WEBVTT

00:03.820 --> 00:05.290
Hey there, everyone they share.

00:05.290 --> 00:09.130
And just one final video because I wanted to show you a little bit more ahead of that.

00:09.340 --> 00:13.420
Now, we have worked on with everything we are able to log in, store the user in the database.

00:13.420 --> 00:17.080
And in fact, if I go ahead and check with the database, I have logged in with multiple times with

00:17.080 --> 00:17.710
the same email.

00:17.710 --> 00:19.510
I'm not creating multiple entries.

00:19.540 --> 00:21.720
This is all going in basic flow.

00:21.730 --> 00:27.240
Nothing that we haven't seen so far in the code, but we are not yet protected on the home route.

00:27.250 --> 00:32.290
The thing is that in the case of our application, which is our t shirt store, we were too much relied

00:32.290 --> 00:33.430
on the token itself.

00:33.430 --> 00:37.690
And that's why I told you that we can actually go ahead and create the cookie token, because if you

00:37.690 --> 00:42.790
are going to allow this a serialization and serialization being happening, why are the passport?

00:42.790 --> 00:46.450
Passport doesn't give you the tokens actually are not easily accessible.

00:46.450 --> 00:48.520
You can access that but not that much easily.

00:48.520 --> 00:51.280
They actually give you directly this request of the user.

00:51.280 --> 00:56.680
So what we were doing in the past that how we were injecting the things and request dot user now the

00:56.680 --> 01:00.280
middleware in case you are using passport as a total strategy for everything.

01:00.280 --> 01:07.030
And by the way, just in case you missed that part, if I go on to the home, not home strategies,

01:07.030 --> 01:11.740
if you look into the strategies, we have this passport local, which is a strategy absolutely designed

01:11.740 --> 01:15.880
for what we have designed in the past, the username and the password or email the password.

01:15.880 --> 01:17.200
So you want to use that.

01:17.200 --> 01:20.080
You have to actually write your middleware a little bit different.

01:20.080 --> 01:23.140
You cannot just copy paste the middleware that I have worked on.

01:23.140 --> 01:24.880
You have to design it differently.

01:24.880 --> 01:31.510
So in this case, we have noticed that inside the auth request that user is present if we get a successful

01:31.510 --> 01:33.190
callback from the Google itself.

01:33.190 --> 01:38.290
So we can use this as a simple middleware to check whether the user is logged in or not.

01:38.320 --> 01:43.840
Just to give you a brief overview, I usually don't write my callbacks or these middleware up here,

01:43.840 --> 01:46.090
but let's go ahead and add a middleware up here.

01:46.090 --> 01:51.340
So we're going to go ahead and call simply const and we're going to call is logged in.

01:51.340 --> 01:54.730
So if the user is logged in, this will be true and so, so on.

01:54.730 --> 02:00.190
So we're going to go ahead and say request response and next, just like always, let's go ahead and

02:00.190 --> 02:01.210
work on with that.

02:01.210 --> 02:05.980
We're going to simply check if the user if there is a request or the user or not.

02:05.980 --> 02:11.170
So we have seen that if the serialization works properly, token cookie session, everything is handled,

02:11.170 --> 02:12.880
then the request user is present.

02:12.880 --> 02:16.600
Otherwise not if the request of the user is not present.

02:16.600 --> 02:21.550
That means rez dot redirect direct.

02:22.180 --> 02:23.200
Is that correct?

02:23.800 --> 02:24.490
Redirect?

02:24.490 --> 02:24.700
Yeah.

02:24.730 --> 02:25.180
Looks good.

02:25.220 --> 02:25.660
Okay.

02:25.660 --> 02:30.330
So if the user is not logged in, that means the request or the user is not present.

02:30.340 --> 02:34.810
Then in that case, I would love to redirect you to slash or slash login.

02:35.410 --> 02:38.380
And if he is logged in, then I'm not worried.

02:38.380 --> 02:41.080
I'm going to go ahead and say, hey, just keep on, continue that.

02:41.080 --> 02:44.470
So now I have this is logged in and I can protect any route.

02:44.470 --> 02:46.930
Remember, this is exactly what we have been doing.

02:46.930 --> 02:49.960
But in that case, we have to bring in the token, find the user.

02:49.990 --> 02:50.950
There's a lot of us now.

02:50.950 --> 02:52.870
Passport is taking care of all of that.

02:52.870 --> 02:56.260
So all I have to do is inject this middleware wherever I want.

02:56.260 --> 02:57.730
I want to inject it up here.

02:57.730 --> 03:00.060
Let's go ahead and inject that, put a comma and that's it.

03:00.070 --> 03:01.510
Now this route is protected.

03:01.510 --> 03:04.000
If I'm logged in, then only I can access this one.

03:04.000 --> 03:07.330
Let's go ahead and verify the theory that we have been presenting so far.

03:07.360 --> 03:08.740
Let's go ahead and hit a reload.

03:08.740 --> 03:10.810
Now, I'm not able to visit the home page.

03:10.810 --> 03:16.120
If I go up it says, Hey, the request dot user doesn't exist, so you are not allowed to visit that.

03:16.120 --> 03:18.160
If I log out, obviously I can.

03:18.160 --> 03:20.590
Let's go ahead and hit on login where I'm already.

03:20.590 --> 03:26.770
I'm going to go head into the Google quickly, go ahead and say log in and it gives me all of that data.

03:26.770 --> 03:29.290
We are not redirecting it from here automatically.

03:29.290 --> 03:29.950
We should be.

03:29.950 --> 03:33.580
But this is kept here especially to show you what is happening now.

03:33.580 --> 03:35.830
I can go back and I'm allowed to see the home page.

03:35.830 --> 03:41.500
So this is a proof that yes, you are logged in and when I go ahead and do a log out, the log enable

03:41.560 --> 03:44.080
cookie part of the session is now removed.

03:44.080 --> 03:45.340
So that is important.

03:45.340 --> 03:49.060
It still maintains a session, but I'm not able to visit the home page.

03:49.060 --> 03:52.540
So this sums up the entirety of the things that how to use this one.

03:53.020 --> 03:57.670
Now again, passport is a great way, but you have to think about your application from the very start

03:57.670 --> 04:02.350
that are you going to use passport or not, because a bunch of things actually changes in the architecture

04:02.380 --> 04:05.230
if you have application, your middleware and a bunch of other things.

04:05.230 --> 04:09.370
And I've seen in some of the application, if you are planning a whole lot of social logins and beta

04:09.370 --> 04:13.330
tokens and a whole bunch of other things, injecting the passport actually makes your life a little

04:13.330 --> 04:13.930
bit easier.

04:13.930 --> 04:16.690
But again, don't just blindly write the code.

04:16.690 --> 04:20.650
Always try to understand what is happening, why is it happening and what's going to do when you're

04:20.650 --> 04:21.880
going to change something.

04:21.970 --> 04:23.470
So I hope you have enjoyed this one.

04:23.470 --> 04:25.660
Let's go ahead and catch up and there's some video.