1
00:00:01,290 --> 00:00:03,730
‫All right, so let's now create

2
00:00:03,730 --> 00:00:06,670
‫those new users, based on the model that

3
00:00:06,670 --> 00:00:09,093
‫we just implemented in the last video.

4
00:00:10,630 --> 00:00:14,180
‫So, we will do most of the user-related stuff

5
00:00:14,180 --> 00:00:17,350
‫like creating new users, logging users in,

6
00:00:17,350 --> 00:00:20,933
‫or updating passwords in the authentication controller.

7
00:00:22,190 --> 00:00:25,800
‫So all of the stuff that's related to authentication really,

8
00:00:25,800 --> 00:00:28,550
‫is not gonna be in the user controller

9
00:00:28,550 --> 00:00:30,250
‫that we actually created before,

10
00:00:30,250 --> 00:00:33,313
‫but instead we will create an authentication controller.

11
00:00:35,070 --> 00:00:36,990
‫So all the functions that are related

12
00:00:36,990 --> 00:00:38,943
‫to authentication will go here.

13
00:00:41,860 --> 00:00:44,300
‫And this will make a bit more sense later on,

14
00:00:44,300 --> 00:00:46,530
‫when we then start using all the functions

15
00:00:46,530 --> 00:00:48,103
‫that I'm gonna put in here.

16
00:00:49,500 --> 00:00:51,560
‫And now, the first thing that we need to do,

17
00:00:51,560 --> 00:00:53,983
‫is to import our user,

18
00:00:57,870 --> 00:01:00,610
‫so our user model of course,

19
00:01:00,610 --> 00:01:05,610
‫and that is at one level up, then it should be in models,

20
00:01:07,250 --> 00:01:08,577
‫and then userModel.

21
00:01:09,450 --> 00:01:10,283
‫All right.

22
00:01:12,490 --> 00:01:16,500
‫So, let's create and export our very first controller.

23
00:01:16,500 --> 00:01:18,347
‫And I'm gonna call this one signup.

24
00:01:20,020 --> 00:01:22,990
‫And so you see that I'm not calling it create user,

25
00:01:22,990 --> 00:01:25,060
‫like I did in a tour controller,

26
00:01:25,060 --> 00:01:27,300
‫but really I'm calling it signup because

27
00:01:27,300 --> 00:01:29,700
‫that's the name that has a bit more meaning

28
00:01:29,700 --> 00:01:31,913
‫in the context of authentication.

29
00:01:33,360 --> 00:01:36,510
‫So it's gonna be an async function of course,

30
00:01:36,510 --> 00:01:38,973
‫because we're gonna do some database operations.

31
00:01:42,190 --> 00:01:44,913
‫Then request, respond, and next as always,

32
00:01:46,000 --> 00:01:49,650
‫and then in here is where we create the new user.

33
00:01:49,650 --> 00:01:52,573
‫And so that's very similar to what we did before.

34
00:01:53,460 --> 00:01:55,590
‫So this time it's called newUser,

35
00:01:55,590 --> 00:01:57,070
‫and then remember how we create

36
00:01:57,070 --> 00:02:00,090
‫a new document based on a model.

37
00:02:00,090 --> 00:02:02,210
‫So we use the model name of course,

38
00:02:02,210 --> 00:02:04,610
‫which in this case is User, and then

39
00:02:04,610 --> 00:02:07,163
‫on that we use the create method.

40
00:02:08,740 --> 00:02:10,020
‫And then all we need to do is to

41
00:02:10,020 --> 00:02:12,150
‫pass in an object with the data

42
00:02:12,150 --> 00:02:14,353
‫from which the user should be created.

43
00:02:15,380 --> 00:02:20,093
‫And so just like before, that data is actually in req.body.

44
00:02:21,070 --> 00:02:23,430
‫And so all of this is gonna return a Promise,

45
00:02:23,430 --> 00:02:25,920
‫and so we need to await that,

46
00:02:25,920 --> 00:02:28,683
‫and so that's the reason why this is an async function.

47
00:02:30,150 --> 00:02:32,403
‫And I see that up here, we need exports.

48
00:02:34,374 --> 00:02:36,740
‫And now in the next step, we will then

49
00:02:36,740 --> 00:02:40,310
‫actually send that newUser to the client.

50
00:02:40,310 --> 00:02:45,283
‫So res.status, which is 201 for created,

51
00:02:46,720 --> 00:02:48,453
‫and then our JSON object.

52
00:02:52,160 --> 00:02:53,763
‫So that is success again,

53
00:02:55,010 --> 00:02:58,250
‫and then our data property which is again

54
00:02:58,250 --> 00:02:59,690
‫called an envelope here,

55
00:02:59,690 --> 00:03:03,510
‫so a property that is gonna contain the data itself.

56
00:03:03,510 --> 00:03:05,770
‫And the data is now called user,

57
00:03:05,770 --> 00:03:07,723
‫when before it was called tour,

58
00:03:09,105 --> 00:03:12,323
‫and so what we're gonna send in here is the newUser.

59
00:03:13,890 --> 00:03:16,270
‫Give it a save, and before we try this out,

60
00:03:16,270 --> 00:03:18,810
‫remember that this is an async function,

61
00:03:18,810 --> 00:03:21,393
‫and so we need to think about error handling here.

62
00:03:22,500 --> 00:03:24,470
‫So what do we need to do here?

63
00:03:24,470 --> 00:03:26,840
‫Well, we need to wrap this entire function

64
00:03:26,840 --> 00:03:29,770
‫that we just created into the catchAsync function

65
00:03:29,770 --> 00:03:31,570
‫that we created in the last section.

66
00:03:32,810 --> 00:03:37,160
‫So remember how we did that in the tourController,

67
00:03:37,160 --> 00:03:39,640
‫where all of the functions that are asynchronous

68
00:03:39,640 --> 00:03:42,740
‫are wrapped into this catchAsync function

69
00:03:42,740 --> 00:03:43,900
‫so that we don't have to write

70
00:03:43,900 --> 00:03:47,640
‫the try catch block in each and every function here.

71
00:03:47,640 --> 00:03:49,440
‫Remember that from the last section?

72
00:03:50,410 --> 00:03:52,450
‫So actually I'm gonna go ahead

73
00:03:52,450 --> 00:03:55,963
‫and copy this require statement here.

74
00:04:00,190 --> 00:04:02,353
‫So a bit lazy sometimes,

75
00:04:03,220 --> 00:04:07,253
‫not feel like writing the same code over and over again,

76
00:04:08,360 --> 00:04:12,570
‫so catchAsync, and then we need to

77
00:04:12,570 --> 00:04:16,303
‫close that down right here in the end.

78
00:04:18,793 --> 00:04:20,220
‫And now, all we need to do is to

79
00:04:20,220 --> 00:04:22,393
‫actually implement the route so that

80
00:04:22,393 --> 00:04:25,440
‫this signup handler here then can get called.

81
00:04:25,440 --> 00:04:27,650
‫And so let's go to our userRoutes,

82
00:04:27,650 --> 00:04:31,400
‫which we actually already created sometime before,

83
00:04:31,400 --> 00:04:33,923
‫and we already have some routes in here.

84
00:04:34,930 --> 00:04:37,653
‫But actually I'm gonna create a new one here now.

85
00:04:43,990 --> 00:04:46,700
‫And as I mentioned right in the beginning of this video,

86
00:04:46,700 --> 00:04:48,700
‫the user resource is a bit different

87
00:04:48,700 --> 00:04:50,290
‫from all the other resources.

88
00:04:50,290 --> 00:04:52,730
‫Again, because it really has to do with

89
00:04:52,730 --> 00:04:54,680
‫all things authentication.

90
00:04:54,680 --> 00:04:57,010
‫And so we have a different controller for that

91
00:04:57,010 --> 00:05:00,410
‫so the authController, the function names

92
00:05:00,410 --> 00:05:02,110
‫also have some different names,

93
00:05:02,110 --> 00:05:05,143
‫and so we will actually also have a special route.

94
00:05:08,540 --> 00:05:11,770
‫Let's say router.post,

95
00:05:11,770 --> 00:05:15,313
‫and then we will create a route for signup, so /signup,

96
00:05:18,450 --> 00:05:20,270
‫and then this is where we will use

97
00:05:20,270 --> 00:05:22,370
‫that function that we just created before.

98
00:05:23,260 --> 00:05:24,800
‫And of course before we can do that

99
00:05:24,800 --> 00:05:27,963
‫we need to require that authentication controller.

100
00:05:29,520 --> 00:05:32,040
‫So let's just duplicate this line here

101
00:05:32,040 --> 00:05:37,040
‫and replace user in two places,

102
00:05:37,440 --> 00:05:39,713
‫and so here we have our authController,

103
00:05:41,416 --> 00:05:42,716
‫and so let's now use that.

104
00:05:44,340 --> 00:05:45,173
‫.signup.

105
00:05:47,050 --> 00:05:49,790
‫So as you see, the signup is really

106
00:05:49,790 --> 00:05:51,410
‫kind of a special endpoint.

107
00:05:51,410 --> 00:05:53,560
‫It doesn't fit the REST architecture

108
00:05:53,560 --> 00:05:55,070
‫that we talked about before,

109
00:05:55,070 --> 00:05:57,920
‫because in this case it doesn't make much sense.

110
00:05:57,920 --> 00:06:00,030
‫And so remember how we said that

111
00:06:00,030 --> 00:06:02,690
‫in some special cases, we of course can create

112
00:06:02,690 --> 00:06:07,690
‫other endpoints that do not 100% fit that REST philosophy

113
00:06:07,980 --> 00:06:09,853
‫that is basically implemented here.

114
00:06:10,950 --> 00:06:15,040
‫So this here of course follows 100% the REST philosophy,

115
00:06:15,040 --> 00:06:17,790
‫where the name of the URL has nothing to do

116
00:06:17,790 --> 00:06:19,950
‫with the action that is actually performed.

117
00:06:19,950 --> 00:06:22,080
‫While up here, of course, it has.

118
00:06:22,080 --> 00:06:23,960
‫So the name of the route is signup

119
00:06:23,960 --> 00:06:25,953
‫because we are signing up users.

120
00:06:26,880 --> 00:06:28,760
‫And also down here we have implemented

121
00:06:28,760 --> 00:06:30,940
‫all of these different HTTP warps

122
00:06:31,810 --> 00:06:34,773
‫but in here for signup, we only really need POST.

123
00:06:35,668 --> 00:06:38,520
‫So we cannot really get data from signup,

124
00:06:38,520 --> 00:06:41,810
‫or we cannot patch patch a signup, so not update it.

125
00:06:41,810 --> 00:06:43,170
‫Doesn't really make sense,

126
00:06:43,170 --> 00:06:45,140
‫and so in this case all we want to do

127
00:06:45,140 --> 00:06:47,160
‫is to have a route for signup,

128
00:06:47,160 --> 00:06:48,953
‫where we can only POST data.

129
00:06:50,170 --> 00:06:52,370
‫Because again, it makes only sense

130
00:06:52,370 --> 00:06:54,740
‫to actually send data to this route,

131
00:06:54,740 --> 00:06:57,820
‫so that the new user is then created.

132
00:06:57,820 --> 00:07:00,240
‫And we will have different routes similar to this one,

133
00:07:00,240 --> 00:07:03,820
‫like for login, or for reset password,

134
00:07:03,820 --> 00:07:06,003
‫and all kinds of stuff like that.

135
00:07:07,163 --> 00:07:10,150
‫And we will also keep these routes here

136
00:07:10,150 --> 00:07:12,930
‫so the ones in a more REST format,

137
00:07:12,930 --> 00:07:15,180
‫because there's also the possibility

138
00:07:15,180 --> 00:07:18,370
‫of a system administrator updating or deleting

139
00:07:18,370 --> 00:07:21,423
‫or getting all the users based on their ID.

140
00:07:22,620 --> 00:07:24,590
‫But we will take care of that later,

141
00:07:24,590 --> 00:07:25,890
‫for now we just want to implement

142
00:07:25,890 --> 00:07:28,970
‫all the functions that are about authentication.

143
00:07:28,970 --> 00:07:30,620
‫So basically functions that are

144
00:07:30,620 --> 00:07:33,340
‫only relevant for the user itself.

145
00:07:33,340 --> 00:07:36,180
‫So it's not an admin that is gonna sign up a user,

146
00:07:36,180 --> 00:07:38,730
‫or it's not an admin that's gonna login a user,

147
00:07:38,730 --> 00:07:41,580
‫but instead, it's the own user that's gonna

148
00:07:41,580 --> 00:07:45,040
‫sign up himself, or log in himself.

149
00:07:45,040 --> 00:07:46,613
‫Okay, does that make sense?

150
00:07:47,570 --> 00:07:50,160
‫So we should have everything in place now,

151
00:07:50,160 --> 00:07:53,830
‫so that it should now work when we create our new user.

152
00:07:53,830 --> 00:07:57,270
‫So when we sign up basically, for our application.

153
00:07:57,270 --> 00:07:58,683
‫So let's try that now.

154
00:08:01,020 --> 00:08:02,447
‫Let's just copy this URL,

155
00:08:06,610 --> 00:08:08,393
‫users, and then, signup.

156
00:08:11,743 --> 00:08:13,710
‫Then we need to specify the Body,

157
00:08:14,640 --> 00:08:19,190
‫we say raw, and then JSON.

158
00:08:19,190 --> 00:08:20,720
‫Oh and also, don't forget of course,

159
00:08:20,720 --> 00:08:22,223
‫to set this one to POST.

160
00:08:25,478 --> 00:08:27,830
‫So, what data do we need here?

161
00:08:27,830 --> 00:08:30,293
‫Remember, first one is the name,

162
00:08:34,710 --> 00:08:39,710
‫then the email, and I'm putting my own here actually,

163
00:08:46,211 --> 00:08:49,211
‫then the password, and so let's just

164
00:08:50,360 --> 00:08:52,560
‫do something here, it doesn't really matter.

165
00:08:54,850 --> 00:08:56,330
‫And again, we're gonna talk about

166
00:08:56,330 --> 00:08:58,383
‫password management a bit later,

167
00:08:59,290 --> 00:09:01,140
‫and actually right in the next video.

168
00:09:02,420 --> 00:09:04,960
‫So now this one here should be the same.

169
00:09:04,960 --> 00:09:08,143
‫So pass1234, just as a test.

170
00:09:09,287 --> 00:09:11,820
‫And the photo remember is not required,

171
00:09:11,820 --> 00:09:13,663
‫and so I'm not doing that.

172
00:09:15,040 --> 00:09:16,133
‫And so let's see now.

173
00:09:17,990 --> 00:09:20,180
‫And now we get this error here,

174
00:09:20,180 --> 00:09:22,853
‫and that's because I misspelled password here.

175
00:09:24,150 --> 00:09:27,373
‫Okay, so that would be the German way of writing it.

176
00:09:28,370 --> 00:09:29,890
‫And now it's right.

177
00:09:29,890 --> 00:09:33,460
‫Okay, and indeed, we get our new user here.

178
00:09:33,460 --> 00:09:34,580
‫Perfect.

179
00:09:34,580 --> 00:09:38,350
‫Now let's say that we tried to do this with a GET.

180
00:09:38,350 --> 00:09:39,800
‫What would we get?

181
00:09:39,800 --> 00:09:42,300
‫Well, "This route is not yet defined,"

182
00:09:42,300 --> 00:09:44,350
‫which is because we actually already

183
00:09:44,350 --> 00:09:47,620
‫kind of defined this route here,

184
00:09:47,620 --> 00:09:50,180
‫so basically this part here of the route,

185
00:09:50,180 --> 00:09:52,910
‫so let me quickly show you that,

186
00:09:52,910 --> 00:09:55,970
‫so it's not in the tourController,

187
00:09:55,970 --> 00:09:58,640
‫but in the userController.

188
00:09:58,640 --> 00:10:01,560
‫So basically we have getUser here,

189
00:10:01,560 --> 00:10:04,174
‫and then "This route is not yet defined."

190
00:10:04,174 --> 00:10:06,024
‫So that's the one that we're getting,

191
00:10:07,160 --> 00:10:09,860
‫but of course we're not not really interested in that.

192
00:10:11,460 --> 00:10:13,630
‫And let's now go ahead and save this here,

193
00:10:13,630 --> 00:10:16,613
‫to Postman so that we can then easily reuse it.

194
00:10:21,520 --> 00:10:22,513
‫So Sign Up.

195
00:10:24,700 --> 00:10:26,600
‫And now just to quickly confirm,

196
00:10:26,600 --> 00:10:29,420
‫let's actually open it in Compass here as well,

197
00:10:29,420 --> 00:10:32,320
‫and just see that at this point we only have tours,

198
00:10:32,320 --> 00:10:36,433
‫and so let's go here to natours, try to reload this,

199
00:10:37,490 --> 00:10:38,890
‫and that's probably up here,

200
00:10:41,000 --> 00:10:44,820
‫and so indeed, now we get our users collection here.

201
00:10:44,820 --> 00:10:47,120
‫So let's open that up, and indeed,

202
00:10:47,120 --> 00:10:49,470
‫we now get our first document here.

203
00:10:49,470 --> 00:10:51,640
‫So the user that we just created.

204
00:10:51,640 --> 00:10:54,430
‫Now in here you can see the plain password,

205
00:10:54,430 --> 00:10:57,270
‫and so of course that is not ideal.

206
00:10:57,270 --> 00:10:59,170
‫And of course, that is not ideal,

207
00:10:59,170 --> 00:11:03,090
‫so in a web application, passwords should never never ever

208
00:11:03,090 --> 00:11:05,983
‫be stored as plain in a database.

209
00:11:07,060 --> 00:11:10,020
‫So there's a lot of password management that needs to go on

210
00:11:10,020 --> 00:11:11,750
‫behind the scenes, and so that is

211
00:11:11,750 --> 00:11:14,513
‫exactly what we will do in the next video.