WEBVTT

00:03.790 --> 00:05.380
Hated everyone they share.

00:05.380 --> 00:08.920
And in this video, we're going to learn a little bit about the middleware in the Mongoose.

00:08.920 --> 00:13.780
In the last video we saw that how middleware can happen between the express routes, but it can also

00:13.780 --> 00:16.390
happen in the mongoose and tons of other libraries, too.

00:16.750 --> 00:20.170
We're going to combine this with the video where we are going to write code even as well.

00:20.170 --> 00:24.520
We're going to do a solution in this video only because I think this is a short one to explain this

00:24.520 --> 00:25.000
stuff.

00:25.300 --> 00:29.710
Okay, so let's go into the mongoose and you might already be seeing the middleware here as well.

00:29.710 --> 00:32.290
So it is available here and you can read that in Express as well.

00:32.290 --> 00:33.370
It's really the same.

00:33.490 --> 00:37.210
So what the middleware is going to do in the case of Mongoose.

00:37.240 --> 00:41.860
Now remember, Mongoose helps you to write schema as well as save that schema into the MongoDB.

00:41.890 --> 00:45.810
So it gives you mainly two types of middleware which is pre and post.

00:45.820 --> 00:50.290
Now some people you are going to see, they call it as lifecycle hooks, which is also a correct term.

00:50.290 --> 00:53.440
There is no no point in arguing that part.

00:53.440 --> 00:54.460
So we can have that.

00:54.460 --> 00:59.140
Now notice here there are types of middleware which are given to you by Mongoose as well, like validate,

00:59.140 --> 01:02.050
save, remove, update one, delete and initialize as well.

01:02.170 --> 01:04.420
We won't be going in that much of depth right now.

01:04.420 --> 01:07.090
Our focus is only onto the pre and the post.

01:07.090 --> 01:09.700
Yes, you can handle the errors and then synchronous all of that.

01:09.700 --> 01:14.230
But let me show you what happens in the pre one and after that the post one will be self explanatory

01:14.230 --> 01:14.800
to you.

01:14.890 --> 01:19.600
So notice here in the pre one it says that hey, you can define your schema like this dot, dot, dot

01:19.600 --> 01:25.120
means whatever you decide to have first name, last name, whatever you want to have it, you can have

01:25.120 --> 01:25.450
it.

01:25.450 --> 01:27.190
Now I'm saying schema dot pre.

01:27.190 --> 01:32.410
So whatever the schema you are creating, we are simply saying hey now we are saying dot pre and by

01:32.410 --> 01:36.370
the term schema here means that whatever the object that you are creating you can actually inject on

01:36.370 --> 01:36.520
that.

01:36.520 --> 01:41.880
So user dot pre or whatever you are saying inside that we pass on a hook which is save.

01:41.890 --> 01:45.550
This is basically an event like save is obviously a common event.

01:45.550 --> 01:51.340
So before just hitting the save, use this pre so what we can do we can write a function and the only

01:51.340 --> 01:56.080
thing that you have to worry about here is it doesn't accept the arrow function, so you have to use

01:56.080 --> 02:00.280
the function keyword itself, make sure there is a next being included here as well.

02:00.280 --> 02:03.970
And when the things are being done you can use the next, so do this stuff.

02:03.970 --> 02:08.500
So what I have to do this stuff here is simply take the password from the model which is being passed

02:08.500 --> 02:11.440
on to us and we just simply have to encrypt it.

02:11.440 --> 02:12.070
So that's it.

02:12.070 --> 02:13.180
That's all we have to do.

02:13.330 --> 02:19.660
Now, the bigger question is we can do that here, here at this page where the post is happening.

02:19.660 --> 02:24.430
So just after checking the user exist or not, we can actually go ahead and encrypt it here or we can

02:24.430 --> 02:25.960
write it into the module file.

02:25.960 --> 02:27.310
Both of them are correct.

02:27.310 --> 02:31.660
It just the personal perspective here, but the question is how we are going to encrypt it.

02:31.660 --> 02:32.650
That is the question now.

02:32.650 --> 02:34.630
There are so many ways to encrypted it.

02:34.990 --> 02:39.790
We're going to go to NPM JS and you're going to find that a lot of people like to use some of the crypto

02:39.790 --> 02:40.540
packages.

02:40.540 --> 02:46.090
So if I go ahead and say crypto, if I can write that, correct crypto.

02:46.510 --> 02:51.490
So crypto packages are available like crypto JS and all of that, and they can help you to actually

02:51.490 --> 02:54.760
encrypt the data based on what kind of algorithm you are using.

02:55.030 --> 03:00.160
You can pass on a nonce and the message I wouldn't be talking too much and the hash digests and nonce

03:00.160 --> 03:02.920
and all of that don't want to make it a cryptography class.

03:03.130 --> 03:04.990
So this is one way of doing it.

03:04.990 --> 03:11.770
But if you are going to search for B script, which is really an insanely popular package, B script

03:11.770 --> 03:12.250
and B script.

03:12.250 --> 03:14.520
JZ Both we are going to use the script.

03:14.530 --> 03:17.260
JS Because it is built on top of B script.

03:17.290 --> 03:22.810
Now B script is just a library to encrypt, but B script G is actually is more compatible and that's

03:22.810 --> 03:25.000
why you see insane crazy weekly download.

03:25.000 --> 03:28.450
It is kind of designed for these kinds of situations where we are facing.

03:28.450 --> 03:30.790
We are not the only one who wants to encrypt the password.

03:30.790 --> 03:32.170
There are tons of other people.

03:32.380 --> 03:34.990
So how the usage actually works, really simple.

03:34.990 --> 03:40.300
You just install it and just require it, and once you have required it, then you can go ahead and

03:40.300 --> 03:45.160
use as encryption or you can just go ahead and do all the kinds of encryption that we want.

03:45.160 --> 03:48.550
So what we'll be doing is we'll be using a hash onto it.

03:48.550 --> 03:55.450
So let me just try to find it once we have a script and then we are going to use something like not

03:55.450 --> 03:59.560
the hash sink, but we'll be using the direct hash itself and we'll be working on that.

03:59.830 --> 04:00.140
Okay.

04:00.190 --> 04:06.160
So the the biggest interesting thing about it that I wanted to show you is that you can use a big script

04:06.160 --> 04:09.070
dot compare, which is actually used to check the password.

04:09.070 --> 04:10.600
We don't want to just encrypt it.

04:10.600 --> 04:15.010
We later on want to check whether the password has whatever the login feature is.

04:15.010 --> 04:16.390
User will enter the password.

04:16.390 --> 04:21.010
We also want to check that by encrypting it that it matches with the whatever the encrypted password

04:21.010 --> 04:25.600
we have stored in the database and this entire library is built around that so we don't have to worry

04:25.600 --> 04:26.230
too much.

04:26.920 --> 04:30.370
So moving on, we get the idea that how we are going to do it, let's copy that.

04:30.370 --> 04:38.110
Move back up here and close this one and now let's go ahead and install decrypt JS shouldn't take much

04:38.110 --> 04:40.990
of the time and we can start running the dev server up here.

04:41.170 --> 04:41.430
Okay.

04:41.530 --> 04:42.460
How are we going to do that?

04:42.460 --> 04:43.210
Really simple.

04:43.210 --> 04:44.350
We have done it so many times.

04:44.350 --> 04:45.430
Shouldn't be a big deal.

04:46.180 --> 04:53.680
So first let's just go ahead and use B script and that is going to be required.

04:55.390 --> 05:03.160
Four from be correct DJs once this is being required, will go back onto the existing user.

05:03.160 --> 05:09.070
So we have checked whether the user is existing or not and after that all we've got to do is go ahead

05:09.070 --> 05:10.240
and encrypt that.

05:10.240 --> 05:13.270
So once this is all done, we have checked everything.

05:13.270 --> 05:15.040
Now let's go ahead and encrypt the password.

05:15.040 --> 05:20.170
So let's call this one as my encrypt password or whatever you want to call that.

05:20.230 --> 05:24.370
Now how we're going to design this one, that is the most interesting thing.

05:24.370 --> 05:29.890
Now, again, we haven't yet designed this one, so we can actually go ahead and call it as const or

05:29.890 --> 05:31.720
let however you like to go with that.

05:31.900 --> 05:36.730
Now, this is going to take an A wait again because it might take a little bit of time.

05:36.730 --> 05:41.530
Whenever you encrypt that, it goes through a round of algorithms and it might take a little bit time,

05:41.530 --> 05:43.930
not too much as database, but sometimes it takes.

05:44.200 --> 05:49.540
So if you go ahead and say, hey, I want to use the script and you put a dot, it has so many of the

05:49.540 --> 05:54.970
features like compare, compare, sync, decode, get the salt hash and a whole lot of other things.

05:54.970 --> 05:59.650
We're going to use just the hash because we obviously want to create the hash, the password that we

05:59.650 --> 06:01.120
grabbed from request body.

06:01.120 --> 06:05.020
And then you can go ahead and mention that how many iterations you want.

06:05.020 --> 06:10.180
The number here is how many rounds of that algorithm I have to do to encrypt it.

06:10.180 --> 06:14.680
And the more that is better, but don't do it too much because it might take some time.

06:14.680 --> 06:20.680
And sometimes even the storage capacity of particular unit or particular property in the MongoDB might

06:20.680 --> 06:21.310
exceed there.

06:21.310 --> 06:24.790
So ten is usually the good number of length to generate that.

06:25.150 --> 06:25.550
Okay.

06:25.600 --> 06:30.130
This is actually you can see here as well the salt lend to generate the salt to you.

06:30.130 --> 06:33.070
So this is basically it don't want to make it too cryptic up here.

06:33.490 --> 06:35.170
Okay, so now this is all done.

06:35.860 --> 06:40.960
So let's go ahead and construct a user because this is the object that we'll be handling over to Mongoose

06:40.960 --> 06:43.000
that, hey, just go ahead and save this one.

06:43.090 --> 06:49.570
So we're going to go ahead and say this a await and let's go ahead and use this model.

06:49.570 --> 06:55.330
So user and basically let me let me make it a little bit more simpler so that it's easier for you to

06:55.330 --> 06:55.960
understand.

06:55.960 --> 07:00.730
So we're going to take this model and we're going to say that, hey, I want to go ahead and simply

07:00.730 --> 07:01.390
create one.

07:01.390 --> 07:04.690
So this is the command to create a template that command a function.

07:04.690 --> 07:07.120
And inside this you have to pass on an object.

07:07.210 --> 07:12.730
Our object is going to be heavily, not heavily entirely dependent on the user that we have created

07:12.730 --> 07:13.390
here, the model.

07:13.390 --> 07:16.210
So first name, last name, email, password, token.

07:16.210 --> 07:18.400
We'll do we'll do something about it in a minute.

07:18.670 --> 07:18.860
Okay.

07:18.940 --> 07:19.900
So let's go up here.

07:19.900 --> 07:20.680
Sorry.

07:20.680 --> 07:21.370
There we go.

07:21.460 --> 07:26.530
So first we go ahead and say, hey, we have this first name, then we go ahead and say, hey, we have

07:26.530 --> 07:27.550
this last name.

07:27.850 --> 07:33.040
Then we go ahead and simply say, hey, we have this email, and then we simply go ahead and say, Hey,

07:33.040 --> 07:39.400
we also have this password, but this time the password, we have changed it to my encrypted password.

07:39.400 --> 07:42.460
So password will be replaced by the encrypted one and that's it.

07:42.490 --> 07:49.210
Now you will also notice that sometimes people go ahead and change this email to email to lower case

07:49.210 --> 07:49.540
command.

07:49.540 --> 07:52.840
So just me know it's not going to do that to lowercase.

07:52.840 --> 07:53.440
So there we go.

07:53.440 --> 07:56.530
It just a basic JavaScript function to just lowercase the entire email.

07:56.530 --> 08:00.220
Maybe user has entered it in a kind of weird casing and all of that.

08:00.220 --> 08:03.250
So this will actually be responsible for creating that.

08:03.250 --> 08:08.080
Now, further down the road, I told you that anything that happens with the mongoose, it's actually

08:08.080 --> 08:09.300
a dot then dot cat.

08:09.340 --> 08:10.930
So basically it's a promise.

08:10.930 --> 08:13.630
But you can go ahead in this way also.

08:13.630 --> 08:18.490
And another way of handling this situation is actually hold that into a variable just like that.

08:18.490 --> 08:23.020
But since it's a database operation, so we have to go ahead and do a wait totally up to you.

08:23.020 --> 08:24.700
Both methods are same.

08:24.700 --> 08:27.760
Use a dot, then dot catch however you want to go.

08:27.760 --> 08:29.830
That could be much more easier than this.

08:30.160 --> 08:32.080
Okay, so this is all done.

08:32.080 --> 08:35.710
We have saved the user yet, but the job is not done.

08:35.710 --> 08:41.500
Because if I go back up here onto the presentation, I've said that take care of the password.

08:41.500 --> 08:42.340
We have done that.

08:42.340 --> 08:46.570
Now we have to either generate that token or send the success message.

08:46.570 --> 08:50.470
I prefer to not send the success message because that would be easier.

08:50.470 --> 08:54.820
I will choose the little bit of path here to generate token because obviously we haven't talked about

08:54.820 --> 08:55.480
the token yet.

08:55.480 --> 08:56.530
So it's time now.

08:56.530 --> 08:58.870
Let's go ahead and talk about the tokens.