Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,890 --> 00:00:04,850 So after updating, let's now also allow the current user 2 00:00:04,850 --> 00:00:07,293 to basically delete his account. 3 00:00:09,070 --> 00:00:12,069 Now when a user decides to delete his account, 4 00:00:12,069 --> 00:00:16,390 we actually do not delete that document from the database. 5 00:00:16,390 --> 00:00:20,580 But instead we actually just set the account to inactive. 6 00:00:20,580 --> 00:00:23,170 So that the user might at some point in the future 7 00:00:23,170 --> 00:00:26,910 reactivate the account and also so that we still 8 00:00:26,910 --> 00:00:29,820 can basically access the account in the future, 9 00:00:29,820 --> 00:00:33,450 even if officially, let's say it has been deleted. 10 00:00:33,450 --> 00:00:34,440 Okay? 11 00:00:34,440 --> 00:00:36,380 So to implement this, first of all 12 00:00:36,380 --> 00:00:39,430 we need to create a new property in our schema. 13 00:00:39,430 --> 00:00:40,850 So, 14 00:00:40,850 --> 00:00:42,090 let's go there. 15 00:00:42,090 --> 00:00:43,740 And now we want to have 16 00:00:45,440 --> 00:00:47,163 a field called active. 17 00:00:48,210 --> 00:00:49,043 Okay. 18 00:00:50,550 --> 00:00:52,150 Which should be of the type 19 00:00:54,370 --> 00:00:55,550 Boolean. 20 00:00:55,550 --> 00:00:57,430 Okay, and by default 21 00:00:57,430 --> 00:00:58,263 it's gonna be 22 00:00:59,170 --> 00:01:00,040 true. 23 00:01:00,040 --> 00:01:02,180 So any user that is created new 24 00:01:02,180 --> 00:01:04,430 is of course an active user 25 00:01:04,430 --> 00:01:07,300 and so the Boolean is set to true. 26 00:01:07,300 --> 00:01:11,360 Also, we do not want to show this in the output, okay. 27 00:01:11,360 --> 00:01:13,350 Because we basically want to hide 28 00:01:13,350 --> 00:01:16,077 this implementation detail from the user. 29 00:01:16,077 --> 00:01:17,260 Okay? 30 00:01:17,260 --> 00:01:19,920 And so we don't want anyone to know 31 00:01:19,920 --> 00:01:24,390 that this flag, so this active flag is here, okay. 32 00:01:24,390 --> 00:01:28,930 So we say select, and set it to false, all right. 33 00:01:28,930 --> 00:01:29,883 And so, 34 00:01:30,830 --> 00:01:33,140 to delete the user now, 35 00:01:33,140 --> 00:01:35,400 all we need to do is basically set 36 00:01:35,400 --> 00:01:38,210 that active flag to false. 37 00:01:38,210 --> 00:01:39,043 Okay. 38 00:01:40,130 --> 00:01:42,390 So let's create that function here, 39 00:01:42,390 --> 00:01:43,223 exports 40 00:01:44,170 --> 00:01:45,529 .deleteMe, 41 00:01:45,529 --> 00:01:46,930 so it was updateMe 42 00:01:46,930 --> 00:01:47,763 and now it's deleteMe 43 00:01:47,763 --> 00:01:51,614 and so we already know that we're using 44 00:01:51,614 --> 00:01:54,410 a catchAsync here, right? 45 00:01:54,410 --> 00:01:58,570 And then Async because we basically already know 46 00:01:58,570 --> 00:02:01,150 that we're gonna update the user. 47 00:02:01,150 --> 00:02:02,960 So request responds 48 00:02:02,960 --> 00:02:03,913 next. 49 00:02:06,470 --> 00:02:08,300 So, await 50 00:02:08,300 --> 00:02:10,699 User.find 51 00:02:10,699 --> 00:02:12,573 by ID and update. 52 00:02:13,800 --> 00:02:15,960 Okay, and again, of course there's only works 53 00:02:15,960 --> 00:02:18,830 for logged in users and so the user ID is 54 00:02:18,830 --> 00:02:21,617 conveniently stored at request 55 00:02:21,617 --> 00:02:23,800 .user.id. 56 00:02:23,800 --> 00:02:25,630 and the data that we want to update 57 00:02:26,680 --> 00:02:28,010 is simply active 58 00:02:28,900 --> 00:02:30,893 and set it to false. 59 00:02:31,870 --> 00:02:33,280 All right. 60 00:02:33,280 --> 00:02:37,560 Now sending back the response is also pretty easy. 61 00:02:37,560 --> 00:02:40,100 We use the 204 code 62 00:02:40,100 --> 00:02:43,280 for deleted which will then make it so that actually 63 00:02:43,280 --> 00:02:47,230 in Postman we do not even see this response, okay. 64 00:02:47,230 --> 00:02:49,830 But we still send it along with the request 65 00:02:50,770 --> 00:02:52,720 'cause that's always the best practice. 66 00:02:54,090 --> 00:02:56,610 So, it's still a success 67 00:02:56,610 --> 00:02:59,470 and then remember we don't send any data. 68 00:02:59,470 --> 00:03:01,343 So, simply set it to no. 69 00:03:02,890 --> 00:03:05,080 All right, and now of course add it 70 00:03:05,080 --> 00:03:07,193 also to all routes here. 71 00:03:08,850 --> 00:03:10,223 So that's pretty similar. 72 00:03:11,840 --> 00:03:12,880 So deleteMe 73 00:03:14,620 --> 00:03:16,420 then here deleteMe as well 74 00:03:16,420 --> 00:03:20,373 and now actually we are using the delete http method. 75 00:03:21,480 --> 00:03:24,670 Okay, and again, we will not actually delete 76 00:03:24,670 --> 00:03:26,570 a user from the database. 77 00:03:26,570 --> 00:03:30,550 But as long as the user is no longer accessible anywhere 78 00:03:30,550 --> 00:03:34,277 then it's still okay to use this http method here. 79 00:03:34,277 --> 00:03:37,663 All right, so let's try this out now. 80 00:03:38,900 --> 00:03:42,010 Okay, even though we're not 100% ready yet 81 00:03:43,080 --> 00:03:46,193 but let's still try this now. 82 00:03:47,200 --> 00:03:48,033 All right, 83 00:03:49,280 --> 00:03:50,629 so, 84 00:03:50,629 --> 00:03:51,720 deleteMe 85 00:03:51,720 --> 00:03:53,530 and it is a protected route 86 00:03:53,530 --> 00:03:55,290 and so we need to be signed in 87 00:03:56,150 --> 00:03:59,923 and so let's create our authorization header, 88 00:04:00,910 --> 00:04:03,350 Bearer Token and of course this one 89 00:04:04,640 --> 00:04:06,040 and that's actually it. 90 00:04:06,040 --> 00:04:08,730 We don't need to pass any data in the body. 91 00:04:08,730 --> 00:04:11,173 We don't need to pass any data in the URL. 92 00:04:12,010 --> 00:04:15,210 All right, because again, the only data that is needed 93 00:04:15,210 --> 00:04:18,560 is the current user ID and that one isn't coded 94 00:04:18,560 --> 00:04:21,149 inside of our adjacent web token. 95 00:04:21,149 --> 00:04:21,983 Okay? 96 00:04:23,510 --> 00:04:25,720 So what we also need to do is delete 97 00:04:26,660 --> 00:04:29,240 and yeah this should work now. 98 00:04:29,240 --> 00:04:31,830 So before we do that let's actually get the list 99 00:04:31,830 --> 00:04:33,113 of all the users. 100 00:04:34,870 --> 00:04:38,110 All right and so the one that we are deleting now 101 00:04:38,110 --> 00:04:39,533 is this last one. 102 00:04:41,060 --> 00:04:44,300 So this one that we just created in the last lecture. 103 00:04:44,300 --> 00:04:47,270 Okay, and we are working with this one 104 00:04:47,270 --> 00:04:49,710 because it's the last one who logged in 105 00:04:49,710 --> 00:04:51,370 and so it's this token here 106 00:04:51,370 --> 00:04:54,460 which is right now stored in our token variable. 107 00:04:54,460 --> 00:04:57,020 Okay, and so when we're now deleting the user 108 00:04:57,020 --> 00:05:00,163 it will be based on the ID coming from this token. 109 00:05:01,700 --> 00:05:03,093 So let's try that now. 110 00:05:06,080 --> 00:05:08,690 And indeed we get our 204. 111 00:05:08,690 --> 00:05:11,600 And now what I'm interested in is to see 112 00:05:11,600 --> 00:05:13,763 if the select property here has changed. 113 00:05:15,290 --> 00:05:17,820 And it actually looks exactly the same here. 114 00:05:17,820 --> 00:05:19,760 And that's because we're not leaking 115 00:05:19,760 --> 00:05:22,460 the select field to the user. 116 00:05:22,460 --> 00:05:25,053 And so we actually need to see it here. 117 00:05:26,180 --> 00:05:31,110 Okay and so indeed we have active here set to false. 118 00:05:31,110 --> 00:05:34,560 Okay, so that's what I wanted to say before. 119 00:05:34,560 --> 00:05:37,640 So we're not leaking the active fields 120 00:05:37,640 --> 00:05:40,020 to the user, not the select field. 121 00:05:40,020 --> 00:05:42,230 So active is only visible for us here 122 00:05:42,230 --> 00:05:45,280 in compass but not for the user. 123 00:05:45,280 --> 00:05:46,920 Now as a last step, 124 00:05:46,920 --> 00:05:50,080 we then of course do not want to show up the 125 00:05:50,080 --> 00:05:53,960 inactive users in this output, right. 126 00:05:53,960 --> 00:05:57,400 And how do you think we could implement this? 127 00:05:57,400 --> 00:06:00,500 Well we're gonna use something that is way back 128 00:06:00,500 --> 00:06:03,400 that we talked about like two or three sections ago 129 00:06:03,400 --> 00:06:06,140 which is query middleware, okay. 130 00:06:06,140 --> 00:06:08,940 So query middleware is perfect for this 131 00:06:08,940 --> 00:06:11,380 because now we can basically add a step 132 00:06:11,380 --> 00:06:14,160 before any other query that we're doing then 133 00:06:14,160 --> 00:06:16,500 somewhere in our application. 134 00:06:16,500 --> 00:06:19,810 So let's go to our user model here 135 00:06:19,810 --> 00:06:21,763 and add that middleware here. 136 00:06:25,310 --> 00:06:26,657 So userSchema 137 00:06:29,339 --> 00:06:32,850 .pre, so something that will happen 138 00:06:32,850 --> 00:06:37,760 before a query and that query will be a find. 139 00:06:37,760 --> 00:06:40,583 Okay, so this is what makes this query middleware. 140 00:06:42,330 --> 00:06:44,670 Then a regular function 141 00:06:44,670 --> 00:06:46,390 because remember that otherwise 142 00:06:46,390 --> 00:06:49,600 we're not having access to the discord 143 00:06:49,600 --> 00:06:51,460 or at least it won't have the value 144 00:06:51,460 --> 00:06:53,560 that we expect it to have. 145 00:06:53,560 --> 00:06:55,440 And remember that here we actually 146 00:06:55,440 --> 00:06:57,820 used a regular expression before 147 00:06:57,820 --> 00:07:00,520 basically to say that we want this middleware function 148 00:07:00,520 --> 00:07:03,850 to apply to every query that starts with find. 149 00:07:03,850 --> 00:07:07,290 So not just find but also stuff like find and update, 150 00:07:07,290 --> 00:07:10,290 find and delete, and all queries like that. 151 00:07:10,290 --> 00:07:14,670 Okay, and so we use a regular expression 152 00:07:14,670 --> 00:07:18,600 looking for words or strings that start with find. 153 00:07:18,600 --> 00:07:20,883 So that's what this symbol here does. 154 00:07:22,080 --> 00:07:24,250 And then end the regular expression. 155 00:07:24,250 --> 00:07:25,720 So a very simple one. 156 00:07:25,720 --> 00:07:27,650 This is the one that even I can write 157 00:07:27,650 --> 00:07:30,600 without going to Google first 158 00:07:30,600 --> 00:07:32,480 and try to find it there. 159 00:07:32,480 --> 00:07:36,760 Okay, so remember this is query middleware 160 00:07:36,760 --> 00:07:40,840 and so therefore this points to the current 161 00:07:42,350 --> 00:07:43,183 query. 162 00:07:43,183 --> 00:07:47,070 Okay, and so let's just quickly go back here 163 00:07:47,070 --> 00:07:48,970 to see how it works. 164 00:07:48,970 --> 00:07:52,900 So we have our get all users here 165 00:07:52,900 --> 00:07:55,880 and here of course we have a find query. 166 00:07:55,880 --> 00:07:58,840 And now before that query is actually executed 167 00:07:58,840 --> 00:08:00,540 we want to add something to it. 168 00:08:00,540 --> 00:08:03,260 Which is that we only want to find documents 169 00:08:03,260 --> 00:08:05,823 which have the active property set to true. 170 00:08:07,100 --> 00:08:09,840 All right, so that's easy. 171 00:08:09,840 --> 00:08:10,673 Here it is. 172 00:08:11,610 --> 00:08:12,443 And so 173 00:08:13,610 --> 00:08:15,037 this 174 00:08:15,037 --> 00:08:15,980 .find 175 00:08:15,980 --> 00:08:17,910 and then of course our filter object 176 00:08:19,930 --> 00:08:24,180 only documents with active set to true. 177 00:08:24,180 --> 00:08:25,013 And that's it. 178 00:08:27,610 --> 00:08:31,410 Calling the next middleware and we're done. 179 00:08:31,410 --> 00:08:34,350 Okay, and so if we now do the same query 180 00:08:34,350 --> 00:08:36,840 then this last one should no longer show up 181 00:08:36,840 --> 00:08:40,240 because again it has active set to false. 182 00:08:40,240 --> 00:08:42,179 And so it's not going to match the query 183 00:08:42,179 --> 00:08:43,222 that we just wrote. 184 00:08:45,400 --> 00:08:48,530 Okay, now we don't get any users here 185 00:08:48,530 --> 00:08:51,230 and I guess that's because the other ones 186 00:08:51,230 --> 00:08:53,360 they do not have explicitly 187 00:08:53,360 --> 00:08:55,810 the active property set to true. 188 00:08:55,810 --> 00:08:58,950 And so let's do what we actually did in that other section 189 00:08:58,950 --> 00:09:02,230 where we say that active should not be false. 190 00:09:02,230 --> 00:09:03,690 Okay, 191 00:09:03,690 --> 00:09:05,900 so we use the not equal to 192 00:09:05,900 --> 00:09:09,343 operator and that of course should be in it's own object. 193 00:09:10,290 --> 00:09:12,690 So not equal to false. 194 00:09:12,690 --> 00:09:16,540 Okay, so that is quite different here in this case. 195 00:09:16,540 --> 00:09:18,790 All right, so all documents where active 196 00:09:18,790 --> 00:09:21,642 is not equal to false should now show up 197 00:09:21,642 --> 00:09:24,883 and so the other two should now be back. 198 00:09:24,883 --> 00:09:27,390 And indeed here they are. 199 00:09:27,390 --> 00:09:31,190 Okay and so this is how we basically delete our users 200 00:09:31,190 --> 00:09:34,760 while effectively not deleting them from the database. 201 00:09:34,760 --> 00:09:37,210 Okay, so we're not deleting documents 202 00:09:37,210 --> 00:09:39,883 we're only marking them as inactive. 203 00:09:41,100 --> 00:09:43,963 Okay, let's just quickly save this here. 204 00:09:46,180 --> 00:09:47,013 Delete 205 00:09:48,680 --> 00:09:50,930 current user. 206 00:09:50,930 --> 00:09:53,470 Great and with this we actually finished 207 00:09:53,470 --> 00:09:55,970 the authentication and authorization part 208 00:09:55,970 --> 00:09:57,460 of this section. 209 00:09:57,460 --> 00:10:00,440 So everything that was related to these topics 210 00:10:00,440 --> 00:10:04,410 and also to to users like updating and deleting users. 211 00:10:04,410 --> 00:10:07,000 That's also kind of a part of authentication 212 00:10:07,000 --> 00:10:08,410 and authorization. 213 00:10:08,410 --> 00:10:10,020 Now in the rest of this section, 214 00:10:10,020 --> 00:10:12,210 we're gonna talk about security 215 00:10:12,210 --> 00:10:14,740 because of course that's also kind of related 216 00:10:14,740 --> 00:10:16,210 to authentication. 217 00:10:16,210 --> 00:10:18,530 Okay, so we're gonna talk about a couple of 218 00:10:18,530 --> 00:10:21,090 best practices and then also implement 219 00:10:21,090 --> 00:10:22,963 some of them into our project. 15854