1
00:00:00,020 --> 00:00:00,350
All right.

2
00:00:00,350 --> 00:00:04,890
And once we can send back the cookie with the Json web token.

3
00:00:04,910 --> 00:00:11,930
Now let's set up a property on the job schema, which is going to point back to the user.

4
00:00:11,930 --> 00:00:17,870
So essentially in the process, whenever we create a job, it's actually going to be tied to the user.

5
00:00:17,870 --> 00:00:21,200
And also I want to set up the auth middleware.

6
00:00:21,230 --> 00:00:22,760
Now what do I mean by that?

7
00:00:22,790 --> 00:00:30,130
Well, when the requests are going to be coming in, I'll be checking for the cookie in there.

8
00:00:30,140 --> 00:00:32,150
There's going to be a JWT.

9
00:00:32,360 --> 00:00:40,790
So Json web token and in there we'll get the ID So if the cookie is valid and if the token is valid,

10
00:00:40,820 --> 00:00:43,730
then the request is going to go through.

11
00:00:43,940 --> 00:00:46,820
If not, then we'll send back the response.

12
00:00:46,820 --> 00:00:52,130
So essentially we will lock down roots for jobs.

13
00:00:52,280 --> 00:00:54,940
So there will be authorized routes.

14
00:00:55,040 --> 00:00:59,940
So essentially you cannot just randomly send the request and do something with the jobs.

15
00:00:59,940 --> 00:01:02,790
No, you need to log in first.

16
00:01:03,120 --> 00:01:06,630
And we're going to start by navigating to models.

17
00:01:06,630 --> 00:01:12,000
We're looking for job model and we're going to create another property.

18
00:01:12,210 --> 00:01:18,930
So the name is really up to you since there is Createdat and Updatedat I'm going to go with created

19
00:01:18,930 --> 00:01:25,260
by and this is where I'm going to point back to the user and the syntax is following.

20
00:01:25,260 --> 00:01:34,200
We're going to go with type and here we'll set it as mongoose types and then dot and object ID.

21
00:01:34,410 --> 00:01:43,380
So essentially I'm saying that the value over here is going to be the Mongo ID, And then as far as

22
00:01:43,380 --> 00:01:47,370
the reference, we're going to point to a user.

23
00:01:48,300 --> 00:01:49,320
Let's save it.

24
00:01:49,470 --> 00:01:55,530
This is why it was so important for us to start everything from scratch as far as wiping out everything

25
00:01:55,530 --> 00:01:56,770
from database.

26
00:01:56,810 --> 00:02:03,480
And now, once we are done adding this property, we want to go to middleware and we want to create

27
00:02:03,480 --> 00:02:04,320
a new one.

28
00:02:04,660 --> 00:02:07,920
In my case, I'm going to call this auth middleware.

29
00:02:09,180 --> 00:02:10,770
DJs in here.

30
00:02:10,800 --> 00:02:13,230
Let's just set up a function in there.

31
00:02:13,230 --> 00:02:14,770
There's going to be a log.

32
00:02:15,450 --> 00:02:20,600
And first we'll just place that function in front of all the job routes.

33
00:02:20,610 --> 00:02:22,980
So let's go right away with export.

34
00:02:24,480 --> 00:02:27,960
I'm going to call this authenticate user.

35
00:02:28,140 --> 00:02:29,910
It's going to be async.

36
00:02:30,960 --> 00:02:33,630
Rick RAZ next.

37
00:02:33,750 --> 00:02:40,560
Remember, when it comes to middleware, if we invoke next, then essentially it's just going to pass

38
00:02:40,560 --> 00:02:41,970
to the next middleware.

39
00:02:41,970 --> 00:02:45,720
If not, then the request is going to be stuck over here.

40
00:02:45,750 --> 00:02:51,000
Now, of course, eventually there's going to be a condition, basically, if everything is okay, yeah,

41
00:02:51,000 --> 00:02:53,130
then we pass it on to the next middleware.

42
00:02:53,160 --> 00:02:58,140
If not, well, then that's where we send back the error response.

43
00:02:58,170 --> 00:03:00,150
And for now, again, I just want to log it.

44
00:03:00,150 --> 00:03:05,640
I just want to showcase how the routes are going to be eventually protected.

45
00:03:06,000 --> 00:03:08,100
And for now I'm just going to go with Auth.

46
00:03:08,970 --> 00:03:09,630
Middleware.

47
00:03:10,500 --> 00:03:11,190
Let's save it.

48
00:03:11,190 --> 00:03:14,640
And now let's decide where we want to place this middleware.

49
00:03:14,670 --> 00:03:17,400
So if I want to protect.

50
00:03:18,420 --> 00:03:22,920
All of the job routes where I'm going to do that.

51
00:03:23,190 --> 00:03:27,120
Well, one way is to go to a job router.

52
00:03:27,390 --> 00:03:28,080
Correct.

53
00:03:28,200 --> 00:03:33,360
And essentially, in order to protect any or all of the routes.

54
00:03:34,090 --> 00:03:35,380
It's pretty straightforward.

55
00:03:35,380 --> 00:03:40,370
You just want to place the auth middleware in front of the controller.

56
00:03:40,390 --> 00:03:46,930
So basically, if you want to just lock down one route, get all jobs, you are going to place the auth

57
00:03:46,930 --> 00:03:50,140
middleware in front of get all jobs.

58
00:03:50,200 --> 00:03:52,690
But remember in the server.

59
00:03:53,460 --> 00:03:55,170
We have Joe Browder here.

60
00:03:55,200 --> 00:03:55,890
Correct.

61
00:03:55,920 --> 00:04:06,030
So if I place auth middleware in front of the entire job router, then I'm automatically locking down

62
00:04:06,030 --> 00:04:07,590
all of the job routes.

63
00:04:07,620 --> 00:04:14,490
Now, please keep in mind that of course you can go back to a job router and add to all of them one

64
00:04:14,490 --> 00:04:15,180
by one.

65
00:04:15,210 --> 00:04:17,300
This is just a little bit faster.

66
00:04:17,310 --> 00:04:21,660
So let's navigate to a server we want to import.

67
00:04:21,839 --> 00:04:28,350
In this case I'm looking for the auth one and I think I'm going to copy and paste since that way I don't

68
00:04:28,350 --> 00:04:31,080
need to type auth middleware.

69
00:04:32,050 --> 00:04:33,460
So let me remove.

70
00:04:34,170 --> 00:04:36,420
And this should be auth middleware.

71
00:04:36,460 --> 00:04:37,210
JS.

72
00:04:39,080 --> 00:04:39,590
Let me see.

73
00:04:39,590 --> 00:04:41,480
I have some kind of bug over here.

74
00:04:42,140 --> 00:04:42,550
Oh, yeah.

75
00:04:42,560 --> 00:04:48,680
And the reason for that is because, of course, in the auth middleware I'm exporting authenticate user

76
00:04:48,680 --> 00:04:51,170
and it's a named export.

77
00:04:51,170 --> 00:04:53,240
So let me go back to the server.

78
00:04:53,990 --> 00:04:58,730
We want to change this around and we're going to go with authenticate user.

79
00:04:58,760 --> 00:05:00,470
Then let's scroll down.

80
00:05:00,470 --> 00:05:04,110
And again, these ones are going to be public routes.

81
00:05:04,130 --> 00:05:09,590
So, of course, in order to register and log in, we want to let all of the users do that.

82
00:05:09,620 --> 00:05:10,220
Correct.

83
00:05:10,220 --> 00:05:10,850
But.

84
00:05:11,760 --> 00:05:15,340
When it comes to jobs, these routes will be protected.

85
00:05:15,360 --> 00:05:22,280
So in here, like I said, we simply want to place authenticate user in front of the job router and

86
00:05:22,290 --> 00:05:24,150
now take a look at the result.

87
00:05:24,180 --> 00:05:31,500
If I'm going to navigate to my collections, we're looking for job routes in this case.

88
00:05:31,530 --> 00:05:36,900
Now, I'm not going to test with each and every route, especially since we haven't set up the functionality

89
00:05:36,900 --> 00:05:38,070
to pass the user.

90
00:05:38,070 --> 00:05:43,170
Because remember now that we added that property, of course we want to provide it and I'm talking about

91
00:05:43,170 --> 00:05:45,180
the created by property.

92
00:05:45,180 --> 00:05:51,780
So I'm just going to showcase with get all jobs, check it out, I send it and notice.

93
00:05:51,780 --> 00:05:52,890
So this is empty.

94
00:05:52,920 --> 00:05:54,590
Okay, that's fine.

95
00:05:54,600 --> 00:05:56,600
What I'm looking for is this log.

96
00:05:56,610 --> 00:06:05,070
So this means that pretty much any request we're going to make as far as jobs are concerned, we will

97
00:06:05,070 --> 00:06:12,240
need to go through this middleware and this is where we'll check for the cookie for the JWT and all

98
00:06:12,240 --> 00:06:13,280
that cool stuff.

99
00:06:13,290 --> 00:06:16,350
And with this in place, we can move on to the next step.