Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,890 --> 00:00:04,850
So after updating, let's now also allow the current user
2
00:00:04,850 --> 00:00:07,293
to basically delete his account.
3
00:00:09,070 --> 00:00:12,069
Now when a user decides to delete his account,
4
00:00:12,069 --> 00:00:16,390
we actually do not delete that document from the database.
5
00:00:16,390 --> 00:00:20,580
But instead we actually just set the account to inactive.
6
00:00:20,580 --> 00:00:23,170
So that the user might at some point in the future
7
00:00:23,170 --> 00:00:26,910
reactivate the account and also so that we still
8
00:00:26,910 --> 00:00:29,820
can basically access the account in the future,
9
00:00:29,820 --> 00:00:33,450
even if officially, let's say it has been deleted.
10
00:00:33,450 --> 00:00:34,440
Okay?
11
00:00:34,440 --> 00:00:36,380
So to implement this, first of all
12
00:00:36,380 --> 00:00:39,430
we need to create a new property in our schema.
13
00:00:39,430 --> 00:00:40,850
So,
14
00:00:40,850 --> 00:00:42,090
let's go there.
15
00:00:42,090 --> 00:00:43,740
And now we want to have
16
00:00:45,440 --> 00:00:47,163
a field called active.
17
00:00:48,210 --> 00:00:49,043
Okay.
18
00:00:50,550 --> 00:00:52,150
Which should be of the type
19
00:00:54,370 --> 00:00:55,550
Boolean.
20
00:00:55,550 --> 00:00:57,430
Okay, and by default
21
00:00:57,430 --> 00:00:58,263
it's gonna be
22
00:00:59,170 --> 00:01:00,040
true.
23
00:01:00,040 --> 00:01:02,180
So any user that is created new
24
00:01:02,180 --> 00:01:04,430
is of course an active user
25
00:01:04,430 --> 00:01:07,300
and so the Boolean is set to true.
26
00:01:07,300 --> 00:01:11,360
Also, we do not want to show this in the output, okay.
27
00:01:11,360 --> 00:01:13,350
Because we basically want to hide
28
00:01:13,350 --> 00:01:16,077
this implementation detail from the user.
29
00:01:16,077 --> 00:01:17,260
Okay?
30
00:01:17,260 --> 00:01:19,920
And so we don't want anyone to know
31
00:01:19,920 --> 00:01:24,390
that this flag, so this active flag is here, okay.
32
00:01:24,390 --> 00:01:28,930
So we say select, and set it to false, all right.
33
00:01:28,930 --> 00:01:29,883
And so,
34
00:01:30,830 --> 00:01:33,140
to delete the user now,
35
00:01:33,140 --> 00:01:35,400
all we need to do is basically set
36
00:01:35,400 --> 00:01:38,210
that active flag to false.
37
00:01:38,210 --> 00:01:39,043
Okay.
38
00:01:40,130 --> 00:01:42,390
So let's create that function here,
39
00:01:42,390 --> 00:01:43,223
exports
40
00:01:44,170 --> 00:01:45,529
.deleteMe,
41
00:01:45,529 --> 00:01:46,930
so it was updateMe
42
00:01:46,930 --> 00:01:47,763
and now it's deleteMe
43
00:01:47,763 --> 00:01:51,614
and so we already know that we're using
44
00:01:51,614 --> 00:01:54,410
a catchAsync here, right?
45
00:01:54,410 --> 00:01:58,570
And then Async because we basically already know
46
00:01:58,570 --> 00:02:01,150
that we're gonna update the user.
47
00:02:01,150 --> 00:02:02,960
So request responds
48
00:02:02,960 --> 00:02:03,913
next.
49
00:02:06,470 --> 00:02:08,300
So, await
50
00:02:08,300 --> 00:02:10,699
User.find
51
00:02:10,699 --> 00:02:12,573
by ID and update.
52
00:02:13,800 --> 00:02:15,960
Okay, and again, of course there's only works
53
00:02:15,960 --> 00:02:18,830
for logged in users and so the user ID is
54
00:02:18,830 --> 00:02:21,617
conveniently stored at request
55
00:02:21,617 --> 00:02:23,800
.user.id.
56
00:02:23,800 --> 00:02:25,630
and the data that we want to update
57
00:02:26,680 --> 00:02:28,010
is simply active
58
00:02:28,900 --> 00:02:30,893
and set it to false.
59
00:02:31,870 --> 00:02:33,280
All right.
60
00:02:33,280 --> 00:02:37,560
Now sending back the response is also pretty easy.
61
00:02:37,560 --> 00:02:40,100
We use the 204 code
62
00:02:40,100 --> 00:02:43,280
for deleted which will then make it so that actually
63
00:02:43,280 --> 00:02:47,230
in Postman we do not even see this response, okay.
64
00:02:47,230 --> 00:02:49,830
But we still send it along with the request
65
00:02:50,770 --> 00:02:52,720
'cause that's always the best practice.
66
00:02:54,090 --> 00:02:56,610
So, it's still a success
67
00:02:56,610 --> 00:02:59,470
and then remember we don't send any data.
68
00:02:59,470 --> 00:03:01,343
So, simply set it to no.
69
00:03:02,890 --> 00:03:05,080
All right, and now of course add it
70
00:03:05,080 --> 00:03:07,193
also to all routes here.
71
00:03:08,850 --> 00:03:10,223
So that's pretty similar.
72
00:03:11,840 --> 00:03:12,880
So deleteMe
73
00:03:14,620 --> 00:03:16,420
then here deleteMe as well
74
00:03:16,420 --> 00:03:20,373
and now actually we are using the delete http method.
75
00:03:21,480 --> 00:03:24,670
Okay, and again, we will not actually delete
76
00:03:24,670 --> 00:03:26,570
a user from the database.
77
00:03:26,570 --> 00:03:30,550
But as long as the user is no longer accessible anywhere
78
00:03:30,550 --> 00:03:34,277
then it's still okay to use this http method here.
79
00:03:34,277 --> 00:03:37,663
All right, so let's try this out now.
80
00:03:38,900 --> 00:03:42,010
Okay, even though we're not 100% ready yet
81
00:03:43,080 --> 00:03:46,193
but let's still try this now.
82
00:03:47,200 --> 00:03:48,033
All right,
83
00:03:49,280 --> 00:03:50,629
so,
84
00:03:50,629 --> 00:03:51,720
deleteMe
85
00:03:51,720 --> 00:03:53,530
and it is a protected route
86
00:03:53,530 --> 00:03:55,290
and so we need to be signed in
87
00:03:56,150 --> 00:03:59,923
and so let's create our authorization header,
88
00:04:00,910 --> 00:04:03,350
Bearer Token and of course this one
89
00:04:04,640 --> 00:04:06,040
and that's actually it.
90
00:04:06,040 --> 00:04:08,730
We don't need to pass any data in the body.
91
00:04:08,730 --> 00:04:11,173
We don't need to pass any data in the URL.
92
00:04:12,010 --> 00:04:15,210
All right, because again, the only data that is needed
93
00:04:15,210 --> 00:04:18,560
is the current user ID and that one isn't coded
94
00:04:18,560 --> 00:04:21,149
inside of our adjacent web token.
95
00:04:21,149 --> 00:04:21,983
Okay?
96
00:04:23,510 --> 00:04:25,720
So what we also need to do is delete
97
00:04:26,660 --> 00:04:29,240
and yeah this should work now.
98
00:04:29,240 --> 00:04:31,830
So before we do that let's actually get the list
99
00:04:31,830 --> 00:04:33,113
of all the users.
100
00:04:34,870 --> 00:04:38,110
All right and so the one that we are deleting now
101
00:04:38,110 --> 00:04:39,533
is this last one.
102
00:04:41,060 --> 00:04:44,300
So this one that we just created in the last lecture.
103
00:04:44,300 --> 00:04:47,270
Okay, and we are working with this one
104
00:04:47,270 --> 00:04:49,710
because it's the last one who logged in
105
00:04:49,710 --> 00:04:51,370
and so it's this token here
106
00:04:51,370 --> 00:04:54,460
which is right now stored in our token variable.
107
00:04:54,460 --> 00:04:57,020
Okay, and so when we're now deleting the user
108
00:04:57,020 --> 00:05:00,163
it will be based on the ID coming from this token.
109
00:05:01,700 --> 00:05:03,093
So let's try that now.
110
00:05:06,080 --> 00:05:08,690
And indeed we get our 204.
111
00:05:08,690 --> 00:05:11,600
And now what I'm interested in is to see
112
00:05:11,600 --> 00:05:13,763
if the select property here has changed.
113
00:05:15,290 --> 00:05:17,820
And it actually looks exactly the same here.
114
00:05:17,820 --> 00:05:19,760
And that's because we're not leaking
115
00:05:19,760 --> 00:05:22,460
the select field to the user.
116
00:05:22,460 --> 00:05:25,053
And so we actually need to see it here.
117
00:05:26,180 --> 00:05:31,110
Okay and so indeed we have active here set to false.
118
00:05:31,110 --> 00:05:34,560
Okay, so that's what I wanted to say before.
119
00:05:34,560 --> 00:05:37,640
So we're not leaking the active fields
120
00:05:37,640 --> 00:05:40,020
to the user, not the select field.
121
00:05:40,020 --> 00:05:42,230
So active is only visible for us here
122
00:05:42,230 --> 00:05:45,280
in compass but not for the user.
123
00:05:45,280 --> 00:05:46,920
Now as a last step,
124
00:05:46,920 --> 00:05:50,080
we then of course do not want to show up the
125
00:05:50,080 --> 00:05:53,960
inactive users in this output, right.
126
00:05:53,960 --> 00:05:57,400
And how do you think we could implement this?
127
00:05:57,400 --> 00:06:00,500
Well we're gonna use something that is way back
128
00:06:00,500 --> 00:06:03,400
that we talked about like two or three sections ago
129
00:06:03,400 --> 00:06:06,140
which is query middleware, okay.
130
00:06:06,140 --> 00:06:08,940
So query middleware is perfect for this
131
00:06:08,940 --> 00:06:11,380
because now we can basically add a step
132
00:06:11,380 --> 00:06:14,160
before any other query that we're doing then
133
00:06:14,160 --> 00:06:16,500
somewhere in our application.
134
00:06:16,500 --> 00:06:19,810
So let's go to our user model here
135
00:06:19,810 --> 00:06:21,763
and add that middleware here.
136
00:06:25,310 --> 00:06:26,657
So userSchema
137
00:06:29,339 --> 00:06:32,850
.pre, so something that will happen
138
00:06:32,850 --> 00:06:37,760
before a query and that query will be a find.
139
00:06:37,760 --> 00:06:40,583
Okay, so this is what makes this query middleware.
140
00:06:42,330 --> 00:06:44,670
Then a regular function
141
00:06:44,670 --> 00:06:46,390
because remember that otherwise
142
00:06:46,390 --> 00:06:49,600
we're not having access to the discord
143
00:06:49,600 --> 00:06:51,460
or at least it won't have the value
144
00:06:51,460 --> 00:06:53,560
that we expect it to have.
145
00:06:53,560 --> 00:06:55,440
And remember that here we actually
146
00:06:55,440 --> 00:06:57,820
used a regular expression before
147
00:06:57,820 --> 00:07:00,520
basically to say that we want this middleware function
148
00:07:00,520 --> 00:07:03,850
to apply to every query that starts with find.
149
00:07:03,850 --> 00:07:07,290
So not just find but also stuff like find and update,
150
00:07:07,290 --> 00:07:10,290
find and delete, and all queries like that.
151
00:07:10,290 --> 00:07:14,670
Okay, and so we use a regular expression
152
00:07:14,670 --> 00:07:18,600
looking for words or strings that start with find.
153
00:07:18,600 --> 00:07:20,883
So that's what this symbol here does.
154
00:07:22,080 --> 00:07:24,250
And then end the regular expression.
155
00:07:24,250 --> 00:07:25,720
So a very simple one.
156
00:07:25,720 --> 00:07:27,650
This is the one that even I can write
157
00:07:27,650 --> 00:07:30,600
without going to Google first
158
00:07:30,600 --> 00:07:32,480
and try to find it there.
159
00:07:32,480 --> 00:07:36,760
Okay, so remember this is query middleware
160
00:07:36,760 --> 00:07:40,840
and so therefore this points to the current
161
00:07:42,350 --> 00:07:43,183
query.
162
00:07:43,183 --> 00:07:47,070
Okay, and so let's just quickly go back here
163
00:07:47,070 --> 00:07:48,970
to see how it works.
164
00:07:48,970 --> 00:07:52,900
So we have our get all users here
165
00:07:52,900 --> 00:07:55,880
and here of course we have a find query.
166
00:07:55,880 --> 00:07:58,840
And now before that query is actually executed
167
00:07:58,840 --> 00:08:00,540
we want to add something to it.
168
00:08:00,540 --> 00:08:03,260
Which is that we only want to find documents
169
00:08:03,260 --> 00:08:05,823
which have the active property set to true.
170
00:08:07,100 --> 00:08:09,840
All right, so that's easy.
171
00:08:09,840 --> 00:08:10,673
Here it is.
172
00:08:11,610 --> 00:08:12,443
And so
173
00:08:13,610 --> 00:08:15,037
this
174
00:08:15,037 --> 00:08:15,980
.find
175
00:08:15,980 --> 00:08:17,910
and then of course our filter object
176
00:08:19,930 --> 00:08:24,180
only documents with active set to true.
177
00:08:24,180 --> 00:08:25,013
And that's it.
178
00:08:27,610 --> 00:08:31,410
Calling the next middleware and we're done.
179
00:08:31,410 --> 00:08:34,350
Okay, and so if we now do the same query
180
00:08:34,350 --> 00:08:36,840
then this last one should no longer show up
181
00:08:36,840 --> 00:08:40,240
because again it has active set to false.
182
00:08:40,240 --> 00:08:42,179
And so it's not going to match the query
183
00:08:42,179 --> 00:08:43,222
that we just wrote.
184
00:08:45,400 --> 00:08:48,530
Okay, now we don't get any users here
185
00:08:48,530 --> 00:08:51,230
and I guess that's because the other ones
186
00:08:51,230 --> 00:08:53,360
they do not have explicitly
187
00:08:53,360 --> 00:08:55,810
the active property set to true.
188
00:08:55,810 --> 00:08:58,950
And so let's do what we actually did in that other section
189
00:08:58,950 --> 00:09:02,230
where we say that active should not be false.
190
00:09:02,230 --> 00:09:03,690
Okay,
191
00:09:03,690 --> 00:09:05,900
so we use the not equal to
192
00:09:05,900 --> 00:09:09,343
operator and that of course should be in it's own object.
193
00:09:10,290 --> 00:09:12,690
So not equal to false.
194
00:09:12,690 --> 00:09:16,540
Okay, so that is quite different here in this case.
195
00:09:16,540 --> 00:09:18,790
All right, so all documents where active
196
00:09:18,790 --> 00:09:21,642
is not equal to false should now show up
197
00:09:21,642 --> 00:09:24,883
and so the other two should now be back.
198
00:09:24,883 --> 00:09:27,390
And indeed here they are.
199
00:09:27,390 --> 00:09:31,190
Okay and so this is how we basically delete our users
200
00:09:31,190 --> 00:09:34,760
while effectively not deleting them from the database.
201
00:09:34,760 --> 00:09:37,210
Okay, so we're not deleting documents
202
00:09:37,210 --> 00:09:39,883
we're only marking them as inactive.
203
00:09:41,100 --> 00:09:43,963
Okay, let's just quickly save this here.
204
00:09:46,180 --> 00:09:47,013
Delete
205
00:09:48,680 --> 00:09:50,930
current user.
206
00:09:50,930 --> 00:09:53,470
Great and with this we actually finished
207
00:09:53,470 --> 00:09:55,970
the authentication and authorization part
208
00:09:55,970 --> 00:09:57,460
of this section.
209
00:09:57,460 --> 00:10:00,440
So everything that was related to these topics
210
00:10:00,440 --> 00:10:04,410
and also to to users like updating and deleting users.
211
00:10:04,410 --> 00:10:07,000
That's also kind of a part of authentication
212
00:10:07,000 --> 00:10:08,410
and authorization.
213
00:10:08,410 --> 00:10:10,020
Now in the rest of this section,
214
00:10:10,020 --> 00:10:12,210
we're gonna talk about security
215
00:10:12,210 --> 00:10:14,740
because of course that's also kind of related
216
00:10:14,740 --> 00:10:16,210
to authentication.
217
00:10:16,210 --> 00:10:18,530
Okay, so we're gonna talk about a couple of
218
00:10:18,530 --> 00:10:21,090
best practices and then also implement
219
00:10:21,090 --> 00:10:22,963
some of them into our project.
15854
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.