1
00:00:02,040 --> 00:00:04,640
So let's implement authentication now.

2
00:00:04,640 --> 00:00:07,670
And that means just to recall what you learned

3
00:00:07,670 --> 00:00:10,210
in the authentication section,

4
00:00:10,210 --> 00:00:14,180
that we wanna use the session that we have anyways,

5
00:00:14,180 --> 00:00:17,560
and which unauthenticated users will have as well

6
00:00:17,560 --> 00:00:20,260
to store extra data in that session,

7
00:00:20,260 --> 00:00:24,240
which identifies a given user as authenticated.

8
00:00:24,240 --> 00:00:26,270
Now, for this, of course,

9
00:00:26,270 --> 00:00:30,930
we start our journey in the login form.

10
00:00:30,930 --> 00:00:34,190
So in views, customer auth login.

11
00:00:34,190 --> 00:00:37,030
Because it's the submission off the login form

12
00:00:37,030 --> 00:00:39,740
and the validation of the submitted data

13
00:00:39,740 --> 00:00:42,033
that will ultimately log a user in.

14
00:00:43,057 --> 00:00:44,220
And for this, for example,

15
00:00:44,220 --> 00:00:46,210
the action of that login form

16
00:00:46,210 --> 00:00:48,980
should of course not point to /signup,

17
00:00:48,980 --> 00:00:50,883
but instead to /login.

18
00:00:52,030 --> 00:00:53,700
I'll still use a post request

19
00:00:53,700 --> 00:00:56,240
because I will change something on the server,

20
00:00:56,240 --> 00:01:00,683
I will change my session to mark that user as logged in.

21
00:01:01,970 --> 00:01:04,050
Now, the rest of the form should be fine,

22
00:01:04,050 --> 00:01:07,773
and therefore, we can now move to the auth controller.

23
00:01:08,760 --> 00:01:12,130
There, we added a function for assigning users up,

24
00:01:12,130 --> 00:01:15,550
we have a function for showing the login page here,

25
00:01:15,550 --> 00:01:18,423
but we have no function for handling user login,

26
00:01:19,280 --> 00:01:21,670
that's the next function we have to add here,

27
00:01:21,670 --> 00:01:23,023
a login function.

28
00:01:24,290 --> 00:01:27,050
As always, we get the request and response,

29
00:01:27,050 --> 00:01:31,303
and we can now add our login logic in here.

30
00:01:32,170 --> 00:01:34,970
Now, what is the login logic?

31
00:01:34,970 --> 00:01:38,320
Well, in the end, we got a couple of steps to go through.

32
00:01:38,320 --> 00:01:40,530
We have to check if we find a user

33
00:01:40,530 --> 00:01:42,890
for the provided email address,

34
00:01:42,890 --> 00:01:45,223
if we don't, we can't log the user in.

35
00:01:46,240 --> 00:01:47,730
If we did find a user,

36
00:01:47,730 --> 00:01:49,750
we'll have to validate the password

37
00:01:49,750 --> 00:01:52,740
and see if the entered password matches the password

38
00:01:52,740 --> 00:01:54,630
stored in the database,

39
00:01:54,630 --> 00:01:58,470
if it doesn't, we don't have an authenticated user.

40
00:01:58,470 --> 00:01:59,580
If it does match,

41
00:01:59,580 --> 00:02:02,870
we do have a user with the correct credentials,

42
00:02:02,870 --> 00:02:06,270
and then we wanna edit to session of that user

43
00:02:06,270 --> 00:02:10,100
such that we basically reflect that fact,

44
00:02:10,100 --> 00:02:13,120
that we stored that this user should be treated

45
00:02:13,120 --> 00:02:14,203
as logged in.

46
00:02:15,790 --> 00:02:19,160
So therefore, I'll actually start working in my user model

47
00:02:19,160 --> 00:02:20,840
because there, I wanna add methods

48
00:02:20,840 --> 00:02:22,880
for comparing the password

49
00:02:22,880 --> 00:02:25,960
and for all the checking if that user exists already

50
00:02:25,960 --> 00:02:29,430
if we do find a user for the given email address.

51
00:02:29,430 --> 00:02:32,200
Therefore in there, I'll add a new method

52
00:02:32,200 --> 00:02:35,243
which I'll call getUserWithSameEmail.

53
00:02:36,830 --> 00:02:38,140
Of course, the name is up to you,

54
00:02:38,140 --> 00:02:41,810
but this describes pretty well what this method will do.

55
00:02:41,810 --> 00:02:43,790
And in this method here,

56
00:02:43,790 --> 00:02:47,813
I want to reach out to the database,

57
00:02:48,780 --> 00:02:52,263
of course, again, to the users collection,

58
00:02:54,500 --> 00:02:57,570
and then in there, I want to call findOne,

59
00:02:57,570 --> 00:03:00,670
which is a method provided by the MongoDB package

60
00:03:00,670 --> 00:03:02,883
for finding exactly one user.

61
00:03:04,170 --> 00:03:06,240
We pass an object to findOne

62
00:03:06,240 --> 00:03:10,693
to set up the filtering criteria for this findOne query.

63
00:03:11,660 --> 00:03:14,670
And here, the logic is that we can make a simple

64
00:03:14,670 --> 00:03:18,400
equality comparison by first referring to the key

65
00:03:18,400 --> 00:03:20,900
in the database documents we are looking for,

66
00:03:20,900 --> 00:03:24,683
and then after the colon, the value we're looking for,

67
00:03:25,580 --> 00:03:28,710
in this case, this.email.

68
00:03:28,710 --> 00:03:31,280
If I find a user in the database

69
00:03:31,280 --> 00:03:33,380
which has an email that matches the email

70
00:03:33,380 --> 00:03:35,290
of this concrete object,

71
00:03:35,290 --> 00:03:37,263
then, well, we have a match.

72
00:03:39,090 --> 00:03:42,510
So therefore here, we could then await this

73
00:03:42,510 --> 00:03:45,690
by adding async in front of get user email.

74
00:03:45,690 --> 00:03:48,760
But actually I don't have any other steps I wanna perform

75
00:03:48,760 --> 00:03:51,820
in this getUserWithSameEmail function,

76
00:03:51,820 --> 00:03:53,970
hence I'll just return this promise,

77
00:03:53,970 --> 00:03:55,960
which is yielded by findOne.

78
00:03:57,134 --> 00:04:00,890
So getUserWithSameEmail will still return a promise,

79
00:04:00,890 --> 00:04:02,930
even though we haven't added async

80
00:04:02,930 --> 00:04:06,350
because I'm officially returning this promise,

81
00:04:06,350 --> 00:04:09,853
because findOne yields a promise and I'm returning it.

82
00:04:11,640 --> 00:04:15,260
So now back in auth controller in login,

83
00:04:15,260 --> 00:04:20,050
I can get an existing user by waiting,

84
00:04:20,050 --> 00:04:24,700
and hence we should add async here in front of the function,

85
00:04:24,700 --> 00:04:29,700
by awaiting the result of calling getUserWithSameEmail.

86
00:04:30,740 --> 00:04:31,930
For this, we first of all,

87
00:04:31,930 --> 00:04:36,443
need to create a user with new user using our user model.

88
00:04:37,950 --> 00:04:40,250
And here, I wanna create a simplified user

89
00:04:40,250 --> 00:04:43,540
without all the user data like the name or the address,

90
00:04:43,540 --> 00:04:46,433
instead with just the email and password.

91
00:04:47,280 --> 00:04:49,510
And since email and password come first

92
00:04:49,510 --> 00:04:50,760
here in the constructor,

93
00:04:50,760 --> 00:04:54,190
we can call the constructor with just these two values

94
00:04:54,190 --> 00:04:58,610
and omit the rest which therefor will be set to undefined,

95
00:04:58,610 --> 00:05:01,520
which in case of logging in is fine.

96
00:05:01,520 --> 00:05:05,020
So here I then get my request.body.email,

97
00:05:05,020 --> 00:05:09,180
and my password with request.body.password.

98
00:05:09,180 --> 00:05:11,410
And then on this user,

99
00:05:11,410 --> 00:05:14,323
we can call getUserWithSameEmail,

100
00:05:16,290 --> 00:05:20,180
and that returns a promise which I then await here.

101
00:05:20,180 --> 00:05:24,120
And this then gives us an existing user or not,

102
00:05:24,120 --> 00:05:27,193
we don't get an existing user if we don't have a user

103
00:05:27,193 --> 00:05:29,313
for the given email address.

104
00:05:30,390 --> 00:05:34,010
Hence I check if not existingUser,

105
00:05:34,010 --> 00:05:37,470
if it's false here, so if it's undefined, for example,

106
00:05:37,470 --> 00:05:40,430
in which case I know that we didn't find a user

107
00:05:40,430 --> 00:05:42,250
for the given email address,

108
00:05:42,250 --> 00:05:44,280
and therefor I wanna return,

109
00:05:44,280 --> 00:05:48,250
and hence avoid executing any other code in there

110
00:05:48,250 --> 00:05:50,860
which might come thereafter

111
00:05:50,860 --> 00:05:53,410
because I don't wanna continue with authenticating

112
00:05:53,410 --> 00:05:54,900
that user.

113
00:05:54,900 --> 00:05:58,300
The visitor clearly entered an incorrect email address,

114
00:05:58,300 --> 00:05:59,883
so I don't wanna continue.

115
00:06:01,410 --> 00:06:05,570
Instead here, I can then redirect back to /login

116
00:06:05,570 --> 00:06:08,133
to allow the user to try it again.

117
00:06:09,120 --> 00:06:13,070
We'll refine this later so that the user input isn't lost,

118
00:06:13,070 --> 00:06:15,503
for the moment, we just redirect like this.

119
00:06:18,130 --> 00:06:20,330
If we make it past this if check,

120
00:06:20,330 --> 00:06:23,930
we know that we have a user with the given email address,

121
00:06:23,930 --> 00:06:25,530
and therefor as a next step,

122
00:06:25,530 --> 00:06:27,103
we can check the password.

123
00:06:27,950 --> 00:06:30,000
For this backend user model,

124
00:06:30,000 --> 00:06:33,800
I'll add another method anywhere in the class,

125
00:06:33,800 --> 00:06:36,470
exact position doesn't matter,

126
00:06:36,470 --> 00:06:38,410
where I wanna compare the password

127
00:06:38,410 --> 00:06:39,422
and hence I'll name it.

128
00:06:39,422 --> 00:06:44,180
comparePassword or hasMatchingPassword.

129
00:06:46,200 --> 00:06:49,240
The name is up to you, I'll go for this name.

130
00:06:49,240 --> 00:06:51,150
Now in this method,

131
00:06:51,150 --> 00:06:53,310
we use to bcrypt package,

132
00:06:53,310 --> 00:06:56,780
the package we used for hashing the password before

133
00:06:56,780 --> 00:06:59,763
to call the compare function offered by this package.

134
00:07:00,770 --> 00:07:04,510
This compare function wants the unhashed password

135
00:07:04,510 --> 00:07:05,690
entered by the user,

136
00:07:05,690 --> 00:07:08,653
and then the hashed password to compare the two.

137
00:07:09,930 --> 00:07:11,700
Now the unhatched password

138
00:07:11,700 --> 00:07:14,923
is what we're currently storing in this password.

139
00:07:15,780 --> 00:07:17,980
Because when I'm creating a new user here,

140
00:07:17,980 --> 00:07:21,400
I'm storing the raw password in that user object,

141
00:07:21,400 --> 00:07:25,113
not in the database, just temporarily in that object.

142
00:07:26,290 --> 00:07:30,070
So therefore, compare first gets this.password,

143
00:07:30,070 --> 00:07:32,990
the unhashed password entered by the user,

144
00:07:32,990 --> 00:07:35,370
and then we need the hashed password,

145
00:07:35,370 --> 00:07:39,350
so I expect to get this as a parameter value here,

146
00:07:39,350 --> 00:07:42,890
so that we can pass this as a second argument

147
00:07:42,890 --> 00:07:44,383
to compare function here.

148
00:07:45,690 --> 00:07:47,610
Now compare returns a promise

149
00:07:47,610 --> 00:07:49,990
and I will return to his overall code line,

150
00:07:49,990 --> 00:07:52,580
And hence hasMatchingPassword in the end

151
00:07:52,580 --> 00:07:54,540
will return a promise.

152
00:07:54,540 --> 00:07:56,670
The promise returned by compare

153
00:07:56,670 --> 00:07:59,503
is returned by this function, by this method.

154
00:08:00,870 --> 00:08:03,290
So back in auth controller,

155
00:08:03,290 --> 00:08:07,110
we can now also create a new constant,

156
00:08:07,110 --> 00:08:12,110
passwordIsCorrect could be the name,

157
00:08:12,240 --> 00:08:15,270
where we await the result of calling

158
00:08:15,270 --> 00:08:16,470
userHasMatchingPassword.

159
00:08:18,570 --> 00:08:20,640
And to hasMatchingPassword,

160
00:08:20,640 --> 00:08:23,603
I pass existingUser.password.

161
00:08:24,970 --> 00:08:27,960
So the password that we retrieved from the database

162
00:08:27,960 --> 00:08:31,283
for this existing user that we got from the database.

163
00:08:32,720 --> 00:08:35,980
Now, if it's not correct, if password is not correct,

164
00:08:35,980 --> 00:08:37,740
hence the exclamation mark,

165
00:08:37,740 --> 00:08:39,210
then of course, again,

166
00:08:39,210 --> 00:08:42,559
I wanna return so that no other code in this function

167
00:08:42,559 --> 00:08:45,563
is executed, and I wanna redirect to login.

168
00:08:46,580 --> 00:08:48,900
If you make it past this if check though,

169
00:08:48,900 --> 00:08:50,880
we know the password is correct,

170
00:08:50,880 --> 00:08:53,390
and we know the user email is correct,

171
00:08:53,390 --> 00:08:55,010
otherwise we wouldn't have gotten here.

172
00:08:55,010 --> 00:08:59,100
And therefore now here, we want to log the user in.

173
00:08:59,100 --> 00:09:01,210
We want to manipulate the session

174
00:09:01,210 --> 00:09:04,020
such that we store some data in it,

175
00:09:04,020 --> 00:09:06,570
that this user to which the session belongs

176
00:09:06,570 --> 00:09:08,323
should be treated as logged in.

177
00:09:09,360 --> 00:09:13,620
For this, I will actually add a new folder in this project,

178
00:09:13,620 --> 00:09:18,620
a util folder in which I'll add an authentication JS file.

179
00:09:18,860 --> 00:09:19,930
It's not a must to do,

180
00:09:19,930 --> 00:09:23,210
but again, I'm splitting my code across multiple files

181
00:09:23,210 --> 00:09:25,730
to keep every file on its own

182
00:09:25,730 --> 00:09:28,803
relatively small and lean and manageable.

183
00:09:29,940 --> 00:09:33,510
In this authentication JS file in the util folder,

184
00:09:33,510 --> 00:09:36,527
I'll simply add a function, createUserSession,

185
00:09:40,210 --> 00:09:45,110
and this function here will get the request object,

186
00:09:45,110 --> 00:09:47,603
because we'll need that to access the session,

187
00:09:48,700 --> 00:09:51,760
then the user that we created with all the data

188
00:09:51,760 --> 00:09:53,423
that belongs to that user,

189
00:09:54,740 --> 00:09:57,740
and finally, action that should be executed

190
00:09:57,740 --> 00:10:00,100
once the session was updated,

191
00:10:00,100 --> 00:10:03,520
so that if we redirect to a protected page, for example,

192
00:10:03,520 --> 00:10:07,460
we only redirect one the updated session data

193
00:10:07,460 --> 00:10:10,720
was saved back to our session store.

194
00:10:10,720 --> 00:10:13,060
Otherwise, we might redirect too early

195
00:10:13,060 --> 00:10:17,750
and reach the protected page before the user data

196
00:10:17,750 --> 00:10:20,670
and the information that this user should be treated

197
00:10:20,670 --> 00:10:24,580
as logged in was even stored in the database.

198
00:10:24,580 --> 00:10:27,723
It's a problem we also discussed earlier in the course.

199
00:10:29,060 --> 00:10:33,240
So then in createUserSession, I'll access rec.session.

200
00:10:33,240 --> 00:10:35,380
This is a property that's made available

201
00:10:35,380 --> 00:10:38,450
by the express session package.

202
00:10:38,450 --> 00:10:42,540
Dot, and then any key value pairs of your choice.

203
00:10:42,540 --> 00:10:45,607
You can store any data you want in the session.

204
00:10:45,607 --> 00:10:49,580
For example, all store the uid, the user ID

205
00:10:49,580 --> 00:10:51,987
by accessing user._id.toString.

206
00:10:55,892 --> 00:10:58,975
_id is the ID format used by MongoDB.

207
00:11:01,960 --> 00:11:03,660
Internally in the database,

208
00:11:03,660 --> 00:11:06,760
every document gets this _id field

209
00:11:06,760 --> 00:11:08,350
as a unique identifier.

210
00:11:08,350 --> 00:11:10,780
And since this user which I expect here

211
00:11:10,780 --> 00:11:12,930
is the user coming from the database,

212
00:11:12,930 --> 00:11:15,420
it will have to _id field,

213
00:11:15,420 --> 00:11:17,340
and I'm converting this to a string

214
00:11:17,340 --> 00:11:19,800
because by default, the MongoDB ID

215
00:11:19,800 --> 00:11:22,480
is this special object ID thing

216
00:11:22,480 --> 00:11:24,150
which you saw before in the course,

217
00:11:24,150 --> 00:11:27,050
and which you'll see again later in this section here.

218
00:11:27,050 --> 00:11:29,770
And I wanna force a string conversion here

219
00:11:29,770 --> 00:11:33,120
so that I'm simply storing a straightforward string

220
00:11:33,120 --> 00:11:36,500
for the given user ID in my session.

221
00:11:36,500 --> 00:11:38,963
And for the moment, that's all I wanna do here.

222
00:11:40,250 --> 00:11:44,420
Now I will add module exports and export an object,

223
00:11:44,420 --> 00:11:47,650
because I will soon add a second function to this file,

224
00:11:47,650 --> 00:11:51,130
which should also be made available outside of it.

225
00:11:51,130 --> 00:11:54,300
And I'll export the createUserSession function

226
00:11:54,300 --> 00:11:55,363
by pointing at it.

227
00:11:56,900 --> 00:11:59,640
Now back in auth controller JS,

228
00:11:59,640 --> 00:12:04,640
we can of course import the auth util

229
00:12:05,140 --> 00:12:10,140
by requiring going up on level util authentication.

230
00:12:12,170 --> 00:12:14,580
And at the bottom of the login function,

231
00:12:14,580 --> 00:12:19,520
we can now call auth util createUserSession,

232
00:12:19,520 --> 00:12:23,470
forward our request object, which we have here

233
00:12:23,470 --> 00:12:25,850
because we're in a controller action,

234
00:12:25,850 --> 00:12:28,070
which also gets this request object,

235
00:12:28,070 --> 00:12:31,443
now I'm just passing it along to createUserSession.

236
00:12:33,250 --> 00:12:37,180
Then the existing user I retrieved from the database,

237
00:12:37,180 --> 00:12:39,180
and then last but not least,

238
00:12:39,180 --> 00:12:41,890
an anonymous function like this,

239
00:12:41,890 --> 00:12:45,563
which should be executed once the session was saved.

240
00:12:46,510 --> 00:12:48,710
And that's some logic we again have to add

241
00:12:48,710 --> 00:12:52,310
to this createUserSession function here.

242
00:12:52,310 --> 00:12:55,520
In there, after updating my session,

243
00:12:55,520 --> 00:13:00,520
I want to call a request session.safe like this,

244
00:13:00,680 --> 00:13:03,363
and pass action to that save method.

245
00:13:04,240 --> 00:13:07,950
The save method is coming from the express session package,

246
00:13:07,950 --> 00:13:11,860
and that package will execute save when we call this here,

247
00:13:11,860 --> 00:13:13,530
and then it will execute action

248
00:13:13,530 --> 00:13:16,480
once saving the updated session data to the database

249
00:13:16,480 --> 00:13:17,900
is done.

250
00:13:17,900 --> 00:13:19,930
So action will only be executed

251
00:13:19,930 --> 00:13:24,070
once the session was successfully saved in the store.

252
00:13:24,070 --> 00:13:27,160
And the action here is just anonymous function,

253
00:13:27,160 --> 00:13:31,560
I'm passing to createUserSession here in the controller.

254
00:13:31,560 --> 00:13:33,940
And inside of this anonymous function,

255
00:13:33,940 --> 00:13:37,480
I will simply redirect to slash, let's say

256
00:13:37,480 --> 00:13:39,290
to the starting page,

257
00:13:39,290 --> 00:13:42,980
but I only wanna do that once the session data was saved.

258
00:13:42,980 --> 00:13:46,793
And with this pattern, we ensure that this is the case.

259
00:13:48,400 --> 00:13:51,270
Okay, so now we're creating that session data

260
00:13:51,270 --> 00:13:53,563
once a user logged in successfully.

261
00:13:54,750 --> 00:13:57,870
To see whether that worked or not.

262
00:13:57,870 --> 00:14:01,680
I actually wanna add a page for a slash nothing,

263
00:14:01,680 --> 00:14:04,560
so a starting page, you could say.

264
00:14:04,560 --> 00:14:07,660
For that in the views customer folder,

265
00:14:07,660 --> 00:14:12,660
in the products folder, I'll add all-products.ejs file,

266
00:14:15,850 --> 00:14:17,680
because my starting page actually

267
00:14:17,680 --> 00:14:21,010
should be the page showing all the products.

268
00:14:21,010 --> 00:14:26,010
And on there, I'll copy the signup.ejs file content.

269
00:14:26,140 --> 00:14:29,823
I will not output a form, so I will delete that.

270
00:14:31,410 --> 00:14:35,690
But for the moment, I wanna say all products,

271
00:14:35,690 --> 00:14:39,780
I will not include the auth or form.css imports,

272
00:14:39,780 --> 00:14:44,393
and the page title here will simply be set to all products.

273
00:14:45,480 --> 00:14:48,900
But then here, I'll add a paragraph where I say,

274
00:14:48,900 --> 00:14:50,830
a lists of products,

275
00:14:50,830 --> 00:14:53,993
and will output a real list of products here later.

276
00:14:55,070 --> 00:14:56,630
For the moment, I'm just adding this

277
00:14:56,630 --> 00:15:00,350
so that we can use this template as a starting page.

278
00:15:00,350 --> 00:15:03,030
And of course, now we also have to add some routes

279
00:15:03,030 --> 00:15:07,053
and controller actions that load this page at some point.

280
00:15:08,520 --> 00:15:10,440
If we dart back in the routes folder,

281
00:15:10,440 --> 00:15:13,310
I'll add a base.routes.js file

282
00:15:13,310 --> 00:15:16,870
for some base routes like the starting page route,

283
00:15:16,870 --> 00:15:20,820
and already a products.routes.js file

284
00:15:20,820 --> 00:15:22,763
for the product specific routes.

285
00:15:24,320 --> 00:15:28,290
And my idea now is to go to the auth.routes.js file,

286
00:15:28,290 --> 00:15:32,040
copy that configuration over to product routes,

287
00:15:32,040 --> 00:15:34,950
get rid of all the auth related logic,

288
00:15:34,950 --> 00:15:37,870
also the auth controller import,

289
00:15:37,870 --> 00:15:41,960
but simply to find a new get route for /products,

290
00:15:41,960 --> 00:15:46,770
where I want to render this all products view

291
00:15:46,770 --> 00:15:47,763
we just added.

292
00:15:48,960 --> 00:15:51,490
Now we're soon going to add a dedicated controller.

293
00:15:51,490 --> 00:15:54,710
For the moment, to quickly have some logic here,

294
00:15:54,710 --> 00:15:56,940
I'll add an anonymous function here

295
00:15:56,940 --> 00:16:01,940
where I simply render customer.

296
00:16:01,940 --> 00:16:06,940
So this customer folder /products /all-products,

297
00:16:07,320 --> 00:16:10,670
so that this all products template is rendered here

298
00:16:10,670 --> 00:16:13,283
for a request to /products.

299
00:16:15,280 --> 00:16:18,370
And then I'll copy that configuration here,

300
00:16:18,370 --> 00:16:20,980
and move that into base routes,

301
00:16:20,980 --> 00:16:25,003
because there, I wanna handle a request to just /nothing.

302
00:16:25,920 --> 00:16:28,470
And here, I don't wanna render this template,

303
00:16:28,470 --> 00:16:33,470
but instead, redirect to /products.

304
00:16:33,530 --> 00:16:36,400
So that whenever you try to visit the starting page,

305
00:16:36,400 --> 00:16:39,470
we actually redirect you to /products,

306
00:16:39,470 --> 00:16:43,373
and for /products, we rendered as all products page.

307
00:16:44,570 --> 00:16:47,170
So this routing configuration is added here,

308
00:16:47,170 --> 00:16:50,350
now we just need to activate it in app.js.

309
00:16:50,350 --> 00:16:54,630
And hence in there where I also import the auth routes,

310
00:16:54,630 --> 00:16:59,080
we can now also include the product routes

311
00:16:59,080 --> 00:17:04,022
by requiring ./routes/products.routes.

312
00:17:05,960 --> 00:17:09,630
Let's maybe also name this constant products routes then,

313
00:17:09,630 --> 00:17:13,204
and the base routes, which we get by requiring

314
00:17:13,204 --> 00:17:17,573
./routes, base.routes.

315
00:17:20,630 --> 00:17:23,310
And with those imports added here,

316
00:17:23,310 --> 00:17:26,579
we can then use those routes as well

317
00:17:26,579 --> 00:17:30,360
and use our base routes here.

318
00:17:30,360 --> 00:17:34,230
Actually, maybe even before we reached the auth routes,

319
00:17:34,230 --> 00:17:36,600
and then maybe after the auth routes,

320
00:17:36,600 --> 00:17:37,790
though, at the moment,

321
00:17:37,790 --> 00:17:40,490
the order doesn't matter too much,

322
00:17:40,490 --> 00:17:44,023
I'll add my products routes, like this.

323
00:17:46,970 --> 00:17:51,970
Now, redirecting to slash should work after we logged in,

324
00:17:52,800 --> 00:17:55,280
and therefore we are now ready to,

325
00:17:55,280 --> 00:17:58,293
well, check and test our login logic.

326
00:17:59,220 --> 00:18:00,270
However, at the moment,

327
00:18:00,270 --> 00:18:04,410
we won't really be able to tell whether we succeeded or not,

328
00:18:04,410 --> 00:18:07,900
because at the moment, nothing on our page will change

329
00:18:07,900 --> 00:18:11,080
if a user does login successfully.

330
00:18:11,080 --> 00:18:12,770
We redirect, yes,

331
00:18:12,770 --> 00:18:13,960
but other and that,

332
00:18:13,960 --> 00:18:17,340
we don't get any visual feedback anywhere.

333
00:18:17,340 --> 00:18:19,810
And therefore let's actually first tackle that

334
00:18:19,810 --> 00:18:21,140
in the next lecture,

335
00:18:21,140 --> 00:18:24,163
before we then test this login flow.