WEBVTT

1
00:00:01.159 --> 00:00:06.840
Now, I don't want to protect all event routes, instead just some of them, just the ones where

2
00:00:06.840 --> 00:00:08.340
we create something.

3
00:00:09.780 --> 00:00:16.560
And you can do this in Express.js by calling authenticate here, or by pointing at authenticate

4
00:00:16.560 --> 00:00:21.700
here as a second argument after this path, before the function that should actually be

5
00:00:21.700 --> 00:00:25.020
invoked for incoming requests that are sent to this path.

6
00:00:27.300 --> 00:00:35.000
For that, authenticate is imported here, and then we can add this here for the put route

7
00:00:35.730 --> 00:00:37.300
and for the delete route.

8
00:00:38.880 --> 00:00:44.400
And the get routes are not using this middleware because they should be accessible even if

9
00:00:44.400 --> 00:00:45.720
you're not authenticated.

10
00:00:48.300 --> 00:00:59.500
So now as a result, we should be able to send a get request to localhost 3000 slash events,

11
00:01:00.620 --> 00:01:01.960
and that should work.

12
00:01:02.280 --> 00:01:05.920
Indeed, I get back an array of events that have been created before.

13
00:01:06.840 --> 00:01:11.760
The first event has a bunch of nulls here because I didn't have validation back then,

14
00:01:11.860 --> 00:01:12.520
if you recall.

15
00:01:13.720 --> 00:01:15.420
But sending that request works.

16
00:01:16.220 --> 00:01:23.180
Also we can send a get request to slash events slash and then some specific ID, like 1 or

17
00:01:23.180 --> 00:01:25.240
of course also 2 here.

18
00:01:26.500 --> 00:01:29.980
These are the two events I have, and we should get that specific event data.

19
00:01:30.340 --> 00:01:32.160
So that works without authentication.

20
00:01:34.100 --> 00:01:39.880
But trying to create an event, so sending a post request to slash events with valid

21
00:01:39.880 --> 00:01:45.060
data should now fail if we don't have the token attached.

22
00:01:46.180 --> 00:01:55.000
And to attach it, you can go to headers, and then add an authorization token here or

23
00:01:55.000 --> 00:01:56.040
authorization header.

24
00:01:57.800 --> 00:02:02.300
And then the value is bearer, blank, and then a valid token.

25
00:02:04.080 --> 00:02:06.020
Now how do you get a valid token?

26
00:02:06.480 --> 00:02:09.259
Well, by creating a user or by logging in.

27
00:02:09.979 --> 00:02:14.580
So here I'll log in with those credentials, which I used before for creating a user.

28
00:02:16.560 --> 00:02:23.100
And it's then this token here, this long string, which you want to copy, and which you then

29
00:02:23.100 --> 00:02:28.040
should paste as a value after this blank, after bearer here.

30
00:02:29.600 --> 00:02:32.100
And that attaches the token to the request.

31
00:02:34.060 --> 00:02:37.620
If you now click send, you see I got back a success response again.

32
00:02:38.100 --> 00:02:42.080
The post, the event, I mean, was created.

33
00:02:44.380 --> 00:02:50.320
If I change the token and I remove the E, I make it invalid, and hence I get an invalid

34
00:02:50.320 --> 00:02:51.260
token response.

35
00:02:53.299 --> 00:02:55.640
So that seems to work the way it should.

36
00:02:56.040 --> 00:03:00.180
We can now create events, but only if we're authenticated.

37
00:03:02.300 --> 00:03:06.120
Now let's, of course, also test whether we can add it or delete events.

38
00:03:06.820 --> 00:03:17.080
And for that, I'll actually create a new request here where I want to put or where I want to

39
00:03:17.080 --> 00:03:24.700
send a put request because I'm expecting a put request to slash events slash some ID.

40
00:03:25.970 --> 00:03:28.540
That's a placeholder for any specific ID.

41
00:03:29.580 --> 00:03:36.000
I can send requests here, and I can attach the data with which I want to update the event

42
00:03:36.000 --> 00:03:37.100
for a specific ID.

43
00:03:39.540 --> 00:03:49.420
So I put request to HTTP localhost 3000 slash events slash free, let's say, and then add

44
00:03:49.420 --> 00:03:52.640
a body raw JSON.

45
00:03:55.620 --> 00:04:01.220
And I'll now copy the body from before, which I used before for creating an event, and I'll

46
00:04:01.220 --> 00:04:03.000
paste it here for the put request.

47
00:04:04.680 --> 00:04:10.940
But I'll now change it a little bit and say a test event updated so that we can tell that

48
00:04:10.940 --> 00:04:11.520
this works.

49
00:04:12.840 --> 00:04:18.600
And I'll also say updated here and have my updated test street and a different time.

50
00:04:19.980 --> 00:04:23.860
Now this would fail because I haven't added a token yet.

51
00:04:24.460 --> 00:04:29.440
That's why I get missing authorization header as an error message down here.

52
00:04:31.380 --> 00:04:37.920
So again, just as before, we need to add the authorization header, bearer blank, and use

53
00:04:37.920 --> 00:04:41.280
that same header we used before for creating the event.

54
00:04:42.640 --> 00:04:50.080
So copy that or copy it here from the response of the login request.

55
00:04:50.980 --> 00:04:56.640
Copy that and put it here after the blank after bearer.

56
00:04:57.880 --> 00:04:58.740
That seems to work.

57
00:05:00.000 --> 00:05:01.900
To verify whether it works,

58
00:05:02.000 --> 00:05:05.380
we can grab this specific event with ID three,

59
00:05:05.540 --> 00:05:06.420
which I just updated,

60
00:05:06.860 --> 00:05:10.500
and send a get request to events slash three,

61
00:05:10.780 --> 00:05:14.020
and you see all the updated data was stored here.

62
00:05:15.460 --> 00:05:17.780
Last but not least, let's try deleting.

63
00:05:19.520 --> 00:05:26.220
Send a delete request to localhost 3000 slash events,

64
00:05:26.620 --> 00:05:30.060
and then slash the ID of the event we want to delete,

65
00:05:30.160 --> 00:05:32.540
and let's say it's the event with ID four.

66
00:05:33.820 --> 00:05:35.720
Without anything else that fails,

67
00:05:36.060 --> 00:05:37.480
we don't need to add a body,

68
00:05:37.720 --> 00:05:40.960
but we do need to add this authorization header,

69
00:05:41.280 --> 00:05:44.620
bearer, blank, and a valid token,

70
00:05:44.920 --> 00:05:46.300
and now it was deleted.

71
00:05:48.180 --> 00:05:51.560
We can confirm that it was deleted by sending

72
00:05:51.560 --> 00:05:55.440
a get request to slash events without a specific ID.

73
00:05:55.820 --> 00:05:57.460
This will get us all events,

74
00:05:57.960 --> 00:05:59.800
and we see one, two, three are there,

75
00:05:59.940 --> 00:06:01.000
but the fourth event,

76
00:06:01.340 --> 00:06:03.220
the event with ID four was deleted,

77
00:06:03.300 --> 00:06:06.880
because that's exactly what I did with help of this request.

78
00:06:09.100 --> 00:06:10.760
That's not working the way it should.

79
00:06:10.980 --> 00:06:12.620
We don't have image upload, of course.

80
00:06:12.740 --> 00:06:13.760
We'll add this later,

81
00:06:13.820 --> 00:06:14.800
but that's not working,

82
00:06:15.100 --> 00:06:18.580
and we added all that functionality with help of GitHub Copilot,

83
00:06:18.940 --> 00:06:21.760
and of course, some manual programming work here.