1 00:00:00,420 --> 00:00:00,740 Okay. 2 00:00:00,750 --> 00:00:05,850 And once we know how we can access cookies in our auth middleware. 3 00:00:06,360 --> 00:00:14,670 Now we'll set up the logic where we will remove all of the code that checks for the authorization header. 4 00:00:14,940 --> 00:00:20,520 And instead we're going to check if the token cookie is present. 5 00:00:21,300 --> 00:00:22,320 It's not much. 6 00:00:22,740 --> 00:00:26,910 Basically, we just want to grab the token from the cookies. 7 00:00:26,910 --> 00:00:35,460 Remember basically getting the object with the token cookie and we want to check whether it exists. 8 00:00:35,760 --> 00:00:38,970 If it doesn't, then we'll go with 401. 9 00:00:39,950 --> 00:00:43,550 And if it exists, then it will go with the rest of the code. 10 00:00:43,580 --> 00:00:49,400 First, remove the header code and then we'll check for the token. 11 00:00:49,820 --> 00:00:54,200 So let's go to auth and again, this is the first place where we start removing. 12 00:00:54,200 --> 00:00:56,960 So please be very careful. 13 00:00:57,080 --> 00:00:58,040 Essentially. 14 00:00:58,870 --> 00:01:06,790 What we want to remove are these, I believe, what, four or five lines essentially starting with this 15 00:01:06,940 --> 00:01:08,920 and then ending with that split. 16 00:01:08,980 --> 00:01:11,500 We don't need to split anything anymore. 17 00:01:12,400 --> 00:01:16,510 Essentially our JWT is the value of our token. 18 00:01:16,690 --> 00:01:19,300 So let me remove these lines of code. 19 00:01:19,690 --> 00:01:26,140 We should only have the cookies and try and catch because again, the token is going to be exactly the 20 00:01:26,140 --> 00:01:26,770 same. 21 00:01:27,710 --> 00:01:33,170 It's just how it is transported from the server back to the front. 22 00:01:33,170 --> 00:01:35,300 And that's different right now. 23 00:01:35,570 --> 00:01:41,480 So let's go here with Token nine and one is equal to req cookies. 24 00:01:42,420 --> 00:01:44,730 And we want to go with token. 25 00:01:45,030 --> 00:01:52,800 So then we'll check, will say if there is no token, what are we going to do when we want to throw 26 00:01:53,100 --> 00:01:56,550 that on authenticated error, Correct. 27 00:01:56,910 --> 00:02:04,920 So let's go with throw new and we're looking for the authenticated error and we already have it here. 28 00:02:04,950 --> 00:02:07,140 So I just come up with the message. 29 00:02:08,669 --> 00:02:11,970 Authentication and invalid. 30 00:02:12,480 --> 00:02:13,830 Let's save it. 31 00:02:13,990 --> 00:02:16,650 Now I'm going to move back to the front end. 32 00:02:16,860 --> 00:02:19,830 I'll log out A to register or. 33 00:02:19,830 --> 00:02:20,200 I'm sorry. 34 00:02:20,220 --> 00:02:21,180 Let's log in. 35 00:02:22,270 --> 00:02:22,490 Bingo. 36 00:02:22,520 --> 00:02:23,200 Over here. 37 00:02:24,820 --> 00:02:29,410 And don't worry about the fact that we're still sending the token back. 38 00:02:30,320 --> 00:02:33,140 In our responses, in our Jason responses. 39 00:02:33,710 --> 00:02:35,060 We'll fix that in a second. 40 00:02:35,300 --> 00:02:36,250 Let's submit. 41 00:02:36,270 --> 00:02:42,710 So notice we do have the token in our cookies, which is really, really awesome. 42 00:02:42,920 --> 00:02:46,460 And now once we make the request, everything is correct. 43 00:02:46,670 --> 00:02:48,770 So we still get back. 44 00:02:49,680 --> 00:02:51,570 The response with all our stats. 45 00:02:51,600 --> 00:02:52,350 Why? 46 00:02:52,470 --> 00:02:56,120 Well, because the cookie is present and it has an expired. 47 00:02:56,130 --> 00:03:03,270 However, if I remove it again, I'm just simulating here what happens once the cookie expires. 48 00:03:03,300 --> 00:03:05,970 Once I do this, I remove the cookie notice. 49 00:03:05,970 --> 00:03:08,940 Once we'll refresh, check it out. 50 00:03:09,210 --> 00:03:15,690 We log out so the server effectively is just going to send back the 401. 51 00:03:16,680 --> 00:03:22,170 And if that's the case, remember, we log out the user on the frontend. 52 00:03:22,590 --> 00:03:28,740 And lastly, in this video, what I want to do is to remove token from all my JSON responses. 53 00:03:28,770 --> 00:03:31,260 Notice we're not using it anymore. 54 00:03:31,620 --> 00:03:38,040 Remember now in our auth middleware, we check for cookies instead. 55 00:03:39,050 --> 00:03:43,700 So the front end does not need to store it anymore. 56 00:03:44,300 --> 00:03:48,810 Hence we don't need to include it in our JSON response. 57 00:03:48,830 --> 00:03:52,340 So now let's go to all three routes. 58 00:03:52,790 --> 00:03:58,040 We have log in, register and update user and we want to remove that token. 59 00:03:58,430 --> 00:04:02,630 Now we still want to send back the user and the location. 60 00:04:03,080 --> 00:04:06,710 So those are two things that will still use in the front end. 61 00:04:06,800 --> 00:04:12,560 Now, we won't store them in local storage in the upcoming videos, but we will still send them back. 62 00:04:12,590 --> 00:04:13,760 So please keep that. 63 00:04:13,760 --> 00:04:16,339 We're just removing the token. 64 00:04:17,529 --> 00:04:20,230 So let's navigate to the controller. 65 00:04:21,209 --> 00:04:22,950 And I guess let's start with the register. 66 00:04:23,520 --> 00:04:25,760 Notice over here I have the token correct. 67 00:04:25,770 --> 00:04:27,450 I don't want a token anymore. 68 00:04:27,720 --> 00:04:28,860 I just remove it. 69 00:04:29,070 --> 00:04:30,360 Let's keep moving. 70 00:04:30,630 --> 00:04:33,420 After that we have token in the login. 71 00:04:33,660 --> 00:04:35,370 Also don't need it. 72 00:04:35,730 --> 00:04:38,350 And then last one is the update user. 73 00:04:38,370 --> 00:04:47,420 Again, we just remove the token and once we have fixed the off middleware as well as the sponsors, 74 00:04:47,430 --> 00:04:49,620 now I can move on to the next step.