WEBVTT

00:03.790 --> 00:05.250
Hey, did everyone they share?

00:05.260 --> 00:07.000
And welcome to another video.

00:07.030 --> 00:09.460
Now, in this video, we are going to learn something different.

00:09.460 --> 00:13.200
And I'm pretty sure most of you haven't talked much onto this one has a big night?

00:13.220 --> 00:14.110
We don't really.

00:14.110 --> 00:15.970
But let's go ahead and work on with that.

00:16.150 --> 00:20.950
So the idea in front of us is somebody who is going to try to save the field, is obviously going to

00:20.950 --> 00:23.890
send us a password in the string format, which will be clear text.

00:23.980 --> 00:26.710
We don't want to store this into a clear text format.

00:26.710 --> 00:29.260
So obviously we want to have an encryption there around.

00:29.260 --> 00:31.780
So how we're going to work with the encryption, pretty simple.

00:31.780 --> 00:33.040
We just need to encrypt that.

00:33.040 --> 00:37.630
First, let's bring and bring up the libraries that will help us to encrypt this password.

00:37.660 --> 00:39.190
We have already worked with that.

00:39.400 --> 00:44.140
So this is B script and we are going to require B script.

00:44.140 --> 00:50.590
JS already worked with that, so shouldn't be a big deal, but what's the big deal is how we are going

00:50.590 --> 00:51.970
to accomplish this task.

00:51.970 --> 00:56.860
So again, once the B script is available to you, make sure you define all of your models before exporting

00:56.860 --> 00:57.340
this.

00:57.790 --> 01:00.520
I cannot stress mode mode onto this one.

01:00.550 --> 01:03.640
I've seen so many people struggling on this path, so please don't do that.

01:03.790 --> 01:12.210
So let's go ahead and call this one as encrypt password before save before save.

01:12.650 --> 01:12.810
Okay.

01:12.970 --> 01:14.830
So how do we actually work on with this one?

01:14.830 --> 01:18.610
This entire functionality is actually rather comparatively easy.

01:18.610 --> 01:24.460
All you got to do is you hook onto something which is a lifecycle event and there are lots of lifecycle

01:24.460 --> 01:29.800
events, the pre and the post actually there are just two pre in the post and we can perform some of

01:29.800 --> 01:31.630
the functionality based on these hooks.

01:31.900 --> 01:36.220
So we're going to say this user schema again, whatever you are naming your schema, you have to hook

01:36.220 --> 01:36.820
on to this one.

01:36.820 --> 01:38.320
This is known as document.

01:38.320 --> 01:42.910
So onto this one, if I go ahead and say, hey, Dot, again, there are lots of fields, virtualize

01:42.940 --> 01:44.290
and a whole bunch of other things.

01:44.290 --> 01:47.020
We are interested in only the pre events or the pre.

01:47.020 --> 01:53.110
That means just before saving this and there can be a lot of things you have to explicitly mention that

01:53.110 --> 01:56.020
what I'm looking for pre is this pre save event.

01:56.140 --> 01:58.300
Now after this we want to run something again.

01:58.300 --> 02:00.190
You cannot use arrow functions in here.

02:00.310 --> 02:03.910
This is kind of a thing with the mongoose just exactly here at this.

02:03.910 --> 02:05.140
You cannot use it.

02:05.290 --> 02:10.390
And since this might take some time, I told you a B script can take a little bit of a second to encrypt

02:10.390 --> 02:10.720
this one.

02:10.720 --> 02:14.290
So it is always a great, great idea to have an async function here.

02:14.350 --> 02:16.000
So this is a sync function.

02:16.000 --> 02:16.570
There we go.

02:16.570 --> 02:20.770
And again, make sure you pass on next to here, because once this is all done, it needs to pass on

02:20.770 --> 02:24.130
the chain to somebody else that, hey, continue whatever you were doing up here.

02:24.310 --> 02:25.150
There we go.

02:25.960 --> 02:26.230
Okay.

02:26.470 --> 02:28.060
How we are going to encrypt this one?

02:28.060 --> 02:28.810
Really simple.

02:28.810 --> 02:31.180
We first say, hey, this dot password.

02:31.180 --> 02:33.670
So this actually can access all these.

02:33.670 --> 02:36.690
We can use this keyword here because we are using just the basic again.

02:36.700 --> 02:37.210
My bad.

02:37.360 --> 02:39.340
This is totally my bad.

02:39.340 --> 02:43.600
Not a narrow function, just that habit again.

02:43.600 --> 02:47.410
So what we can do is we can use this to access any of the property here.

02:47.410 --> 02:52.570
So what do you want to do is that if you are having this password, let's update this password field

02:52.570 --> 02:58.390
by using the script again, we have to use a wait and we'll say, Hey Bay script, just go ahead and

02:58.390 --> 03:00.790
use the hash functionality to encrypt something.

03:00.790 --> 03:03.970
What do you want to encrypt this dot password?

03:04.840 --> 03:07.270
Password and how many rotations of the encryption?

03:07.270 --> 03:08.410
Probably ten is fine enough.

03:08.410 --> 03:12.220
This is a kind of industry standard, but we have introduced a problem here.

03:12.250 --> 03:17.950
Now, what is the problem here is that every single time this document is going to save, it is going

03:17.950 --> 03:21.400
to just go ahead and take the password and is going to encrypt that.

03:21.430 --> 03:24.010
So imagine if you are updating just the rule.

03:24.010 --> 03:28.960
It will take whatever the existing password is there, even the encrypted one, and will again try to

03:28.960 --> 03:29.770
decrypt that.

03:29.770 --> 03:34.480
So again, it will create so much of the mess again by encrypting and encrypting that it's of no good

03:34.480 --> 03:35.890
use for the first time.

03:35.890 --> 03:38.590
Definitely great, but after that it's not great.

03:38.590 --> 03:43.360
So we need to read a little bit of the documentation of Mongoose to actually get away with this problem.

03:43.360 --> 03:48.160
So if I go into the documentation, if you'll read a little bit of the methods, this document means

03:48.160 --> 03:49.060
user schema.

03:49.060 --> 03:50.410
We don't need to write the prototype.

03:50.410 --> 03:52.270
We can directly hook into these methods.

03:52.420 --> 03:57.220
So if I go up here a little bit, you're going to see this on the document here.

03:57.220 --> 03:59.710
There is there are a couple of methods like A's in it.

03:59.710 --> 04:04.810
At the time of initialization, there is a method is modified and there is a method of is new.

04:04.810 --> 04:06.940
So let's have a small brainstorming session.

04:06.940 --> 04:09.910
Which one is going to be good for us, isn't it?

04:09.910 --> 04:13.690
Works at the very first time of whenever you are saving the model.

04:13.690 --> 04:19.090
So at the first time we are saving the password and it works really fine in this case because the user

04:19.090 --> 04:20.860
is giving us plaintext, we encrypt that.

04:20.860 --> 04:24.550
And after that, whenever this comes up, it's it's not going to be working.

04:24.550 --> 04:25.330
That's fine.

04:25.330 --> 04:29.110
But what about when we are working on the forgot password at that time?

04:29.110 --> 04:33.550
Also, somebody is sending us the password field and we need to encrypt that password also.

04:33.550 --> 04:37.690
So there are two times where at least we have to just change the password.

04:37.690 --> 04:42.100
So in this case this is modified field actually works better for us.

04:42.100 --> 04:47.530
So it says it returns true if any of the given path is modified.

04:47.530 --> 04:50.320
LS false if no argument returns, that means true.

04:50.350 --> 04:52.390
If any path is document is modified.

04:52.390 --> 04:57.910
So basically what it's trying to say is whenever a field, that exact field is going to come into the

04:57.910 --> 05:01.710
body or into the salvage path, then only I'm going to run the.

05:01.750 --> 05:03.400
This method, otherwise not.

05:04.030 --> 05:06.480
So let's go ahead and hit on to the Google.

05:06.490 --> 05:08.560
So let's go ahead and work on with the Google.

05:08.560 --> 05:16.180
And one thing really interesting, I wanted to show you that if you'll just search for what is is modified

05:16.180 --> 05:23.260
in Mongoose and you look forward to StackOverflow or tab nine wherever you want to, they'll give you

05:23.260 --> 05:25.300
some examples of exactly this behavior.

05:25.300 --> 05:27.190
And this is not one of a unique problem.

05:27.190 --> 05:29.260
This is kind of a common thing everybody does.

05:29.260 --> 05:30.430
So they give you this.

05:30.430 --> 05:35.350
So user schema dot pre and then save async function next again exactly same.

05:35.350 --> 05:40.720
But what you can do is now you can actually go ahead and say if this dot is modified password field,

05:40.720 --> 05:44.050
return the next what it is saying again, notice here there is an exclamation sign.

05:44.050 --> 05:49.870
So if field if this field is not being modified or being touched, then just go ahead and keep on doing

05:49.870 --> 05:50.500
the things.

05:50.770 --> 05:55.360
Otherwise, if this field is being touched, then only go ahead and encrypt the password.

05:55.360 --> 05:56.980
So this is really the basic one.

05:56.980 --> 06:01.990
So we're going to go ahead and kind of a copy this line and then we're going to be working with that.

06:01.990 --> 06:05.830
So let's go ahead and copy this line from here and go back up here.

06:05.830 --> 06:08.710
And this time we're going to go ahead and save this one.

06:09.100 --> 06:12.010
So again, this is exactly perfect and correct.

06:12.010 --> 06:13.660
There is nothing needs to be modified.

06:13.660 --> 06:18.580
But what I feel like is sometimes this can create a confusion and readability of the code.

06:18.580 --> 06:20.230
Maybe beginners are working on that.

06:20.230 --> 06:21.730
So I'll just add it to this one.

06:21.730 --> 06:27.850
So it makes really clear to them that, hey, if this field is modified again, we are calling this

06:27.850 --> 06:29.680
as password, so no need to change that.

06:29.680 --> 06:33.520
So if the password is modified again it is an exclamation.

06:33.520 --> 06:38.920
So if the password field is not modified, then go ahead and keep on doing whatever you are doing.

06:39.190 --> 06:45.160
Otherwise that means if this field is modified or somehow it is being changed, then go ahead and encrypt

06:45.160 --> 06:45.610
that.

06:45.610 --> 06:47.320
So again, I hope this is very clear.

06:47.320 --> 06:52.420
So the very first time again we are modifying this field, that means we are passing the password.

06:52.420 --> 06:54.220
That means go ahead and encrypt that.

06:54.340 --> 06:57.640
In the case of forgot password, also we are passing on this field.

06:57.640 --> 06:59.170
That means we are modifying this field.

06:59.170 --> 07:00.640
So go ahead and encrypt that.

07:00.640 --> 07:06.580
In all other case where you are just touching the photo or the role or the name or the email, please

07:06.580 --> 07:08.380
don't do anything in the password field.

07:08.410 --> 07:12.940
So this is exactly what we needed and thus we have done a great discussion on this one.

07:13.000 --> 07:14.470
So again, really a basic one.

07:14.470 --> 07:16.510
Again, make sure you pass on this return next.

07:16.510 --> 07:18.370
Otherwise it is not going to work.

07:18.610 --> 07:23.380
Okay, so it seems like all good and all happy and you have now learned about encrypting the password

07:23.380 --> 07:28.750
and some more methods on the mongoose, maybe whatever you are working there in it make more sense.

07:28.750 --> 07:32.170
Whatever the thing you are trying to achieve is modified.

07:32.170 --> 07:33.070
Make more sense.

07:33.070 --> 07:35.260
So again, you now know a little bit more about Mongoose.

07:35.260 --> 07:37.270
Let's go ahead and catch up in the next video.