WEBVTT

00:03.790 --> 00:05.230
Hey, did everyone share?

00:05.230 --> 00:07.870
And in this video we're going to work through with the user.

00:07.900 --> 00:10.960
Now, what is this user route and what its goal?

00:10.990 --> 00:12.070
The goal is really simple.

00:12.070 --> 00:18.100
Anybody visits like something user dashboard or a user itself or slash me or something.

00:18.100 --> 00:21.360
There are lots of names for that, or maybe slash profile or something.

00:21.370 --> 00:26.830
The idea is user needs to able to get all the information that he has submitted to the application,

00:26.860 --> 00:31.120
his name, email, probably encrypted password, not usually.

00:31.330 --> 00:36.280
So name, email, photo, country, whatever you have asked to him, he should be able to grab all these

00:36.280 --> 00:37.090
information.

00:37.090 --> 00:42.190
So how this is accomplished, not in just this application, in every single application is remember

00:42.190 --> 00:44.160
I told you about middleware earlier?

00:44.170 --> 00:47.050
Yes, that's exactly the middleware that we worked on.

00:47.050 --> 00:52.150
So the job of the middleware is not only to authenticate the user that you are allowed to visit this

00:52.150 --> 00:56.530
resource or not, but sometimes is to inject some of the information as well.

00:56.530 --> 01:01.000
So what we're going to do if somebody visits and hit this route in between, we are going to capture

01:01.000 --> 01:04.200
that request, inject it into a middleware, middleware.

01:04.200 --> 01:07.990
It will populate more information into it, and then we are going to pass it further.

01:08.080 --> 01:13.630
Now, just like we have this request or body request cookie, you can inject your own objects in this

01:13.900 --> 01:18.070
big massive object as well, rather more properties in this object.

01:18.070 --> 01:24.640
So you can add request user, you can add request dot client, request, dot my user, whatever you

01:24.640 --> 01:25.360
like to call that.

01:25.360 --> 01:28.300
The general philosophy is to call it as always user.

01:28.300 --> 01:32.380
So in majority of application you are going to see as request of the user, but it's not compulsory.

01:32.380 --> 01:34.360
Feel free to call it as request of Superman.

01:34.360 --> 01:35.230
It's up to you.

01:35.230 --> 01:40.300
So let's go ahead and work on with the middleware so how this middleware is going to work on.

01:40.300 --> 01:43.000
Let's go up and create another middleware.

01:43.360 --> 01:44.980
So where is my middleware?

01:44.980 --> 01:46.060
There we go at the top.

01:46.060 --> 01:50.620
So what we're going to call this one as middleware, since we are going with the all user, let's call

01:50.620 --> 01:52.030
it as user middleware.

01:52.030 --> 01:58.360
So inside this one, I'm going to call this one as simply user Dages and we're going to be throwing

01:58.360 --> 02:00.580
up a couple of methods from this middleware.

02:00.640 --> 02:04.900
So the first thing is we need to import some of the big promises and models and all of that.

02:04.900 --> 02:07.000
So obviously we'll be injecting some information.

02:07.000 --> 02:09.130
I don't know from where to bring this information.

02:09.220 --> 02:11.410
This will obviously come from the user as well.

02:11.410 --> 02:16.300
So we're going to go ahead and say, hey, I want to bring in user and that user will be coming from

02:16.300 --> 02:23.200
require let's go one directory back into the models and we just have one as of now which is user.

02:23.200 --> 02:27.220
In fact, we can go into the user controller and bring some things from the top.

02:27.220 --> 02:32.590
So we need big promise and now we don't need big promise.

02:32.800 --> 02:33.790
Yeah, we need it.

02:33.790 --> 02:35.410
And the customer as well.

02:35.410 --> 02:40.240
So let's go ahead and bring them both at least as of now and let's go ahead and work on.

02:41.050 --> 02:41.560
Okay.

02:41.560 --> 02:42.310
Now moving on.

02:42.310 --> 02:45.670
What we're going to do is we're going to directly go ahead and export a method.

02:45.670 --> 02:50.620
So export dot we're going to say is logged in.

02:50.620 --> 02:55.150
So this is a method which will also take care of whether the user is logged in or not.

02:55.150 --> 03:00.070
We'll also inject some information in the middle of whatever the request is going on.

03:00.130 --> 03:03.670
So again, just like always, we're going to wrap everything around the big promise.

03:03.670 --> 03:05.980
So there we go, Big Promise.

03:06.430 --> 03:10.780
And since we are talking through the database, and database is always in another continent.

03:10.780 --> 03:14.710
So we got request response and for sure the next.

03:14.710 --> 03:17.270
Sometimes people like to call this as callback.

03:17.320 --> 03:20.320
CB I really don't like that, but it's up to you.

03:20.590 --> 03:25.660
So the job one is to extract the token in case you noticed into the postman as well.

03:25.690 --> 03:31.330
We are throwing the this token almost everywhere so far and request login reset, whatever this is.

03:31.330 --> 03:35.500
The whole job of this token is actually to able to extract some information.

03:35.500 --> 03:37.480
What we are cooking up into this token.

03:37.480 --> 03:41.350
This token is combined of not too much information, just the ID itself.

03:41.350 --> 03:46.780
So when we were cooking up this token, the cookie token notice, we are not sending too much of information.

03:46.780 --> 03:49.600
We are saying, hey, just go ahead and get this JWT token.

03:49.600 --> 03:51.940
So let's go ahead and explore this method as well.

03:52.360 --> 03:55.060
And which is mentioned in the models itself.

03:55.540 --> 04:00.220
Having a look again always gives you a more confidence and what we are actually doing.

04:00.220 --> 04:02.560
So this is my get JWT token notice.

04:02.560 --> 04:08.980
It is comprised of just just the ID field and we need to find a user based on this ID, but the first

04:08.980 --> 04:11.170
job is to actually grab the token.

04:11.170 --> 04:15.490
So let's go ahead and say that I want to grab a token from where this token will come up.

04:15.490 --> 04:19.180
Probably request dot cookies, dot token.

04:19.630 --> 04:23.860
Remember, we are not calling it as cookie, it is cookies, so it might be there.

04:23.860 --> 04:29.020
Or we can just go ahead and say our field because sometimes it might be a mobile application and it

04:29.020 --> 04:31.510
might be coming up into the header itself.

04:31.510 --> 04:35.830
When it is coming up into the header, this is how it is looking usually looks like.

04:35.830 --> 04:37.180
So let me show you that.

04:37.180 --> 04:41.500
So into the header, there will be a field known as authorization.

04:41.500 --> 04:45.370
So yeah, this exact guy will be copying it because I need to use that.

04:45.370 --> 04:51.310
And then in the value you just go ahead and say beer and then a space and then you paste the token.

04:51.310 --> 04:55.510
So this is how the value usually comes up and the beer and the space is compulsory.

04:55.510 --> 04:57.160
This is how the format is.

04:57.430 --> 05:01.420
So we can say that hey into the request dot header we might want to.

05:01.470 --> 05:07.970
Grab some information which is called US authorisation and further down the road we want to replace

05:07.970 --> 05:08.660
it with something.

05:08.660 --> 05:11.690
So we're going to go ahead and change on whatever the value is.

05:11.690 --> 05:16.370
I know the value is beer space token, but I want to extract only the token.

05:16.370 --> 05:18.590
So I'm going to use the classic JavaScript.

05:18.590 --> 05:21.740
I'm going to go ahead and say Replace, what do I want to replace?

05:21.830 --> 05:27.350
I want to replace beer and a space with nothing.

05:27.350 --> 05:34.430
So that will give me a PR token in case in case your token is stored somewhere else, maybe in the body.

05:34.430 --> 05:40.430
Just go ahead and just after this request or token here, just add request or body token however you

05:40.430 --> 05:42.830
are sending up, there can be a lot more places.

05:42.830 --> 05:43.370
Okay.

05:44.060 --> 05:47.780
Assuming that now we have access of this token, but what if we don't?

05:47.780 --> 05:49.700
So let's go ahead and take care of that situation.

05:49.700 --> 05:55.640
If I don't have token now or probably it is undefined, then I can go ahead and simply return an error

05:55.640 --> 05:55.910
here.

05:55.910 --> 06:00.930
So return next new custom command.

06:00.980 --> 06:01.940
Custom error.

06:02.030 --> 06:06.500
And that will be this will be a kind of a middleware error.

06:06.500 --> 06:07.970
So we cannot pass on any error.

06:07.970 --> 06:18.980
We will be simply saying login first to access this page and we'll be saying this is actually a41 error,

06:19.730 --> 06:23.870
assuming that we have crossed this conditional check, that means token is there.

06:23.900 --> 06:26.570
Now we need to grab some information from this token.

06:26.570 --> 06:29.360
In order to grab some information we need JWT.

06:29.360 --> 06:31.280
Let's go ahead and bring in JWT.

06:31.280 --> 06:34.010
So we're going to say const JWT.

06:34.040 --> 06:40.340
That will be coming up from REQUIRE and that will be coming up from JSON Web token.

06:40.550 --> 06:41.240
Okay.

06:41.270 --> 06:42.740
Let's decode this token.

06:42.740 --> 06:44.510
We have done that already once in the past.

06:44.510 --> 06:46.940
And one of the sections, I'm pretty sure you are aware of it.

06:47.060 --> 06:48.080
So how do we do that?

06:48.080 --> 06:52.760
We simply go ahead and say, Hey, JWT, you can actually sign the token, but you can also verify the

06:52.760 --> 06:53.390
token.

06:53.480 --> 06:59.180
So we'll be saying, hey, verify this token and how you're going to verify that you are going to verify

06:59.180 --> 07:02.420
that based on the secret that I have only I have this one.

07:02.420 --> 07:04.940
So process dot and V dot.

07:04.970 --> 07:06.350
What did we call that?

07:07.040 --> 07:08.360
We called it.

07:09.310 --> 07:11.500
US JWT secret.

07:11.500 --> 07:11.750
Yeah.

07:11.800 --> 07:12.580
Super easy.

07:14.380 --> 07:18.650
So based on this secret, you can actually verify this token.

07:18.670 --> 07:20.680
Let's go ahead and hold this into a variable.

07:20.680 --> 07:22.780
Usually this is called as decoded.

07:23.140 --> 07:24.730
And feel free to call it anything.

07:24.730 --> 07:25.570
It's just a variable.

07:25.570 --> 07:27.370
But this is common practice out there.

07:27.670 --> 07:32.320
Now, this token has all the values that you have thrown inside it with a simple dot notation.

07:32.320 --> 07:36.540
So decode it, decode email, whatever you have injected in the token.

07:36.550 --> 07:40.120
I have injected just one thing which is ID, so which is super easy for me.

07:40.270 --> 07:46.330
What further down the road I can do is I can bring this model and I can say user dot find not find by

07:46.330 --> 07:50.410
one but different this time find by ID because I have stored ID in this one.

07:50.830 --> 07:58.150
So I'm going to go ahead and say Hey Decoded Dot ID, this will give me access of this ID, let's hold

07:58.150 --> 07:59.410
the user into available.

07:59.410 --> 08:03.070
So we're going to call this one as let's call this one as.

08:04.280 --> 08:10.030
Request dot user and we're going to go ahead and say this one is going to be of eight.

08:10.370 --> 08:10.640
Okay.

08:10.700 --> 08:12.380
Now, a little bit more to that.

08:12.380 --> 08:14.540
I cannot actually use a cost here.

08:14.780 --> 08:16.700
I will say directly request dot user.

08:16.700 --> 08:19.790
So what I'm doing here is this request has a lot of properties.

08:19.790 --> 08:22.480
I saw that it has requested cookies request dot header.

08:22.490 --> 08:26.000
I'm injecting one of my property here which is request dot user.

08:26.000 --> 08:28.580
I can call this request or Superman, no problem.

08:28.580 --> 08:33.050
But this is kind of a usual practice to call this one as request dot user.

08:33.050 --> 08:34.110
So anybody.

08:34.130 --> 08:35.180
Now this is a middleware.

08:35.180 --> 08:40.940
So in between I have injected one more information onto this request and this can be accessed anywhere,

08:40.940 --> 08:42.470
wherever this token is present.

08:42.470 --> 08:44.900
So because everything is happening based on token.

08:45.200 --> 08:47.750
Now, further down the road, I have to do nothing at all.

08:47.750 --> 08:52.400
I have to just pass on this next so that whatever the information is, it can keep on continuing.

08:52.400 --> 08:53.510
And that's all I have to do.

08:53.690 --> 08:55.850
So this is the basic idea of the middleware.

08:55.850 --> 09:01.970
You not only verify that the token is present or not, or you also actually inject some information.

09:01.970 --> 09:06.370
And now we have exported this is logged in so we can actually use that.

09:06.380 --> 09:10.760
So further down the road things are like super, even super, super easy after that.

09:10.760 --> 09:12.740
Let's go ahead and catch up in the next video.