@icarusmx/creta 1.5.12 → 1.5.14

package/lib/exercises/{curl-and-pipes.md → 06-curl-and-pipes.md}

@@ -10,6 +10,45 @@ This document uses fold markers `{{{` and `}}}` for organized reading.
 
 }}}
 
+## 📜 What is curl? {{{
+
+**curl** stands for "Client URL" - a command-line tool for transferring data with URLs.
+
+**Created:** 1997 by Daniel Stenberg (Swedish developer)
+**Original purpose:** Transfer files over networks without GUI
+**Today's use:** The universal tool for testing APIs, downloading files, and debugging HTTP requests
+
+**Why curl won:**
+- Pre-installed on macOS, Linux, and Windows 10+
+- Supports HTTP, HTTPS, FTP, and 20+ protocols
+- Scriptable, pipe-friendly, and lightweight
+- Used by millions of developers daily
+
+**Fun fact:** curl powers more devices than you think - from smart cars to Mars rovers to your terminal.
+
+}}}
+
+## 🔑 Essential curl Flags (Quick Overview) {{{
+
+Before diving into real-world scenarios, here are the flags you'll use 90% of the time:
+
+| Flag | Purpose | Example |
+|------|---------|---------|
+| `-s` | Silent (no progress bar) | `curl -s https://api.github.com` |
+| `-L` | Follow redirects | `curl -sL https://icarus.mx/creta` |
+| `-i` | Include HTTP headers | `curl -si https://api.github.com` |
+| `-H` | Add custom header | `curl -H "Authorization: Bearer $TOKEN"` |
+| `-w` | Custom output format | `curl -s -w "%{http_code}"` |
+
+**Pattern you'll see everywhere:**
+```bash
+curl -sL [URL] | grep [pattern]
+```
+
+**Translation:** "Silently fetch this URL, follow redirects, and filter the output."
+
+}}}
+
 ## 🚨 Problem: Need Quick API Insights Without Postman {{{
 
 You're debugging an API and need to:
@@ -42,8 +81,8 @@ curl [API] | [filter] | [process] | [output]
 
 **Real example:**
 ```bash
-# Count active users in one line
-curl -s https://api.example.com/users | grep "active" | wc -l
+# Count lines in Creta README
+curl -sL https://icarus.mx/creta/README.md | wc -l
 ```
 
 **Benefits:**
@@ -92,19 +131,19 @@ curl -si https://api.github.com/users/fake123 | head -n 1
 
 ### -L (Follow Redirects) {{{
 
-**Problem:** Short URLs redirect, curl doesn't follow by default
+**Problem:** URLs redirect, curl doesn't follow by default
 
 ```bash
 # Without -L (stops at redirect)
-curl -s https://bit.ly/example
-# <redirect HTML>
+curl -s https://icarus.mx/creta/README.md
+# <HTML redirect page>
 
 # With -L (follows to final destination)
-curl -sL https://bit.ly/example
-# <actual content>
+curl -sL https://icarus.mx/creta/README.md
+# # Creta - Tu Compañero de Terminal...
 ```
 
-**Use:** Essential for shortened URLs, CDN redirects, HTTPS upgrades.
+**Use:** Essential for CDN redirects, HTTPS upgrades, URL shorteners.
 
 }}}
 
@@ -114,16 +153,16 @@ curl -sL https://bit.ly/example
 
 ```bash
 # Add authorization header
-curl -s -H "Authorization: Bearer $TOKEN" https://api.example.com/protected
+curl -s -H "Authorization: Bearer $TOKEN" https://api.icarus.mx/admin/students
 
 # Specify JSON content type
-curl -s -H "Content-Type: application/json" https://api.example.com/data
+curl -s -H "Content-Type: application/json" https://api.icarus.mx/config
 
 # Multiple headers
 curl -s \
   -H "Authorization: Bearer $TOKEN" \
   -H "Accept: application/json" \
-  https://api.example.com/users
+  https://api.icarus.mx/students
 ```
 
 }}}
@@ -294,10 +333,10 @@ curl -s https://jsonplaceholder.typicode.com/posts | grep "userId" | sort | uniq
 
 ```bash
 # Check status code
-curl -s -w "%{http_code}" -o /dev/null https://api.myapp.com/health
+curl -s -w "%{http_code}" -o /dev/null https://api.icarus.mx/health
 
 # One-liner health check
-if [ $(curl -s -w "%{http_code}" -o /dev/null https://api.myapp.com/health) -eq 200 ]; then
+if [ $(curl -s -w "%{http_code}" -o /dev/null https://api.icarus.mx/health) -eq 200 ]; then
   echo "✅ API is healthy"
 else
   echo "❌ API is down"
@@ -314,13 +353,13 @@ fi
 
 ```bash
 # Count ERROR lines in logs API
-curl -s https://logs.myapp.com/last-hour | grep "ERROR" | wc -l
+curl -s https://logs.icarus.mx/last-hour | grep "ERROR" | wc -l
 
 # Find critical errors only
-curl -s https://logs.myapp.com/last-hour | grep "CRITICAL" | wc -l
+curl -s https://logs.icarus.mx/last-hour | grep "CRITICAL" | wc -l
 
 # Group by error type
-curl -s https://logs.myapp.com/last-hour | grep "ERROR" | cut -d':' -f2 | sort | uniq -c
+curl -s https://logs.icarus.mx/last-hour | grep "ERROR" | cut -d':' -f2 | sort | uniq -c
 ```
 
 **Use case:** Incident response, debugging production issues.
@@ -333,14 +372,14 @@ curl -s https://logs.myapp.com/last-hour | grep "ERROR" | cut -d':' -f2 | sort |
 
 ```bash
 # Test: Does response contain expected field?
-curl -s https://api.myapp.com/config | grep -q "version" && echo "✅ Pass" || echo "❌ Fail"
+curl -s https://api.icarus.mx/config | grep -q "version" && echo "✅ Pass" || echo "❌ Fail"
 
-# Test: Is there at least one user?
-USER_COUNT=$(curl -s https://api.myapp.com/users | grep "\"id\":" | wc -l)
-if [ $USER_COUNT -gt 0 ]; then
-  echo "✅ Users endpoint working"
+# Test: Is there at least one student?
+STUDENT_COUNT=$(curl -s https://api.icarus.mx/students | grep "\"id\":" | wc -l)
+if [ $STUDENT_COUNT -gt 0 ]; then
+  echo "✅ Students endpoint working"
 else
-  echo "❌ No users returned"
+  echo "❌ No students returned"
 fi
 ```
 
@@ -353,18 +392,18 @@ fi
 **Problem:** Download API data, filter active records, save to file
 
 ```bash
-# Extract active users to file
-curl -s https://api.myapp.com/users | grep "\"status\": \"active\"" > active-users.json
+# Extract active students to file
+curl -s https://api.icarus.mx/students | grep "\"status\": \"active\"" > active-students.json
 
-# Extract and count
-curl -s https://api.myapp.com/orders | grep "\"status\": \"pending\"" | wc -l > pending-orders.txt
+# Extract and count pending submissions
+curl -s https://api.icarus.mx/submissions | grep "\"status\": \"pending\"" | wc -l > pending-submissions.txt
 
-# Multi-step pipeline
-curl -s https://api.github.com/users/github/repos \
+# Multi-step pipeline: Get all lesson names
+curl -s https://api.icarus.mx/lessons \
   | grep "\"name\":" \
   | sed 's/.*"name": "\(.*\)".*/\1/' \
   | sort \
-  > repo-names.txt
+  > lesson-names.txt
 ```
 
 **Use case:** ETL jobs, data exports, scheduled reports.
@@ -398,10 +437,10 @@ curl -si https://api.github.com/users/github \
 
 ```bash
 # Get response from v1
-curl -s https://api.myapp.com/v1/users > v1-response.json
+curl -s https://api.icarus.mx/v1/students > v1-response.json
 
 # Get response from v2
-curl -s https://api.myapp.com/v2/users > v2-response.json
+curl -s https://api.icarus.mx/v2/students > v2-response.json
 
 # Compare
 diff v1-response.json v2-response.json
@@ -519,10 +558,10 @@ curl -s https://jsonplaceholder.typicode.com/users \
 
 ```bash
 # ❌ Bad: progress bar interferes with grep
-curl https://api.example.com | grep "name"
+curl https://api.icarus.mx/students | grep "name"
 
 # ✅ Good: clean output
-curl -s https://api.example.com | grep "name"
+curl -s https://api.icarus.mx/students | grep "name"
 ```
 
 }}}
@@ -533,10 +572,10 @@ curl -s https://api.example.com | grep "name"
 
 ```bash
 # ❌ Bad: processes error HTML as JSON
-curl -s https://api.example.com/fake | grep "name"
+curl -s https://api.icarus.mx/fake | grep "name"
 
 # ✅ Good: check status first
-RESPONSE=$(curl -s -w "\n%{http_code}" https://api.example.com/users)
+RESPONSE=$(curl -s -w "\n%{http_code}" https://api.icarus.mx/students)
 STATUS=$(echo "$RESPONSE" | tail -n 1)
 BODY=$(echo "$RESPONSE" | head -n -1)
 
@@ -556,13 +595,13 @@ fi
 
 ```bash
 # Pipes: Quick field search
-curl -s https://api.example.com/users | grep "email"
+curl -s https://api.icarus.mx/students | grep "email"
 
 # jq: Proper JSON parsing
-curl -s https://api.example.com/users | jq '.[].email'
+curl -s https://api.icarus.mx/students | jq '.[].email'
 
 # jq: Complex queries
-curl -s https://api.example.com/users | jq '.[] | select(.id > 5) | .name'
+curl -s https://api.icarus.mx/students | jq '.[] | select(.id > 5) | .name'
 ```
 
 **Rule of thumb:** If you need more than 2-3 greps/seds, switch to jq.
@@ -575,15 +614,15 @@ curl -s https://api.example.com/users | jq '.[] | select(.id > 5) | .name'
 
 ```bash
 # ❌ Bad: hits API every time you test
-curl -s https://api.example.com/users | grep "name"
-curl -s https://api.example.com/users | grep "email"
-curl -s https://api.example.com/users | grep "phone"
+curl -s https://api.icarus.mx/students | grep "name"
+curl -s https://api.icarus.mx/students | grep "email"
+curl -s https://api.icarus.mx/students | grep "phone"
 
 # ✅ Good: save once, test multiple times
-curl -s https://api.example.com/users > users.json
-cat users.json | grep "name"
-cat users.json | grep "email"
-cat users.json | grep "phone"
+curl -s https://api.icarus.mx/students > students.json
+cat students.json | grep "name"
+cat students.json | grep "email"
+cat students.json | grep "phone"
 ```
 
 }}}
@@ -594,7 +633,7 @@ cat users.json | grep "phone"
 
 ```bash
 # Store response
-RESPONSE=$(curl -s https://api.example.com/users)
+RESPONSE=$(curl -s https://api.icarus.mx/students)
 
 # Check if empty
 if [ -z "$RESPONSE" ]; then
@@ -614,10 +653,10 @@ echo "$RESPONSE" | grep "name"
 
 ```bash
 # Default: waits forever
-curl -s https://slow-api.example.com
+curl -s https://api.icarus.mx/analytics
 
 # With timeout: fails after 10 seconds
-curl -s --max-time 10 https://slow-api.example.com
+curl -s --max-time 10 https://api.icarus.mx/analytics
 ```
 
 }}}
@@ -677,19 +716,19 @@ curl -s URL | grep "active" > output.txt
 
 ```bash
 # Health check
-curl -s -w "%{http_code}" -o /dev/null https://api.example.com/health
+curl -s -w "%{http_code}" -o /dev/null https://api.icarus.mx/health
 
 # Count records
-curl -s https://api.example.com/users | grep "\"id\":" | wc -l
+curl -s https://api.icarus.mx/students | grep "\"id\":" | wc -l
 
 # Extract field
-curl -s https://api.example.com/config | grep "version" | sed 's/.*"version": "\(.*\)".*/\1/'
+curl -s https://api.icarus.mx/config | grep "version" | sed 's/.*"version": "\(.*\)".*/\1/'
 
 # Monitor errors
-curl -s https://logs.example.com/today | grep "ERROR" | wc -l
+curl -s https://logs.icarus.mx/today | grep "ERROR" | wc -l
 
 # Test endpoint
-curl -s https://api.example.com/users | grep -q "data" && echo "OK" || echo "FAIL"
+curl -s https://api.icarus.mx/students | grep -q "data" && echo "OK" || echo "FAIL"
 ```
 
 }}}
@@ -721,7 +760,7 @@ echo -e "api.service1.com\napi.service2.com\napi.service3.com" \
 
 ```bash
 # Stream large response
-curl -s https://api.example.com/large-dataset \
+curl -s https://api.icarus.mx/analytics \
   | while IFS= read -r line; do
       echo "$line" | grep "active" >> active-records.txt
     done
@@ -733,28 +772,104 @@ curl -s https://api.example.com/large-dataset \
 
 ### Authenticated API Requests {{{
 
-**JWT token example:**
+**Progressive security: unsafe → safe → production**
+
+#### 🚨 Level 0: Hardcoded (NEVER do this)
+
+```bash
+# ❌ DANGER: JWT visible in shell history
+curl -s -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c" \
+  https://api.icarus.mx/admin/students | grep "data"
+
+# Verify the problem: token saved forever
+history | tail -n 2
+# 482  curl -s -H "Authorization: Bearer eyJhbGci...
+```
+
+**Why dangerous:**
+- Stored in `~/.bash_history` forever
+- Visible in `ps aux` while running
+- Accidentally committed to git
+- Leaked in screenshots/demos
+
+#### ✅ Level 1: Environment Variable (Basic safety)
 
 ```bash
-# Store token
-TOKEN="your-jwt-token-here"
+# Store JWT in variable (not in command)
+TOKEN="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U"
 
-# Authenticated request
+# Use variable (history only shows $TOKEN)
 curl -s -H "Authorization: Bearer $TOKEN" \
-  https://api.example.com/protected \
-  | grep "data"
+  https://api.icarus.mx/admin/students | grep "data"
+
+# Check history - no JWT visible!
+history | tail -n 1
+# 483  curl -s -H "Authorization: Bearer $TOKEN" ...
 ```
 
-**Environment variable:**
+**Better, but:** Token still in memory during session.
+
+#### ✅ Level 2: .env File (Recommended for scripts)
 
 ```bash
-# In .env or .bashrc
-export API_TOKEN="your-token"
+# Create .env file (add to .gitignore!)
+cat > .env <<'EOF'
+ICARUS_JWT=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U
+EOF
+
+# Protect .env and ensure it's ignored
+chmod 600 .env
+echo '.env' >> .gitignore
+
+# Source environment
+source .env
 
-# In script
-curl -s -H "Authorization: Bearer $API_TOKEN" https://api.example.com/protected
+# Use safely
+curl -s -H "Authorization: Bearer $ICARUS_JWT" \
+  https://api.icarus.mx/admin/students | grep "data"
 ```
 
+**Best practice:** Never commit .env to version control.
+
+#### ✅ Level 3: Secure File Read (No environment variables)
+
+```bash
+# Store JWT in protected file
+echo 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U' > ~/.icarus-jwt
+chmod 600 ~/.icarus-jwt  # Only you can read
+
+# Read directly in subshell (never enters environment)
+curl -s -H "Authorization: Bearer $(cat ~/.icarus-jwt)" \
+  https://api.icarus.mx/admin/students | grep "data"
+
+# Verify: no JWT in environment
+env | grep -i jwt
+# (empty - JWT never loaded into environment)
+```
+
+**Advantage:** Token never enters shell environment.
+
+#### 🔒 Level 4: Production (Keychain/Secret Manager)
+
+```bash
+# macOS Keychain
+security add-generic-password -a "$USER" -s icarus-jwt -w "eyJhbGci..."
+JWT=$(security find-generic-password -a "$USER" -s icarus-jwt -w)
+curl -s -H "Authorization: Bearer $JWT" https://api.icarus.mx/admin/students
+
+# Linux pass (password-store)
+pass insert icarus/jwt
+JWT=$(pass show icarus/jwt)
+curl -s -H "Authorization: Bearer $JWT" https://api.icarus.mx/admin/students
+
+# GitHub Actions / CI/CD
+# Use encrypted secrets, never hardcode
+curl -s -H "Authorization: Bearer ${{ secrets.ICARUS_JWT }}" \
+  https://api.icarus.mx/admin/students
+```
+
+**Production rule:** If you can see your JWT in `history` or `env`, you did it wrong.
+
 }}}
 
 ### POST Requests with Data {{{
@@ -788,34 +903,34 @@ curl -s -X POST \
 
 1. **Combine with watch for live monitoring:**
    ```bash
-   watch -n 5 'curl -s https://api.example.com/metrics | grep "active" | wc -l'
+   watch -n 5 'curl -s https://api.icarus.mx/metrics | grep "active" | wc -l'
    ```
 
 2. **Save complex one-liners as shell functions:**
    ```bash
    # In .bashrc or .zshrc
    api_health() {
-     curl -s -w "%{http_code}" -o /dev/null "https://api.example.com/$1"
+     curl -s -w "%{http_code}" -o /dev/null "https://api.icarus.mx/$1"
    }
 
    # Usage
-   api_health users  # Check /users endpoint
+   api_health students  # Check /students endpoint
    ```
 
 3. **Use aliases for frequent API checks:**
    ```bash
-   alias check-api='curl -s https://api.myapp.com/health | grep "ok"'
+   alias check-api='curl -s https://api.icarus.mx/health | grep "ok"'
    ```
 
 4. **Pipe to pbcopy (Mac) or xclip (Linux) to copy output:**
    ```bash
-   curl -s https://api.example.com/users | grep "email" | pbcopy
+   curl -sL https://icarus.mx/creta/README.md | pbcopy
    ```
 
 5. **Chain with git for API version tracking:**
    ```bash
-   curl -s https://api.example.com/schema > schema.json
-   git diff schema.json  # See what changed
+   curl -s https://api.icarus.mx/config > config.json
+   git diff config.json  # See what changed
    ```
 
 }}}