1
00:00:00,890 --> 00:00:04,850
‫So after updating, let's now also allow the current user

2
00:00:04,850 --> 00:00:07,293
‫to basically delete his account.

3
00:00:09,070 --> 00:00:12,069
‫Now when a user decides to delete his account,

4
00:00:12,069 --> 00:00:16,390
‫we actually do not delete that document from the database.

5
00:00:16,390 --> 00:00:20,580
‫But instead we actually just set the account to inactive.

6
00:00:20,580 --> 00:00:23,170
‫So that the user might at some point in the future

7
00:00:23,170 --> 00:00:26,910
‫reactivate the account and also so that we still

8
00:00:26,910 --> 00:00:29,820
‫can basically access the account in the future,

9
00:00:29,820 --> 00:00:33,450
‫even if officially, let's say it has been deleted.

10
00:00:33,450 --> 00:00:34,440
‫Okay?

11
00:00:34,440 --> 00:00:36,380
‫So to implement this, first of all

12
00:00:36,380 --> 00:00:39,430
‫we need to create a new property in our schema.

13
00:00:39,430 --> 00:00:40,850
‫So,

14
00:00:40,850 --> 00:00:42,090
‫let's go there.

15
00:00:42,090 --> 00:00:43,740
‫And now we want to have

16
00:00:45,440 --> 00:00:47,163
‫a field called active.

17
00:00:48,210 --> 00:00:49,043
‫Okay.

18
00:00:50,550 --> 00:00:52,150
‫Which should be of the type

19
00:00:54,370 --> 00:00:55,550
‫Boolean.

20
00:00:55,550 --> 00:00:57,430
‫Okay, and by default

21
00:00:57,430 --> 00:00:58,263
‫it's gonna be

22
00:00:59,170 --> 00:01:00,040
‫true.

23
00:01:00,040 --> 00:01:02,180
‫So any user that is created new

24
00:01:02,180 --> 00:01:04,430
‫is of course an active user

25
00:01:04,430 --> 00:01:07,300
‫and so the Boolean is set to true.

26
00:01:07,300 --> 00:01:11,360
‫Also, we do not want to show this in the output, okay.

27
00:01:11,360 --> 00:01:13,350
‫Because we basically want to hide

28
00:01:13,350 --> 00:01:16,077
‫this implementation detail from the user.

29
00:01:16,077 --> 00:01:17,260
‫Okay?

30
00:01:17,260 --> 00:01:19,920
‫And so we don't want anyone to know

31
00:01:19,920 --> 00:01:24,390
‫that this flag, so this active flag is here, okay.

32
00:01:24,390 --> 00:01:28,930
‫So we say select, and set it to false, all right.

33
00:01:28,930 --> 00:01:29,883
‫And so,

34
00:01:30,830 --> 00:01:33,140
‫to delete the user now,

35
00:01:33,140 --> 00:01:35,400
‫all we need to do is basically set

36
00:01:35,400 --> 00:01:38,210
‫that active flag to false.

37
00:01:38,210 --> 00:01:39,043
‫Okay.

38
00:01:40,130 --> 00:01:42,390
‫So let's create that function here,

39
00:01:42,390 --> 00:01:43,223
‫exports

40
00:01:44,170 --> 00:01:45,529
‫.deleteMe,

41
00:01:45,529 --> 00:01:46,930
‫so it was updateMe

42
00:01:46,930 --> 00:01:47,763
‫and now it's deleteMe

43
00:01:47,763 --> 00:01:51,614
‫and so we already know that we're using

44
00:01:51,614 --> 00:01:54,410
‫a catchAsync here, right?

45
00:01:54,410 --> 00:01:58,570
‫And then Async because we basically already know

46
00:01:58,570 --> 00:02:01,150
‫that we're gonna update the user.

47
00:02:01,150 --> 00:02:02,960
‫So request responds

48
00:02:02,960 --> 00:02:03,913
‫next.

49
00:02:06,470 --> 00:02:08,300
‫So, await

50
00:02:08,300 --> 00:02:10,700
‫User.find

51
00:02:10,700 --> 00:02:12,573
‫by ID and update.

52
00:02:13,800 --> 00:02:15,960
‫Okay, and again, of course there's only works

53
00:02:15,960 --> 00:02:18,830
‫for logged in users and so the user ID is

54
00:02:18,830 --> 00:02:21,617
‫conveniently stored at request

55
00:02:21,617 --> 00:02:23,800
‫.user.id.

56
00:02:23,800 --> 00:02:25,630
‫and the data that we want to update

57
00:02:26,680 --> 00:02:28,010
‫is simply active

58
00:02:28,900 --> 00:02:30,893
‫and set it to false.

59
00:02:31,870 --> 00:02:33,280
‫All right.

60
00:02:33,280 --> 00:02:37,560
‫Now sending back the response is also pretty easy.

61
00:02:37,560 --> 00:02:40,100
‫We use the 204 code

62
00:02:40,100 --> 00:02:43,280
‫for deleted which will then make it so that actually

63
00:02:43,280 --> 00:02:47,230
‫in Postman we do not even see this response, okay.

64
00:02:47,230 --> 00:02:49,830
‫But we still send it along with the request

65
00:02:50,770 --> 00:02:52,720
‫'cause that's always the best practice.

66
00:02:54,090 --> 00:02:56,610
‫So, it's still a success

67
00:02:56,610 --> 00:02:59,470
‫and then remember we don't send any data.

68
00:02:59,470 --> 00:03:01,343
‫So, simply set it to no.

69
00:03:02,890 --> 00:03:05,080
‫All right, and now of course add it

70
00:03:05,080 --> 00:03:07,193
‫also to all routes here.

71
00:03:08,850 --> 00:03:10,223
‫So that's pretty similar.

72
00:03:11,840 --> 00:03:12,880
‫So deleteMe

73
00:03:14,620 --> 00:03:16,420
‫then here deleteMe as well

74
00:03:16,420 --> 00:03:20,373
‫and now actually we are using the delete http method.

75
00:03:21,480 --> 00:03:24,670
‫Okay, and again, we will not actually delete

76
00:03:24,670 --> 00:03:26,570
‫a user from the database.

77
00:03:26,570 --> 00:03:30,550
‫But as long as the user is no longer accessible anywhere

78
00:03:30,550 --> 00:03:34,277
‫then it's still okay to use this http method here.

79
00:03:34,277 --> 00:03:37,663
‫All right, so let's try this out now.

80
00:03:38,900 --> 00:03:42,010
‫Okay, even though we're not 100% ready yet

81
00:03:43,080 --> 00:03:46,193
‫but let's still try this now.

82
00:03:47,200 --> 00:03:48,033
‫All right,

83
00:03:49,280 --> 00:03:50,629
‫so,

84
00:03:50,629 --> 00:03:51,720
‫deleteMe

85
00:03:51,720 --> 00:03:53,530
‫and it is a protected route

86
00:03:53,530 --> 00:03:55,290
‫and so we need to be signed in

87
00:03:56,150 --> 00:03:59,923
‫and so let's create our authorization header,

88
00:04:00,910 --> 00:04:03,350
‫Bearer Token and of course this one

89
00:04:04,640 --> 00:04:06,040
‫and that's actually it.

90
00:04:06,040 --> 00:04:08,730
‫We don't need to pass any data in the body.

91
00:04:08,730 --> 00:04:11,173
‫We don't need to pass any data in the URL.

92
00:04:12,010 --> 00:04:15,210
‫All right, because again, the only data that is needed

93
00:04:15,210 --> 00:04:18,560
‫is the current user ID and that one isn't coded

94
00:04:18,560 --> 00:04:21,150
‫inside of our adjacent web token.

95
00:04:21,150 --> 00:04:21,983
‫Okay?

96
00:04:23,510 --> 00:04:25,720
‫So what we also need to do is delete

97
00:04:26,660 --> 00:04:29,240
‫and yeah this should work now.

98
00:04:29,240 --> 00:04:31,830
‫So before we do that let's actually get the list

99
00:04:31,830 --> 00:04:33,113
‫of all the users.

100
00:04:34,870 --> 00:04:38,110
‫All right and so the one that we are deleting now

101
00:04:38,110 --> 00:04:39,533
‫is this last one.

102
00:04:41,060 --> 00:04:44,300
‫So this one that we just created in the last lecture.

103
00:04:44,300 --> 00:04:47,270
‫Okay, and we are working with this one

104
00:04:47,270 --> 00:04:49,710
‫because it's the last one who logged in

105
00:04:49,710 --> 00:04:51,370
‫and so it's this token here

106
00:04:51,370 --> 00:04:54,460
‫which is right now stored in our token variable.

107
00:04:54,460 --> 00:04:57,020
‫Okay, and so when we're now deleting the user

108
00:04:57,020 --> 00:05:00,163
‫it will be based on the ID coming from this token.

109
00:05:01,700 --> 00:05:03,093
‫So let's try that now.

110
00:05:06,080 --> 00:05:08,690
‫And indeed we get our 204.

111
00:05:08,690 --> 00:05:11,600
‫And now what I'm interested in is to see

112
00:05:11,600 --> 00:05:13,763
‫if the select property here has changed.

113
00:05:15,290 --> 00:05:17,820
‫And it actually looks exactly the same here.

114
00:05:17,820 --> 00:05:19,760
‫And that's because we're not leaking

115
00:05:19,760 --> 00:05:22,460
‫the select field to the user.

116
00:05:22,460 --> 00:05:25,053
‫And so we actually need to see it here.

117
00:05:26,180 --> 00:05:31,110
‫Okay and so indeed we have active here set to false.

118
00:05:31,110 --> 00:05:34,560
‫Okay, so that's what I wanted to say before.

119
00:05:34,560 --> 00:05:37,640
‫So we're not leaking the active fields

120
00:05:37,640 --> 00:05:40,020
‫to the user, not the select field.

121
00:05:40,020 --> 00:05:42,230
‫So active is only visible for us here

122
00:05:42,230 --> 00:05:45,280
‫in compass but not for the user.

123
00:05:45,280 --> 00:05:46,920
‫Now as a last step,

124
00:05:46,920 --> 00:05:50,080
‫we then of course do not want to show up the

125
00:05:50,080 --> 00:05:53,960
‫inactive users in this output, right.

126
00:05:53,960 --> 00:05:57,400
‫And how do you think we could implement this?

127
00:05:57,400 --> 00:06:00,500
‫Well we're gonna use something that is way back

128
00:06:00,500 --> 00:06:03,400
‫that we talked about like two or three sections ago

129
00:06:03,400 --> 00:06:06,140
‫which is query middleware, okay.

130
00:06:06,140 --> 00:06:08,940
‫So query middleware is perfect for this

131
00:06:08,940 --> 00:06:11,380
‫because now we can basically add a step

132
00:06:11,380 --> 00:06:14,160
‫before any other query that we're doing then

133
00:06:14,160 --> 00:06:16,500
‫somewhere in our application.

134
00:06:16,500 --> 00:06:19,810
‫So let's go to our user model here

135
00:06:19,810 --> 00:06:21,763
‫and add that middleware here.

136
00:06:25,310 --> 00:06:26,657
‫So userSchema

137
00:06:29,339 --> 00:06:32,850
‫.pre, so something that will happen

138
00:06:32,850 --> 00:06:37,760
‫before a query and that query will be a find.

139
00:06:37,760 --> 00:06:40,583
‫Okay, so this is what makes this query middleware.

140
00:06:42,330 --> 00:06:44,670
‫Then a regular function

141
00:06:44,670 --> 00:06:46,390
‫because remember that otherwise

142
00:06:46,390 --> 00:06:49,600
‫we're not having access to the discord

143
00:06:49,600 --> 00:06:51,460
‫or at least it won't have the value

144
00:06:51,460 --> 00:06:53,560
‫that we expect it to have.

145
00:06:53,560 --> 00:06:55,440
‫And remember that here we actually

146
00:06:55,440 --> 00:06:57,820
‫used a regular expression before

147
00:06:57,820 --> 00:07:00,520
‫basically to say that we want this middleware function

148
00:07:00,520 --> 00:07:03,850
‫to apply to every query that starts with find.

149
00:07:03,850 --> 00:07:07,290
‫So not just find but also stuff like find and update,

150
00:07:07,290 --> 00:07:10,290
‫find and delete, and all queries like that.

151
00:07:10,290 --> 00:07:14,670
‫Okay, and so we use a regular expression

152
00:07:14,670 --> 00:07:18,600
‫looking for words or strings that start with find.

153
00:07:18,600 --> 00:07:20,883
‫So that's what this symbol here does.

154
00:07:22,080 --> 00:07:24,250
‫And then end the regular expression.

155
00:07:24,250 --> 00:07:25,720
‫So a very simple one.

156
00:07:25,720 --> 00:07:27,650
‫This is the one that even I can write

157
00:07:27,650 --> 00:07:30,600
‫without going to Google first

158
00:07:30,600 --> 00:07:32,480
‫and try to find it there.

159
00:07:32,480 --> 00:07:36,760
‫Okay, so remember this is query middleware

160
00:07:36,760 --> 00:07:40,840
‫and so therefore this points to the current

161
00:07:42,350 --> 00:07:43,183
‫query.

162
00:07:43,183 --> 00:07:47,070
‫Okay, and so let's just quickly go back here

163
00:07:47,070 --> 00:07:48,970
‫to see how it works.

164
00:07:48,970 --> 00:07:52,900
‫So we have our get all users here

165
00:07:52,900 --> 00:07:55,880
‫and here of course we have a find query.

166
00:07:55,880 --> 00:07:58,840
‫And now before that query is actually executed

167
00:07:58,840 --> 00:08:00,540
‫we want to add something to it.

168
00:08:00,540 --> 00:08:03,260
‫Which is that we only want to find documents

169
00:08:03,260 --> 00:08:05,823
‫which have the active property set to true.

170
00:08:07,100 --> 00:08:09,840
‫All right, so that's easy.

171
00:08:09,840 --> 00:08:10,673
‫Here it is.

172
00:08:11,610 --> 00:08:12,443
‫And so

173
00:08:13,610 --> 00:08:15,037
‫this

174
00:08:15,037 --> 00:08:15,980
‫.find

175
00:08:15,980 --> 00:08:17,910
‫and then of course our filter object

176
00:08:19,930 --> 00:08:24,180
‫only documents with active set to true.

177
00:08:24,180 --> 00:08:25,013
‫And that's it.

178
00:08:27,610 --> 00:08:31,410
‫Calling the next middleware and we're done.

179
00:08:31,410 --> 00:08:34,350
‫Okay, and so if we now do the same query

180
00:08:34,350 --> 00:08:36,840
‫then this last one should no longer show up

181
00:08:36,840 --> 00:08:40,240
‫because again it has active set to false.

182
00:08:40,240 --> 00:08:42,180
‫And so it's not going to match the query

183
00:08:42,180 --> 00:08:43,223
‫that we just wrote.

184
00:08:45,400 --> 00:08:48,530
‫Okay, now we don't get any users here

185
00:08:48,530 --> 00:08:51,230
‫and I guess that's because the other ones

186
00:08:51,230 --> 00:08:53,360
‫they do not have explicitly

187
00:08:53,360 --> 00:08:55,810
‫the active property set to true.

188
00:08:55,810 --> 00:08:58,950
‫And so let's do what we actually did in that other section

189
00:08:58,950 --> 00:09:02,230
‫where we say that active should not be false.

190
00:09:02,230 --> 00:09:03,690
‫Okay,

191
00:09:03,690 --> 00:09:05,900
‫so we use the not equal to

192
00:09:05,900 --> 00:09:09,343
‫operator and that of course should be in it's own object.

193
00:09:10,290 --> 00:09:12,690
‫So not equal to false.

194
00:09:12,690 --> 00:09:16,540
‫Okay, so that is quite different here in this case.

195
00:09:16,540 --> 00:09:18,790
‫All right, so all documents where active

196
00:09:18,790 --> 00:09:21,642
‫is not equal to false should now show up

197
00:09:21,642 --> 00:09:24,883
‫and so the other two should now be back.

198
00:09:24,883 --> 00:09:27,390
‫And indeed here they are.

199
00:09:27,390 --> 00:09:31,190
‫Okay and so this is how we basically delete our users

200
00:09:31,190 --> 00:09:34,760
‫while effectively not deleting them from the database.

201
00:09:34,760 --> 00:09:37,210
‫Okay, so we're not deleting documents

202
00:09:37,210 --> 00:09:39,883
‫we're only marking them as inactive.

203
00:09:41,100 --> 00:09:43,963
‫Okay, let's just quickly save this here.

204
00:09:46,180 --> 00:09:47,013
‫Delete

205
00:09:48,680 --> 00:09:50,930
‫current user.

206
00:09:50,930 --> 00:09:53,470
‫Great and with this we actually finished

207
00:09:53,470 --> 00:09:55,970
‫the authentication and authorization part

208
00:09:55,970 --> 00:09:57,460
‫of this section.

209
00:09:57,460 --> 00:10:00,440
‫So everything that was related to these topics

210
00:10:00,440 --> 00:10:04,410
‫and also to to users like updating and deleting users.

211
00:10:04,410 --> 00:10:07,000
‫That's also kind of a part of authentication

212
00:10:07,000 --> 00:10:08,410
‫and authorization.

213
00:10:08,410 --> 00:10:10,020
‫Now in the rest of this section,

214
00:10:10,020 --> 00:10:12,210
‫we're gonna talk about security

215
00:10:12,210 --> 00:10:14,740
‫because of course that's also kind of related

216
00:10:14,740 --> 00:10:16,210
‫to authentication.

217
00:10:16,210 --> 00:10:18,530
‫Okay, so we're gonna talk about a couple of

218
00:10:18,530 --> 00:10:21,090
‫best practices and then also implement

219
00:10:21,090 --> 00:10:22,963
‫some of them into our project.