WEBVTT 00:05.190 --> 00:07.040 Hi everyone welcome back. 00:07.050 --> 00:09.150 So in this video we're going to complete. 00:09.150 --> 00:14.260 Finally the last word of the API and we're going to test it and see how it would work. 00:14.470 --> 00:16.130 So let's get started. 00:16.140 --> 00:18.080 We have lots of things to cover. 00:18.240 --> 00:21.100 Now a couple of things from the previous video. 00:21.180 --> 00:27.400 The first thing is in this password over here then this password the hash password function expects 00:27.630 --> 00:31.640 UTF 8 encoded string. 00:31.680 --> 00:34.150 So we have to do in encode here. 00:34.380 --> 00:37.580 And then we would encourage it to UTSA it. 00:37.820 --> 00:43.330 So there's just an additional thing to do to add to this password right here. 00:43.410 --> 00:45.770 But other than that should be fine to. 00:45.980 --> 00:48.230 Now the next thing is. 00:48.410 --> 00:48.830 OK. 00:48.840 --> 00:54.590 So we also need to look at the API for the resource store. 00:54.620 --> 01:02.290 So we're also going to add API and resource at store slash store. 01:02.990 --> 01:08.010 And then another thing that we missed in the previous videos that we forgot to implement the varify 01:08.010 --> 01:11.580 password and they count tokens of function. 01:11.580 --> 01:14.320 So let's implement them here. 01:14.520 --> 01:20.700 So we'll start with the very password passwords so to find verifying password with a username and password 01:21.990 --> 01:26.820 and then this is how the function is going to look like so we're going to do users so users it is the 01:26.820 --> 01:28.360 collection with the users. 01:28.550 --> 01:35.670 And so we're going to say hashed password and we're going to get the hash password is users not find. 01:35.910 --> 01:45.270 And then I want the user with username to be username and I also want to act so it says this is going 01:45.270 --> 01:50.400 to return an array of users but there's only one user with this user names on when to get the first 01:50.400 --> 01:52.580 user zero element. 01:52.650 --> 01:55.250 And then I'll also get the password right. 01:55.320 --> 01:59.190 There was a field called password stored for that user. 01:59.300 --> 02:04.800 And so now with that to verify the first from the Crypt are going to come here and then we we're going 02:04.800 --> 02:09.360 to say if encrypt the hash password is this print it matches. 02:09.390 --> 02:10.890 Else it doesn't match. 02:10.890 --> 02:15.780 So I'm going to copy this line over here from from the Crypt Web site. 02:15.970 --> 02:18.350 So it's going to say go come here. 02:18.540 --> 02:25.130 Then we say if the crypt the hash password and then the password here again has to be coded so in code 02:25.740 --> 02:29.100 UTF 8 UTF 8. 02:29.310 --> 02:33.440 And then the hash here is the hashed password so hashed password. 02:33.450 --> 02:37.350 So if the password that the user set sends me if I hash it. 02:37.350 --> 02:40.820 And it ends up being the same as hash password. 02:40.950 --> 02:42.800 Then I return true right. 02:42.810 --> 02:48.550 This is return true says not C++ else. 02:49.200 --> 02:49.880 OK. 02:50.190 --> 02:53.280 Else we return false. 02:53.640 --> 02:54.120 OK. 02:54.150 --> 02:59.430 So the hash matches then indeed this user name matches this password. 02:59.490 --> 03:02.200 But if it doesn't then we return false. 03:02.280 --> 03:06.810 So this is for the first one the second one is to count the number of tokens a user have. 03:06.990 --> 03:10.010 So it's defined count tokens. 03:10.080 --> 03:10.670 OK. 03:10.680 --> 03:18.400 And then we take a user name as an input and then we say tokens is equal to users that find. 03:18.680 --> 03:24.760 And so we want the user with a username user name. 03:25.440 --> 03:32.090 And then we want to access the first user of that and we want to access that tokens element. 03:32.420 --> 03:37.880 So when we return tokens this just returns the number of tokens that is left for this user. 03:38.310 --> 03:38.910 OK. 03:39.150 --> 03:42.270 So hopefully this should be fairly straightforward. 03:42.840 --> 03:43.370 OK. 03:43.470 --> 03:49.690 So now we are ready with this store and register to simulate some news. 03:49.700 --> 03:51.560 Let's let's try and do that. 03:51.720 --> 03:59.560 So let's first save and then we'll go to a doctor and then we must clear this and then let's do Sudhakar 03:59.610 --> 04:04.700 compose build first and then we do pseudo-ID combos up. 04:04.780 --> 04:06.300 OK so up. 04:07.340 --> 04:10.850 And then now it should be working fine there shouldn't be any problems. 04:10.870 --> 04:15.800 So make sure there's that the server is running and let's go to postman. 04:15.820 --> 04:17.920 So the first thing is we want to register. 04:17.920 --> 04:21.860 Right so we're going to go to localhost 5000 slash register. 04:22.240 --> 04:24.540 And I want to register my my user name. 04:24.550 --> 04:32.060 Right so I'm going to send a son with the username as let's say my name's of Farouk. 04:32.470 --> 04:40.870 And then for my password I say Allah I'm not very tech or he doesn't want to and went to 3 x y is it. 04:40.910 --> 04:48.160 Gates That's my password and then I sent just last register and it tells me message you successfully 04:48.160 --> 04:54.620 signed up for the API status 200 So we have successfully got into the API. 04:54.760 --> 04:59.840 So now let's say I want to store a sentence so I go to you go back to our API. 04:59.860 --> 05:01.780 We do it as Slash store. 05:02.020 --> 05:10.260 So I go here and I do slash door and then this time I need to send my username password and Ascendence. 05:10.270 --> 05:18.350 So a sentence and then that's going to be this is super secret centers again. 05:18.390 --> 05:25.030 So this is the sentence that I'm going to be storing in my database in the API and then I send that 05:26.080 --> 05:34.230 and then it tells me a message saved successfully status 200 so successfully saved this message two 05:34.320 --> 05:36.240 to the database. 05:36.460 --> 05:41.290 Now the final thing that we need to implement is as you might have guessed is the last one to retrieve 05:41.290 --> 05:42.640 sent over here. 05:42.790 --> 05:44.290 So we need to implement that once. 05:44.290 --> 05:51.730 Let's go back now to the final thing is we have class restore are the same things you can call and get 05:52.430 --> 05:53.950 resourced. 05:54.400 --> 06:02.450 And then as we said it's only going to be a get requests we're going to do define and then get that 06:02.450 --> 06:06.460 self and then the first thing is we get the posted data. 06:06.460 --> 06:11.080 So how do we get the post in the you know what we always do with the same way request duck get Jason 06:11.090 --> 06:13.490 so just copy this from here. 06:14.000 --> 06:20.520 So we copy this and read paste it here as opposed to here is equal to request you use. 06:20.690 --> 06:23.050 Now what does the user send me from here. 06:23.050 --> 06:25.330 He says the user name and the password. 06:25.430 --> 06:36.750 So I do a username is equal to posted data username and password is equal to posted data. 06:37.070 --> 06:42.660 It's posted data and password. 06:42.710 --> 06:47.400 Now I'm going to verify first that this is indeed the user so I'm going to. 06:47.510 --> 06:54.650 So just like we're we're we have here verify the user name and password match so I can copy this here 06:55.130 --> 06:55.720 right. 06:55.730 --> 06:59.780 This also handles the verification of the user name and password. 06:59.780 --> 07:01.440 So that's. 07:01.460 --> 07:04.530 So this should go backwards a little bit. 07:05.490 --> 07:06.340 OK. 07:06.530 --> 07:13.250 So let's shift tap and then use the correct password is verified password username and password so the 07:13.250 --> 07:14.480 user name matches. 07:14.690 --> 07:16.150 Then I. 07:16.320 --> 07:17.260 It doesn't match. 07:17.250 --> 07:21.820 And I returned 3 0 2 and I returned the the Jason. 07:22.070 --> 07:29.750 If however it doesn't match then I also check that he has enough tokens right so I copy this to. 07:29.780 --> 07:32.530 So I have to verify that he has enough tokens. 07:32.930 --> 07:33.590 Right. 07:34.040 --> 07:40.310 So I get all error checking and you can add this into one function if you like if that makes it better 07:40.310 --> 07:41.230 for you. 07:41.570 --> 07:48.740 So we shift out this backwards of number of tokens miscount tokens for this your name and the number 07:48.740 --> 07:52.550 of tokens less than zero then hey you need to buy some extra tokens. 07:52.610 --> 07:54.110 So three on one. 07:54.770 --> 07:56.390 And then if this is not the case. 07:56.400 --> 08:04.700 And finally I can retrieve his sentence and the sentence is equal to users do not find. 08:04.700 --> 08:13.790 So I want to find the user with the username username and then that's it. 08:13.790 --> 08:15.120 So that's the criteria. 08:15.140 --> 08:21.090 And then I want to get the first user and I want to get the sentence so sentence. 08:21.140 --> 08:27.530 So now I got his sentence and then now I can prepare his sentence for him so I can say returned Jaison 08:27.590 --> 08:31.260 is equal to a dictionary. 08:31.310 --> 08:33.970 So first of all the status is 200. 08:33.980 --> 08:36.520 So congratulations you actually did it. 08:36.550 --> 08:39.450 You know you succeeded and the message. 08:39.460 --> 08:40.760 So we're going to go. 08:40.820 --> 08:47.850 Message is the sentence or less say even the sentence is sentence. 08:48.330 --> 08:56.050 So the South is that we got from the database so we save that and it should be return return. 08:56.140 --> 09:01.180 Jason if I sign if I return Jason. 09:01.460 --> 09:02.080 OK. 09:02.180 --> 09:10.800 So we see that finally and we want to send it to you to test it to see if if if it will return my feel 09:10.870 --> 09:13.400 we'll return my sentence that I stored or not. 09:13.550 --> 09:14.030 OK. 09:14.150 --> 09:18.850 So I'll say this and then now we closed AUKer and we opened it again. 09:19.040 --> 09:21.680 So behold and then Doc up 09:24.300 --> 09:25.000 OK. 09:25.300 --> 09:29.910 So no problems Me no syntax errors at least. 09:29.910 --> 09:34.610 And so you can go here into. 09:34.840 --> 09:42.110 And of course we forgot the important thing is to register the resource right so API and resource right 09:42.180 --> 09:46.550 so we forgot about that get and then slashed get. 09:46.580 --> 09:49.770 If you remember in the original one we said that slashed it. 09:50.110 --> 09:53.890 So let's go back to the dot slash get. 09:53.890 --> 09:54.900 And that should be it. 09:54.910 --> 09:59.750 So let's rerun Dharker again rebuild and rerun. 09:59.830 --> 10:07.080 So build and up with there should be no problems no syntax errors. 10:07.080 --> 10:12.450 If you notice here the database prints a lot of debug messages. 10:12.450 --> 10:14.900 By the way the main one here is Web. 10:14.940 --> 10:15.260 Right. 10:15.270 --> 10:21.320 This is the main flask application and then it's running at this and it's running and no problem. 10:21.670 --> 10:28.450 So now I go here and then I want to log in so it's Faruq and 2:59 x y Zed right. 10:28.460 --> 10:33.400 So that's my username and password and I want to get my password back. 10:33.450 --> 10:34.380 So I said 10:37.030 --> 10:38.390 go and of course. 10:38.410 --> 10:38.850 OK. 10:38.860 --> 10:43.960 So we've actually missed that totally because here this shouldn't be actually get. 10:43.960 --> 10:45.310 This should be post right. 10:45.330 --> 10:51.300 So this should be post and not get because the user is sending us the username and password right. 10:51.460 --> 10:56.620 So he's posting to us something so we totally missed that in the chart so this should be and this is 10:56.620 --> 10:57.010 wrong. 10:57.040 --> 11:01.450 This should be postholes because the user is sending us some information. 11:01.790 --> 11:02.190 OK. 11:02.220 --> 11:03.980 So let's correct this. 11:04.000 --> 11:06.040 So this correction shouldn't be very hard. 11:06.040 --> 11:10.260 We just changed this get to a post and we save that. 11:10.480 --> 11:12.080 We rebuild everything. 11:12.130 --> 11:19.320 So build and up and so now there should be no problem. 11:19.310 --> 11:21.720 Hopefully their server is running. 11:22.090 --> 11:29.390 And then we we get the sentence. 11:29.560 --> 11:35.110 OK so the problem was actually in this come over here so there was an additional coming year which was 11:35.110 --> 11:36.600 ruining lots of stuff. 11:36.790 --> 11:42.520 So once we delete this come over here so this code should work as it is there is no any problems with 11:42.520 --> 11:46.340 the code it's just there was this common problem here. 11:46.510 --> 11:52.810 So if I if I try a user name as Faruq and my password is 23 x y is dead. 11:52.990 --> 11:54.550 And then it should work now. 11:54.550 --> 11:58.750 So there's some debugging and it turns out it was just the comma that was the problem. 11:58.930 --> 12:02.720 So there should be no more problems from now on hopefully. 12:02.930 --> 12:13.180 So if we try and first let's close darker and then we build them up again and then. 12:13.210 --> 12:14.940 So it should be working now. 12:16.490 --> 12:18.940 So make sure that the server is running and it's running. 12:18.940 --> 12:24.410 You need to be Gohier and re go and slash get. 12:24.610 --> 12:28.930 And then this time we get that the sentence is a status go it is 200. 12:28.960 --> 12:31.270 And this is actually the sentence that I stored. 12:31.270 --> 12:35.760 Right so if you remember I store the sentence This is supersecret sentence. 12:35.830 --> 12:37.860 This is a supersecret sentence. 12:37.960 --> 12:39.970 So actually the service works though. 12:40.090 --> 12:43.250 I can now get and rebind. 12:43.870 --> 12:46.080 So we have three three features right. 12:46.090 --> 12:51.590 I can register I can store and I can get some information on the database and I paid. 12:51.600 --> 12:51.990 OK. 12:52.180 --> 12:57.070 But if you notice you know we forgot to do a very important thing and it is to take away some money 12:57.070 --> 13:00.540 from the from the user once he's actually done the service right. 13:00.550 --> 13:01.340 So we check. 13:01.360 --> 13:06.990 So we say the number of tokens is this and that the number of tokens is less than or equal to zero than 13:07.000 --> 13:08.590 return air. 13:09.130 --> 13:11.490 But if it's not then we never do anything right. 13:11.490 --> 13:15.220 We just give him the sentence right without making him pay. 13:15.340 --> 13:21.070 So a very important step to add here that we forgot is to make the user pay. 13:21.070 --> 13:26.860 Right and that's why you're probably making the FBI or you might be just making it to help other people 13:26.860 --> 13:29.110 but you should make the user pay. 13:29.290 --> 13:33.330 If you in this case read because we make these You're pay you into to. 13:33.610 --> 13:33.970 Right. 13:34.090 --> 13:37.800 So how can we do it here well if you remember we just did. 13:37.800 --> 13:38.940 Replaced this year. 13:38.960 --> 13:43.700 So we're going to copy this update and that and then we're going to come down here. 13:44.050 --> 13:47.980 And so what we're going to do is first line this correctly. 13:47.980 --> 13:53.700 So shift it out and then we're going to search for the user with this username and we're going to set 13:53.710 --> 13:58.600 the number of tokens as minus is or is not we're not going to replace this sentence right we're going 13:58.600 --> 14:00.750 to leave the sentence as it is. 14:00.790 --> 14:07.030 So we're going to leave this one but then we're going to set the number of tokens as tokens minus one. 14:07.180 --> 14:10.150 So now we took away from him one too. 14:10.540 --> 14:17.620 So if I say this for years now I can save this in and set his token to be this and that if I use the 14:17.620 --> 14:21.430 service many times it should stop me from accessing it. 14:21.460 --> 14:23.570 So let's let's actually test. 14:23.640 --> 14:26.710 So we will we all closed on. 14:26.780 --> 14:31.870 Again we build them up. 14:32.160 --> 14:35.470 There should be no problems because we only added this line here. 14:35.610 --> 14:37.430 The server is actually running. 14:37.590 --> 14:37.860 OK. 14:37.860 --> 14:44.170 So let's try to abuse the system so I'll try to keep get get get get get get. 14:44.190 --> 14:45.510 So this is my sentence. 14:45.510 --> 14:48.990 Let's actually you know what let's actually try to input the wrong password. 14:48.990 --> 14:50.900 So one two three exercise. 14:51.080 --> 14:52.350 And then on the space. 14:52.380 --> 14:52.850 Right. 14:52.940 --> 14:57.940 So if we do this then we get status 3 0 to 1 status 3 or 2. 14:57.990 --> 15:00.780 Well that means invalid username and password. 15:00.930 --> 15:02.250 So it does work. 15:02.280 --> 15:02.860 OK. 15:03.030 --> 15:08.530 So let's go back here and then we put the correct password. 15:08.640 --> 15:10.410 And then we keep abusing the system. 15:10.480 --> 15:14.060 We want to keep getting my supersecret Sundin's right. 15:14.160 --> 15:20.160 So I'll keep doing this and if you remember we gave each person only 10 tokens and that's it. 15:20.160 --> 15:24.470 So now once I've used my 10:02 I got a 301 code. 15:24.470 --> 15:25.780 So what is 301. 15:25.800 --> 15:32.870 Well that means I'm out of tokens and I need to buy some extra tokens so that will be it for this API 15:32.880 --> 15:38.520 and you've seen how we've you know started from nothing and we've built basically been building an API 15:38.530 --> 15:44.020 I won our US resource at a time and how we can really do this. 15:44.070 --> 15:49.240 If you add just a few extra checks of course we mentioned a lot of checks here. 15:49.260 --> 15:52.490 So this area needs a lot of checking actually. 15:52.620 --> 15:55.710 And most of these areas just to make sure that the user are sending you. 15:55.710 --> 15:57.000 Perfect. 15:57.230 --> 16:04.650 You have basically been built a real world API that you can deploy on the server and you can start making 16:04.650 --> 16:10.300 people pay you for for giving you money for it for just using your API calls. 16:10.410 --> 16:16.150 So nobody can access your API unless he pays for something right for it for your API. 16:16.510 --> 16:22.630 And yeah it wasn't a very it was very short it was just hundred fifty five lines of go to her probably 16:22.650 --> 16:26.720 can make it much much shorter but we've copied a bunch of code right. 16:26.720 --> 16:32.970 You can you can you can do a lot of improvements here we've been just lazy in copying lots of gold which 16:32.970 --> 16:34.790 is not usually a good thing to do. 16:34.800 --> 16:41.580 But for the sake of this very small simple API it shouldn't be too bad for it. 16:41.970 --> 16:46.900 And another thing is as we said lots of things you can improve on it. 16:47.160 --> 16:57.060 And as it's standing You might also want to link somehow a payment to gates so that once a user pays 16:57.360 --> 17:03.510 his number of tokens is automatically Cree's dries and you can do like a gate that once it's successful 17:03.510 --> 17:08.660 then it calls some function here and then that that makes its tokens higher. 17:08.660 --> 17:09.100 Right. 17:09.210 --> 17:12.470 So actually we gave him six tokens not 10. 17:12.480 --> 17:16.500 So that's why trend very quickly in Postman. 17:16.990 --> 17:18.950 But that will be it for this API. 17:18.960 --> 17:20.280 So this can be good. 17:20.280 --> 17:27.450 You know there's actually versions of this API out there that people are charging money for Ensco database 17:27.960 --> 17:28.440 service. 17:28.440 --> 17:31.880 So you're basically paying per day and access. 17:31.880 --> 17:37.050 So if you try to store something on their database or access your data and you have to pay some amount 17:37.050 --> 17:37.790 of money. 17:37.860 --> 17:39.180 So that's exactly what we did. 17:39.180 --> 17:41.030 But on a much smaller scale. 17:41.100 --> 17:46.350 So yeah I hope that you found this project code and we'll move onto the next project. 17:46.350 --> 17:48.720 So until the next venue I become an.