1
00:00:00,050 --> 00:00:00,410
All right.

2
00:00:00,410 --> 00:00:07,430
And last controller in the user controller is get application stats, which is going to be actually

3
00:00:07,430 --> 00:00:15,560
an admin route where we can get info, how many users we have in our application as well as the jobs.

4
00:00:15,560 --> 00:00:19,150
As far as functionality, it's actually going to be very straightforward.

5
00:00:19,160 --> 00:00:25,100
We're going to go with const users and that is equal to await then user.

6
00:00:25,100 --> 00:00:27,260
So first the user model.

7
00:00:27,290 --> 00:00:33,470
Then the method we're looking for is count documents and the same deal is going to be for jobs.

8
00:00:33,950 --> 00:00:41,390
We just want to change here, jobs and also we want to change to job documents.

9
00:00:41,420 --> 00:00:43,370
We're not going to send back this message.

10
00:00:43,940 --> 00:00:49,460
Actually, we'll go with users and jobs and everything is awesome.

11
00:00:49,460 --> 00:00:54,830
So I can definitely make that request if I navigate to my Thunder client.

12
00:00:54,860 --> 00:00:56,540
Let me just look for it.

13
00:00:56,540 --> 00:00:57,800
Let's send it over here.

14
00:00:57,800 --> 00:01:04,890
And now notice it gets me two users and each user has two jobs and that's why I have a total of two.

15
00:01:04,920 --> 00:01:09,360
The problem is that at the moment, let me log in as Peter again.

16
00:01:10,320 --> 00:01:12,510
Let me just change this value around.

17
00:01:13,550 --> 00:01:23,840
And you'll notice that since Peter is a valid user, basically he has a valid token as well as the valid

18
00:01:23,840 --> 00:01:24,770
JWT.

19
00:01:25,780 --> 00:01:29,230
He can also take a look at the stats.

20
00:01:29,560 --> 00:01:33,820
And in order to fix it, we need to create one more middleware.

21
00:01:33,850 --> 00:01:37,480
So first, let's navigate to our auth middleware.

22
00:01:38,090 --> 00:01:43,900
First, let's just have some basic setup and then we'll add some additional things.

23
00:01:43,910 --> 00:01:49,940
So first let's just export and in this case, we'll call this authorize permissions.

24
00:01:49,940 --> 00:01:55,340
And as far as the functionality, we're going to use the rest Operator.

25
00:01:55,520 --> 00:02:02,480
So effectively we're gathering all of the parameters and they will be nicely stored in the array.

26
00:02:02,480 --> 00:02:05,300
And you'll see in a second why we want to do that.

27
00:02:05,300 --> 00:02:07,670
So first let's just go with next.

28
00:02:07,670 --> 00:02:11,540
So we'll pass it on to the next one, basically to our route.

29
00:02:11,630 --> 00:02:16,910
And also let's log what we have here as far as the roles.

30
00:02:16,910 --> 00:02:20,390
So whatever I call over here, it's going to be my array.

31
00:02:21,070 --> 00:02:27,250
So let me just go here with the rest and then let's look for our route.

32
00:02:27,370 --> 00:02:32,440
Of course it's in the user one and we're looking for this app stats.

33
00:02:32,620 --> 00:02:37,210
Please keep in mind we already have the authenticate user.

34
00:02:37,240 --> 00:02:37,660
Correct.

35
00:02:37,660 --> 00:02:41,230
So only authenticated user can access this route.

36
00:02:41,230 --> 00:02:46,750
But now we want to add one more thing and that is our authorized permissions.

37
00:02:46,750 --> 00:02:48,010
So let's go over here.

38
00:02:48,100 --> 00:02:50,860
That's the function and here's the gotcha.

39
00:02:50,890 --> 00:02:54,640
I actually want to invoke it and I want to pass in.

40
00:02:54,640 --> 00:02:59,170
Well, which roles can access this particular route?

41
00:02:59,170 --> 00:03:02,880
And essentially, in our case, we want to go here with admin.

42
00:03:02,890 --> 00:03:09,370
Now also, this is an express thing, but we can nicely group together multiple middlewares just by

43
00:03:09,370 --> 00:03:11,530
adding here the square brackets.

44
00:03:11,530 --> 00:03:16,330
Again, in this case it doesn't change anything, but I just like how it looks better.

45
00:03:16,570 --> 00:03:22,700
Basically we have authorized permissions and only if everything is correct then we get to the admin

46
00:03:22,700 --> 00:03:23,050
one.

47
00:03:23,060 --> 00:03:24,740
So now let's take a look.

48
00:03:24,740 --> 00:03:26,240
What do we have in the console?

49
00:03:26,240 --> 00:03:30,290
And actually it crashed because next is not defined.

50
00:03:30,320 --> 00:03:30,540
Huh?

51
00:03:30,920 --> 00:03:32,180
Now, why is that?

52
00:03:32,210 --> 00:03:39,740
Well, because remember, we invoked this right away and instead of providing req and rest and next.

53
00:03:40,190 --> 00:03:42,320
The parameters we have access to.

54
00:03:42,350 --> 00:03:43,970
We actually went with roles.

55
00:03:43,970 --> 00:03:47,540
Basically, we went with whatever we pass in.

56
00:03:48,470 --> 00:03:53,330
In the arguments, not the express, and therefore we need to refactor.

57
00:03:54,170 --> 00:03:55,940
Our authorized permissions.

58
00:03:55,940 --> 00:03:59,150
So let's navigate to auth middleware.

59
00:03:59,240 --> 00:04:06,440
And from this function I actually want to return another function because again, we invoke that authorized

60
00:04:06,440 --> 00:04:07,670
permissions right away.

61
00:04:07,670 --> 00:04:10,700
So how is that going to look like from the function?

62
00:04:10,710 --> 00:04:12,200
I'll return another one.

63
00:04:12,590 --> 00:04:13,190
Req.

64
00:04:13,900 --> 00:04:14,520
Rise.

65
00:04:14,560 --> 00:04:16,149
And then I'm going to go with next.

66
00:04:16,149 --> 00:04:19,149
So again, this is provided by Express.

67
00:04:19,149 --> 00:04:25,480
And now we want to move the next up and eventually we'll have a bit more logic.

68
00:04:25,480 --> 00:04:28,000
Now there's a tiny syntax error.

69
00:04:28,270 --> 00:04:29,620
Let me save it over here.

70
00:04:30,240 --> 00:04:32,940
And now let me move this rest down.

71
00:04:32,970 --> 00:04:39,750
Again, all of these acrobatics we need to do because we invoke authorize permissions right away.

72
00:04:39,780 --> 00:04:45,390
Now, I still have the error because it's not req and req should be req and res over here.

73
00:04:45,390 --> 00:04:46,170
And you know what?

74
00:04:46,200 --> 00:04:51,660
Instead of using the rest operator name, I'm just going to go with roles.

75
00:04:51,690 --> 00:04:53,580
Again, the idea doesn't change.

76
00:04:53,700 --> 00:04:57,060
We simply want to take a look at the value we're going to be getting.

77
00:04:57,150 --> 00:05:02,250
And now again, let's make a request to application stats.

78
00:05:02,310 --> 00:05:04,140
So check it out over here.

79
00:05:04,680 --> 00:05:06,660
Notice this is our array.

80
00:05:06,660 --> 00:05:10,170
And in here I'm looking for the admin one.

81
00:05:10,170 --> 00:05:14,010
So this is the logic up to this point.

82
00:05:14,650 --> 00:05:23,770
So we can set up the functionality where we'll check whether rec dot user role is in the array.

83
00:05:24,280 --> 00:05:26,770
So in our case, we're looking for the admin, correct.

84
00:05:26,800 --> 00:05:35,440
Now for Peter, the role is what role is user and effectively we want to go with if condition and we'll

85
00:05:35,440 --> 00:05:38,310
say roles, which is our array.

86
00:05:38,320 --> 00:05:44,620
It has the method of includes and we just want to pass here req dot user role.

87
00:05:44,620 --> 00:05:52,210
And again we have access to the req dot user role because we already have the authenticate user middleware.

88
00:05:52,390 --> 00:05:58,750
And as far as the error, which one we want to throw, well this is going to be again that unauthorized

89
00:05:58,780 --> 00:05:59,230
error.

90
00:05:59,230 --> 00:06:01,000
So the 403.

91
00:06:01,180 --> 00:06:06,130
So let's go here with throw new and unauthorized error.

92
00:06:06,130 --> 00:06:09,970
So we import that, make sure that we have the JS and all that.

93
00:06:10,180 --> 00:06:10,810
Okay, good.

94
00:06:10,810 --> 00:06:17,470
And then when it comes to the error message, let's just write unauthorized to access this route.

95
00:06:17,470 --> 00:06:21,280
And with this in place now we can go back to application stats.

96
00:06:21,280 --> 00:06:29,930
And if everything is correct, if I'm logged in as Peter, I'm going to get back the 403 now if we go

97
00:06:29,930 --> 00:06:30,950
to a login.

98
00:06:31,530 --> 00:06:36,390
And we provide values for John that everything should be fine.

99
00:06:36,390 --> 00:06:36,680
Why?

100
00:06:36,690 --> 00:06:40,170
Well, because he's the first user and he's the admin user.

101
00:06:40,170 --> 00:06:46,260
So now, of course I can get the application data and with this in place, we can move on to the next

102
00:06:46,260 --> 00:06:46,860
step.