I’ll try to answer some of your questions, but to answer properly someone would have to write at least a couple of books
In the above,
192.xx.50.xx is the IP address of the PC that you’re running the backend service on and
6969 is the port that it’s listening for connections on. i.e. this has nothing to do with the mobile device. It’s a bit like a telephone number. If you phone someone you don’t need to know the number of the phone you are calling from. You only need to know the number of the person you’re calling. Of course the phone that you are calling from also has a phone number, and the other phone will be able to see that number. (Assume caller ID always works and can’t be disabled.)
So the server will get a connection from the mobile device and will know the mobile device’s IP address at that point, but your app does not need to know the mobile device’s IP address in order to make the request. using
If you already knew the above and I just misunderstood what you were saying, then I apologise
Of course, ideally you’d buy a domain (e.g.
yesiamfaded.com), acquire an SSL certificate (e.g. from Let’s Encrypt or maybe from your hosting provider) which would let you use something like:
If you find some good best practice documentation they should hopefully explain how to do the above.
Unless I’ve misunderstood what you are asking, this is not something you need to do.
There is no requirement for the server code and client code to be in the same folder.
In terms of running the server when the app starts: Usually you would have the server running constantly at a hosting provider or in the cloud (Amazon Web Services, Microsoft Azure, Google Cloud Platform, etc.)
The PostgreSQL DB needs to run on a machine that the backend code can connect to. Depending on what infrastructure you’re deploying this to and how large the database is and how much traffic you’re going to get etc. changes how you might do this. If you’re starting out small you might get a virtual machine and run the backend code and the database on the same VM. If you’re deploying to AWS you might run the backend code as a Lambda function and set up an RDS instance for the database etc. (I’ve never used AWS Lambda, so I’m not saying you should do this.) Basically there are many different ways you can do this. The simplest is probably a single “machine” (e.g. a virtual machine) running both backend and database.
The mobile device does not need to be able to make connections directly to Postgres and indeed should not be able to. It should make all requests via the backend code which can control access to the database.
You can run the app on a real device in a couple of ways. e.g. install the Expo app from the Play Store/App Store. Then on your PC run
expo publish to publish the app’s code to Expo’s servers. Then if you log in to the app on the mobile device and go to the Profile tab you should see your app under “Published Projects”. If you select it from there it should load and run.
The other option (at least for Android) is to run
expo build:android which will upload your app’s code to Expo’s build servers and at the end you will be able to download the app and install it on your Android phone (this is called “side loading” the app because it’s not installed from an official store like the Play Store). Unfortunately, iOS makes it very hard (or impossible) to side load apps. This theoretically avoids some security problems, but also makes it harder to test out your own app on a physical device. So for iOS you’d need to make use of a service like TestFlight. I have not used TestFlight before, so I’m not sure of the process.
There is some info here about building standalone apps for side loading or for uploading to TestFlight or the Play Store or App Store:
Building Standalone Apps
Uploading Apps to the Apple App Store and Google Play
Security: Don’t store any passwords or API keys in your app’s source code because if someone has the app on their phone they will be able to unpack your app and find the password in there.
In your server code don’t trust what you receive from the mobile app. e.g. don’t just trust that
hourId is a number.
There’s a lot more that could be said about security. One place to start might be OWASP
e.g. for the backend you might want to look at Top 10 Web Application Security Risks
There’s a huge amount of information on the OWASP web site, and not all of it will be relevant to you.
I hope this has helped a bit.