WEBVTT 1 00:00:01.820 --> 00:00:09.320 So, there are two things I'd like to add here to improve this event creation process, 2 00:00:09.500 --> 00:00:10.800 if you want to call it like this. 3 00:00:11.860 --> 00:00:17.840 And the first thing is that I want to validate the submitted data here when I create an event, 4 00:00:17.920 --> 00:00:22.560 for example, before I call createEvent where the data gets stored in the database. 5 00:00:22.700 --> 00:00:24.440 It should be validated first. 6 00:00:26.620 --> 00:00:31.140 In a second step thereafter, I want to make sure that all these event routes are only 7 00:00:31.140 --> 00:00:34.180 accessible for authenticated users. 8 00:00:35.260 --> 00:00:41.180 So users who have such a token, if you remember that, this JSON Web Token, we will need it 9 00:00:41.180 --> 00:00:41.500 soon. 10 00:00:42.600 --> 00:00:45.100 But first I'll start with validation. 11 00:00:46.540 --> 00:00:53.660 For that, I'll highlight this code and I'll ask Copilot to add validation to ensure title, 12 00:00:54.380 --> 00:00:58.660 description, address and date are all not empty. 13 00:01:00.240 --> 00:01:05.680 Also not just a bunch of blanks and valid values. 14 00:01:07.220 --> 00:01:10.440 Let's see what we get by sending this to the AI. 15 00:01:14.200 --> 00:01:15.200 That looks pretty good. 16 00:01:15.540 --> 00:01:21.080 We check if title, description and so on are empty or just a bunch of blank strings, just 17 00:01:21.080 --> 00:01:21.980 a bunch of blanks. 18 00:01:22.700 --> 00:01:28.840 For the date, we also try to convert this to a date object or parse it as a date and 19 00:01:28.840 --> 00:01:34.920 check whether that worked and send back an error response if we got invalid input data. 20 00:01:36.660 --> 00:01:37.540 That's looking good. 21 00:01:38.360 --> 00:01:44.860 We also trim the data before sending it to the database to remove access whitespace, 22 00:01:45.100 --> 00:01:46.560 which also makes sense, I'd say. 23 00:01:47.780 --> 00:01:49.020 So let's accept this. 24 00:01:49.920 --> 00:01:57.180 And with that change made, let's try sending a POST request to slash events without any 25 00:01:57.180 --> 00:01:58.080 event data again. 26 00:01:59.930 --> 00:02:03.560 And this time we get back invalid input data as we should. 27 00:02:04.970 --> 00:02:13.980 The fix now is to send a body with JSON data attached to it and there we now should have 28 00:02:14.280 --> 00:02:25.840 a title like a test event, a description like testing, and if I sent this, I should 29 00:02:25.840 --> 00:02:30.780 still get an error because that's not all the data we need because we also need an address. 30 00:02:31.700 --> 00:02:33.720 And let's try sending a bunch of blanks here. 31 00:02:33.900 --> 00:02:34.900 That should not work. 32 00:02:37.040 --> 00:02:49.240 Send a date and here I'll send something like 2025 somewhere in July, let's say, and 33 00:02:49.240 --> 00:02:53.420 then something like that. 34 00:02:54.160 --> 00:02:58.280 Let's send this invalid input data because the address is invalid. 35 00:02:58.760 --> 00:03:04.600 So let's put in a valid address, test street 5, test city 5. 36 00:03:06.600 --> 00:03:07.520 And that looks better. 37 00:03:08.060 --> 00:03:09.500 And that data was now stored. 38 00:03:11.040 --> 00:03:17.200 Now you might still be able to catch some niche cases where data is stored that maybe 39 00:03:17.200 --> 00:03:22.520 shouldn't be stored, that's not really appropriate as a title, for example. 40 00:03:23.900 --> 00:03:28.660 You could enforce a maximum length for the title, you could definitely tweak the code, 41 00:03:28.880 --> 00:03:32.020 but this demo, of course, is not so much about the app. 42 00:03:32.600 --> 00:03:37.620 Instead it is about building the app with help of AI and therefore I'm happy with this 43 00:03:37.620 --> 00:03:38.320 solution here. 44 00:03:40.840 --> 00:03:46.740 And hence the next step for me is to make sure that we also perform validation here 45 00:03:46.740 --> 00:03:53.080 when we edit an event and that then we also enforce that only authenticated users can 46 00:03:53.200 --> 00:03:58.700 visit these event routes or at least the routes where we create or change events.