, indicate this.
	I did not add any rate limiting to my live version. I had trouble getting my live version to work, so I don't want to add anything that might break it.

d. Explain what HTTP headers you set, what they do, and why they’re useful.
	I did not set any HTTP headers to my live version. This is due to not wanting to break my live version. The only similar thing I did was update my sites DNS records to use HTTP and HTTPS for hw4.jmj379.xyz.

e. If you did anything else to secure your app, explain what you did and why.
	I did not add anything else to secure my live version. As it is, it is vulnerable to being taken down or the database being erased due to no account security.