1
00:00:00,020 --> 00:00:00,380
All right.

2
00:00:00,380 --> 00:00:06,890
And once we have placed the authenticate middleware in front of all of our job routes, now let's set

3
00:00:06,890 --> 00:00:11,900
up a package which is going to allow us to access the cookie.

4
00:00:12,470 --> 00:00:18,260
And also we'll right away set up our first check in the authenticate user.

5
00:00:18,290 --> 00:00:25,370
Now, like I showcased before, yes, we can see the cookie in the request, but we cannot access it,

6
00:00:25,370 --> 00:00:27,500
unfortunately, right out of the gate.

7
00:00:27,530 --> 00:00:29,990
So we do need to install an extra package.

8
00:00:29,990 --> 00:00:34,940
And that package name is surprise, surprise, a cookie parser package.

9
00:00:34,940 --> 00:00:42,710
If you want to use it in your own projects, go with NPM install or I, then cookie parser and then

10
00:00:42,710 --> 00:00:48,110
we want to navigate to a server import and we'll set it up as a middleware.

11
00:00:48,110 --> 00:00:54,260
So let's do that one first and then we'll take a look what we can do in the authenticate user.

12
00:00:54,260 --> 00:00:57,620
So here in the server, let's scroll up.

13
00:00:58,340 --> 00:01:02,540
We're looking for import and I'm going to name this cookie parser.

14
00:01:02,720 --> 00:01:04,040
Then let's keep on moving.

15
00:01:04,040 --> 00:01:10,750
And right over here where we have express Json, I'm also going to use the cookie parser.

16
00:01:10,790 --> 00:01:13,310
So essentially we just want to invoke it.

17
00:01:13,340 --> 00:01:18,320
Now with this in place we want to navigate to auth middleware.

18
00:01:19,100 --> 00:01:23,230
Let's just start by logging the rec dot cookies.

19
00:01:23,240 --> 00:01:31,010
So effectively once we set up the library as a middleware, we'll have access to the cookies property

20
00:01:31,010 --> 00:01:34,370
and more specifically, our cookie.

21
00:01:34,400 --> 00:01:40,910
Now remember when we were creating the cookie and of course we can see that in the auth controller,

22
00:01:41,090 --> 00:01:43,040
What's the name that I used?

23
00:01:43,070 --> 00:01:47,780
Well, in my case I went with Token, so there should be that token cookie.

24
00:01:48,020 --> 00:01:52,940
If it's not present, then we want to throw our own custom error.

25
00:01:52,970 --> 00:01:54,230
So for starters.

26
00:01:55,060 --> 00:02:02,230
Let's change things around and let's go with rec and we're looking for cookies.

27
00:02:02,500 --> 00:02:05,170
So that's the property.

28
00:02:05,410 --> 00:02:06,560
The library provides.

29
00:02:06,580 --> 00:02:07,810
And again, same deal.

30
00:02:08,530 --> 00:02:11,890
We're going to navigate to our get all jobs.

31
00:02:12,880 --> 00:02:13,660
Over here.

32
00:02:13,840 --> 00:02:15,460
And once I make the request.

33
00:02:15,490 --> 00:02:16,510
Check it out.

34
00:02:16,510 --> 00:02:21,430
So this is my token property and this is actually a cookie.

35
00:02:21,550 --> 00:02:28,530
So the first check is going to be following where essentially I want to see whether token cookie exists.

36
00:02:28,540 --> 00:02:32,980
If it doesn't exist, then of course we'll send back the error response.

37
00:02:32,980 --> 00:02:36,310
And in this case, it's going to be unauthenticated error.

38
00:02:36,460 --> 00:02:40,420
So one of the custom errors we created before.

39
00:02:40,420 --> 00:02:43,420
So let's navigate back to auth middleware.

40
00:02:44,310 --> 00:02:47,010
In this case, I think I'm going to the structure.

41
00:02:47,340 --> 00:02:49,660
I'll say that I'm looking for token cookie.

42
00:02:49,680 --> 00:02:52,710
It's located in rec dot cookies.

43
00:02:52,800 --> 00:03:03,070
And if it's not present so if there is no token cookie, then we want to throw our own custom error.

44
00:03:03,090 --> 00:03:09,180
So we're going to go throw new and then we're looking for unauthenticated error.

45
00:03:09,180 --> 00:03:12,030
And this is going to be 401.

46
00:03:12,630 --> 00:03:16,950
And as far as the message, let's go with authentication.

47
00:03:18,360 --> 00:03:20,430
Invalid over here.

48
00:03:20,460 --> 00:03:24,240
Now, if everything is okay, of course we'll pass it on to the next one.

49
00:03:24,270 --> 00:03:30,340
Now, as you can see with the auto import, the JS is missing, so now everything is correct.

50
00:03:30,360 --> 00:03:34,410
So again, let's navigate back to get all jobs.

51
00:03:34,500 --> 00:03:36,540
Let's take a look at the cookies.

52
00:03:37,300 --> 00:03:40,000
And, you know, I'm just going to clear all of them.

53
00:03:40,330 --> 00:03:45,370
And now let's make a request one more time and let's see what is going to be the result.

54
00:03:45,400 --> 00:03:51,610
So notice since I removed all of the cookies, now I'm getting back 401.

55
00:03:51,640 --> 00:03:55,810
However, if I'm going to go to auth routes.

56
00:03:56,710 --> 00:03:59,130
And if I'm going to log in one more time.

57
00:03:59,310 --> 00:04:01,120
Notice now I'm getting back.

58
00:04:01,140 --> 00:04:03,250
And for some reason, it's complaining.

59
00:04:03,290 --> 00:04:05,060
Oh, yeah, because I didn't create the user.

60
00:04:05,070 --> 00:04:05,450
My bad.

61
00:04:05,460 --> 00:04:08,250
So basically I removed everything from database.

62
00:04:08,250 --> 00:04:10,070
So that's why I have this error.

63
00:04:10,080 --> 00:04:13,290
So first let me go, then back to a register.

64
00:04:13,290 --> 00:04:14,670
Let's start over here.

65
00:04:14,670 --> 00:04:16,800
So I'll keep these values over here.

66
00:04:16,800 --> 00:04:21,690
And again, it doesn't really matter since it's going to be the first one, it will automatically be

67
00:04:21,690 --> 00:04:22,110
admin.

68
00:04:22,110 --> 00:04:23,250
Let's send it.

69
00:04:23,250 --> 00:04:24,870
Okay, so we created the user.

70
00:04:24,870 --> 00:04:27,300
Now we're going to log in.

71
00:04:27,300 --> 00:04:28,920
We're going to get the cookies.

72
00:04:28,950 --> 00:04:30,690
Notice I have my cookie over here.

73
00:04:30,690 --> 00:04:39,270
So now of course I can go to a get all jobs and again, I'm still going to get back an empty array.

74
00:04:39,270 --> 00:04:40,470
That's not the point.

75
00:04:40,500 --> 00:04:46,860
The point is that now I successfully can access the jobs because I have the cookie.

76
00:04:46,860 --> 00:04:47,460
Again.

77
00:04:47,460 --> 00:04:52,290
If I'm going to remove that cookie, it's going to be different.

78
00:04:52,320 --> 00:04:57,010
Then of course we won't have access to the specific route.

79
00:04:57,010 --> 00:05:00,280
In this case, the get all jobs.