1 00:00:02,330 --> 00:00:04,970 Now that we extracted the configuration, 2 00:00:04,970 --> 00:00:08,170 What we can also do still here in app.js, 3 00:00:08,170 --> 00:00:11,780 is we can extract our custom middleware. 4 00:00:11,780 --> 00:00:13,830 We are using a bunch of middleware 5 00:00:13,830 --> 00:00:16,129 from third-party packages, 6 00:00:16,129 --> 00:00:19,130 like the URL encoded body parser, 7 00:00:19,130 --> 00:00:20,800 serving static files, 8 00:00:20,800 --> 00:00:23,960 CSRF protection and the session. 9 00:00:23,960 --> 00:00:26,110 We also got a custom middleware here. 10 00:00:26,110 --> 00:00:29,050 And of course we can write that code here, 11 00:00:29,050 --> 00:00:30,220 where we needed, 12 00:00:30,220 --> 00:00:32,740 or we store that in a separate file 13 00:00:32,740 --> 00:00:35,633 to again make this app.js file leaner. 14 00:00:36,580 --> 00:00:37,580 And I'll do that, 15 00:00:37,580 --> 00:00:39,680 I'll add a middlewares folder, 16 00:00:39,680 --> 00:00:41,930 which again is not a reserved name, 17 00:00:41,930 --> 00:00:43,650 you can use whichever name you want, 18 00:00:43,650 --> 00:00:45,740 but it is a common name. 19 00:00:45,740 --> 00:00:49,230 And in there I'll add my auth.js file 20 00:00:49,230 --> 00:00:51,760 or auth-middleware 21 00:00:51,760 --> 00:00:54,950 if you wanna be very clear about what's inside 22 00:00:54,950 --> 00:00:56,647 since this is a file that shoots the (indistinct) 23 00:00:56,647 --> 00:01:00,020 the authentication related middleware. 24 00:01:00,020 --> 00:01:00,890 And in this case, 25 00:01:00,890 --> 00:01:04,410 I only have one authentication related middleware, 26 00:01:04,410 --> 00:01:07,070 but if you had authorization as well, 27 00:01:07,070 --> 00:01:08,260 and you would be doing that 28 00:01:08,260 --> 00:01:10,130 in a separate middleware function, 29 00:01:10,130 --> 00:01:13,173 you could also have multiple middleware functions. 30 00:01:14,500 --> 00:01:16,080 So here I am now going to 31 00:01:16,080 --> 00:01:18,967 extract this async function from app.js, 32 00:01:18,967 --> 00:01:20,690 I'm going to cut it 33 00:01:20,690 --> 00:01:23,223 and add it here in auth-middleware js. 34 00:01:24,070 --> 00:01:26,310 Now this was an anonymous function 35 00:01:26,310 --> 00:01:28,630 and since I'm now defining it stand alone 36 00:01:28,630 --> 00:01:30,970 and I wanna use it in a different place, 37 00:01:30,970 --> 00:01:33,830 this can't stay an anonymous function, 38 00:01:33,830 --> 00:01:35,342 it needs a name now instead 39 00:01:35,342 --> 00:01:38,630 so that we can refer to it by that name 40 00:01:38,630 --> 00:01:40,733 in other places of our code. 41 00:01:41,960 --> 00:01:43,893 And here I'll name it, auth, 42 00:01:45,370 --> 00:01:47,880 but the name is totally up to you. 43 00:01:47,880 --> 00:01:51,980 And then all export it, just like this. 44 00:01:51,980 --> 00:01:54,870 I'm going to export this auth function 45 00:01:54,870 --> 00:01:58,180 from that auth-middleware file 46 00:01:58,180 --> 00:02:01,450 so that we can use it in other files. 47 00:02:01,450 --> 00:02:03,480 Because as you learned before, 48 00:02:03,480 --> 00:02:06,340 if you wanna use a feature like a function 49 00:02:06,340 --> 00:02:08,759 from file A in file B, 50 00:02:08,759 --> 00:02:11,660 then you have to import it in file B. 51 00:02:11,660 --> 00:02:13,820 You can't just use it by its name, 52 00:02:13,820 --> 00:02:15,913 instead you have to import it first. 53 00:02:17,140 --> 00:02:19,940 So in this case, app.js is file B 54 00:02:19,940 --> 00:02:21,460 where I wanna use it, 55 00:02:21,460 --> 00:02:25,603 so there I now do import my auth middleware. 56 00:02:26,920 --> 00:02:29,410 You can name this constant however you want 57 00:02:29,410 --> 00:02:32,073 by requiring ./middlewaresauth-middleware. 58 00:02:34,810 --> 00:02:37,060 And then this authMiddleware function 59 00:02:37,060 --> 00:02:39,043 is what I parse to app use. 60 00:02:40,886 --> 00:02:42,380 Now, unlike csrf or urlencoded 61 00:02:43,630 --> 00:02:44,720 and all these other 62 00:02:44,720 --> 00:02:46,570 third-party middlewares I added, 63 00:02:46,570 --> 00:02:48,980 this doesn't need to be executed. 64 00:02:48,980 --> 00:02:50,440 Because these functions 65 00:02:50,440 --> 00:02:53,040 which are coming from third party packages 66 00:02:53,040 --> 00:02:55,730 are actually not the middlewares themselves, 67 00:02:55,730 --> 00:02:57,030 instead these are in the end, 68 00:02:57,030 --> 00:02:59,250 all configuration functions 69 00:02:59,250 --> 00:03:01,760 which take configuration options 70 00:03:01,760 --> 00:03:03,430 at least optionally, 71 00:03:03,430 --> 00:03:06,320 in case of csrf I'm not parsing any, 72 00:03:06,320 --> 00:03:08,880 but if we could configure this as well. 73 00:03:08,880 --> 00:03:11,740 And therefore it's these configuration functions, 74 00:03:11,740 --> 00:03:14,490 which are provided by the third-party packages, 75 00:03:14,490 --> 00:03:17,820 and that's why I'm executing them here in app use. 76 00:03:17,820 --> 00:03:21,200 Because when we execute this configuration function, 77 00:03:21,200 --> 00:03:24,410 that will return us the actual middleware 78 00:03:24,410 --> 00:03:26,600 and it's then the returned middleware 79 00:03:26,600 --> 00:03:27,903 that is registered. 80 00:03:28,790 --> 00:03:30,530 In case of authMiddleware, 81 00:03:30,530 --> 00:03:33,620 I got no configuration function wrapper. 82 00:03:33,620 --> 00:03:34,530 Instead there, 83 00:03:34,530 --> 00:03:36,927 I directly defined the middleware function itself, 84 00:03:36,927 --> 00:03:40,990 the function that takes req, res and next. 85 00:03:40,990 --> 00:03:42,990 And I'm exporting this function 86 00:03:42,990 --> 00:03:45,840 so therefore this should not be executed by us, 87 00:03:45,840 --> 00:03:49,440 but instead by express, once we got incoming requests, 88 00:03:49,440 --> 00:03:52,233 this is the middleware function already. 89 00:03:53,180 --> 00:03:54,850 That's why I'm not executing 90 00:03:54,850 --> 00:03:56,720 the auth-middleware function here, 91 00:03:56,720 --> 00:03:58,480 but why I'm just pointing at it 92 00:03:58,480 --> 00:04:00,130 because I don't wanna execute it 93 00:04:00,130 --> 00:04:01,950 instead that is the middleware function 94 00:04:01,950 --> 00:04:04,150 which I wanna register with express 95 00:04:04,150 --> 00:04:07,040 so that express executes it in the future 96 00:04:07,040 --> 00:04:09,163 once I got incoming requests. 97 00:04:10,480 --> 00:04:12,260 And now if we save that, 98 00:04:12,260 --> 00:04:14,490 we can also quickly test this 99 00:04:14,490 --> 00:04:18,399 and try logging in here real quick. 100 00:04:18,399 --> 00:04:21,339 And that still seems to work just fine. 101 00:04:21,339 --> 00:04:23,630 So that authMiddleware also works 102 00:04:23,630 --> 00:04:25,963 and now I extracted this as well. 103 00:04:27,040 --> 00:04:30,380 And with that, we of course could do more, 104 00:04:30,380 --> 00:04:33,020 but I would say this is enough right now 105 00:04:33,020 --> 00:04:36,520 and that app.js file already got a bit leaner 106 00:04:36,520 --> 00:04:39,100 and our code got more structured. 107 00:04:39,100 --> 00:04:40,850 Because now for example, 108 00:04:40,850 --> 00:04:43,700 if we wanna work on the session configuration 109 00:04:43,700 --> 00:04:45,600 or on the authMiddleware, 110 00:04:45,600 --> 00:04:48,610 we don't have to search for the relevant parts 111 00:04:48,610 --> 00:04:50,090 here in app.js 112 00:04:50,090 --> 00:04:52,980 instead we can directly go to the relevant files, 113 00:04:52,980 --> 00:04:54,660 which are then way leaner 114 00:04:54,660 --> 00:04:56,690 and way more structured. 115 00:04:56,690 --> 00:04:59,723 That's the idea behind refactoring in the end. 116 00:05:00,580 --> 00:05:02,310 Now with all of that done, 117 00:05:02,310 --> 00:05:04,680 let's come back to our routes. 118 00:05:04,680 --> 00:05:08,180 We already split the routes into multiple files, 119 00:05:08,180 --> 00:05:11,450 but these files are still relatively large. 120 00:05:11,450 --> 00:05:13,890 And if you would have a look at the different routes 121 00:05:13,890 --> 00:05:15,720 that are registered there, 122 00:05:15,720 --> 00:05:18,970 you would find some code duplication in there. 123 00:05:18,970 --> 00:05:22,750 For example that session error management here. 124 00:05:22,750 --> 00:05:25,570 And whenever you see code duplication, 125 00:05:25,570 --> 00:05:27,140 that's a good indicator 126 00:05:27,140 --> 00:05:29,600 that more refactoring could be done 127 00:05:29,600 --> 00:05:33,070 and that you might be able to make your code slimmer 128 00:05:33,070 --> 00:05:35,260 and easier to manage. 129 00:05:35,260 --> 00:05:38,210 So therefore this session usage 130 00:05:38,210 --> 00:05:40,430 for error management thing 131 00:05:40,430 --> 00:05:44,410 is one aspect that could probably be outsourced 132 00:05:44,410 --> 00:05:46,120 and we're going to do that. 133 00:05:46,120 --> 00:05:47,780 But in addition to that 134 00:05:47,780 --> 00:05:49,615 what we also have in those files 135 00:05:49,615 --> 00:05:52,210 is a lot of logic related 136 00:05:52,210 --> 00:05:54,350 to working with the database. 137 00:05:54,350 --> 00:05:57,230 We're doing all the database operations in there 138 00:05:57,230 --> 00:06:01,040 and even though those operations aren't too difficult, 139 00:06:01,040 --> 00:06:03,050 it's still a lot of logic 140 00:06:03,050 --> 00:06:05,610 that lifts in this routes folder 141 00:06:05,610 --> 00:06:08,210 or in these routes files. 142 00:06:08,210 --> 00:06:10,990 And as always that's not horrible, 143 00:06:10,990 --> 00:06:15,990 but it is something you could consider doing differently. 144 00:06:16,280 --> 00:06:18,190 And that's what I'll dive in next 145 00:06:18,190 --> 00:06:19,710 before we then there after 146 00:06:19,710 --> 00:06:22,960 explore more refactoring potential 147 00:06:22,960 --> 00:06:24,993 that we might have in these files.