Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,160 --> 00:00:04,610
Now it's finally time to use the login API
2
00:00:04,610 --> 00:00:06,830
that we built in previous sections
3
00:00:06,830 --> 00:00:09,100
and there is a ton of stuff to do here
4
00:00:09,100 --> 00:00:12,880
in order to make the front-end interact with the back-end.
5
00:00:12,880 --> 00:00:15,680
And so we're doing this in separate lectures.
6
00:00:15,680 --> 00:00:17,833
Anyway, let's now get started.
7
00:00:19,740 --> 00:00:21,570
And this is how it's gonna work.
8
00:00:21,570 --> 00:00:25,180
So, we're gonna allow users to log into our website
9
00:00:25,180 --> 00:00:28,990
by doing an HTTP request, or an ATEX call
10
00:00:28,990 --> 00:00:31,580
as many people like to call it also.
11
00:00:31,580 --> 00:00:35,890
And we're doing that HTTP request to the login API end point
12
00:00:35,890 --> 00:00:38,340
that we implemented before using the data
13
00:00:38,340 --> 00:00:41,820
that the user provides in this form that we have here.
14
00:00:41,820 --> 00:00:45,614
So, remember that our API will then send back a cookie
15
00:00:45,614 --> 00:00:49,010
which automatically gets stored in the browser.
16
00:00:49,010 --> 00:00:51,650
And also automatically gets send back
17
00:00:51,650 --> 00:00:53,990
with each subsequent request.
18
00:00:53,990 --> 00:00:56,950
And as you will see, this is a fundamental key
19
00:00:56,950 --> 00:01:00,040
in order to make our authentication system work.
20
00:01:00,040 --> 00:01:01,940
But anyway, since we're doing
21
00:01:01,940 --> 00:01:04,518
this HTTP request in the browser,
22
00:01:04,518 --> 00:01:09,220
we will, of course, again, be working on the client side.
23
00:01:09,220 --> 00:01:10,900
But anyway, since we're doing
24
00:01:10,900 --> 00:01:13,570
an HTTP request in the browser,
25
00:01:13,570 --> 00:01:17,010
we'll still be working on client side jobs script code.
26
00:01:17,010 --> 00:01:20,410
So just like we did with the Mapbox implementation.
27
00:01:20,410 --> 00:01:21,570
Alright?
28
00:01:21,570 --> 00:01:24,430
So let's now go ahead and create a new file here.
29
00:01:24,430 --> 00:01:29,063
And so that's in public, js, and new file,
30
00:01:30,190 --> 00:01:33,030
which I'm gonna call login.js
31
00:01:33,960 --> 00:01:36,380
and in the next video, we're actually going to bundle
32
00:01:36,380 --> 00:01:38,260
all these separate JavaScript files
33
00:01:38,260 --> 00:01:40,630
that we're creating here for the front-end
34
00:01:40,630 --> 00:01:42,970
together into one big bundle.
35
00:01:42,970 --> 00:01:43,820
Alright?
36
00:01:43,820 --> 00:01:47,240
But for now, let's actually just focus on making
37
00:01:47,240 --> 00:01:49,510
this login functionality work.
38
00:01:49,510 --> 00:01:52,820
But anyway, let's now start by adding an event listener,
39
00:01:52,820 --> 00:01:57,139
listening for the submit event on our login form, okay?
40
00:01:57,139 --> 00:02:01,260
So, our login form has this form class here.
41
00:02:01,260 --> 00:02:04,307
Okay, so let's now select this for element
42
00:02:04,307 --> 00:02:07,820
and then on there, listen for the submit event.
43
00:02:07,820 --> 00:02:10,430
I hope that you're familiar with this kind of logic
44
00:02:10,430 --> 00:02:12,510
in the client-side JavaScript.
45
00:02:12,510 --> 00:02:14,810
And so hopefully, this is nothing new for you.
46
00:02:15,810 --> 00:02:19,193
So, document.querySelector,
47
00:02:20,260 --> 00:02:23,063
which we use in order to select based on the class.
48
00:02:24,940 --> 00:02:27,040
Add then that Selector name,
49
00:02:27,040 --> 00:02:32,040
and now add EventListener, listening for the submit event.
50
00:02:32,940 --> 00:02:35,740
So basically, an event that the browser will fire off
51
00:02:35,740 --> 00:02:39,363
whenever a user clicks on the submit button on the form.
52
00:02:40,220 --> 00:02:41,810
Add then in the collect function,
53
00:02:41,810 --> 00:02:46,123
we're gonna have access to that event itself, okay?
54
00:02:47,680 --> 00:02:49,500
And so the third thing that we actually do
55
00:02:49,500 --> 00:02:52,843
is to say event.preventDefault.
56
00:02:56,770 --> 00:02:57,750
Okay?
57
00:02:57,750 --> 00:03:01,580
So this prevents the form from la-loading any other page.
58
00:03:01,580 --> 00:03:03,925
Next up, let's actually get the email
59
00:03:03,925 --> 00:03:06,740
and the password value that the user puts in.
60
00:03:06,740 --> 00:03:10,485
And so these are, in this element, with the ID email,
61
00:03:10,485 --> 00:03:13,310
and the ID password, okay?
62
00:03:13,310 --> 00:03:15,020
So these two input fields
63
00:03:15,020 --> 00:03:18,114
and let's get this data as well.
64
00:03:18,114 --> 00:03:21,364
(typing on a keyboard)
65
00:03:24,933 --> 00:03:26,440
So document,
66
00:03:26,440 --> 00:03:27,933
get element by ID.
67
00:03:29,310 --> 00:03:32,230
Email, and then we use the value property
68
00:03:32,230 --> 00:03:34,670
in order to reach that value out there.
69
00:03:34,670 --> 00:03:37,893
Not nodeValue, just value.
70
00:03:39,520 --> 00:03:42,930
Let's duplicate this line, okay?
71
00:03:42,930 --> 00:03:45,330
And so now let's do the actual logging in
72
00:03:45,330 --> 00:03:47,940
in a separate function, okay?
73
00:03:47,940 --> 00:03:49,880
Now we get here, this eslint error
74
00:03:49,880 --> 00:03:53,040
and that's again because we have eslint
75
00:03:53,040 --> 00:03:56,450
only configurated for not JS code.
76
00:03:56,450 --> 00:03:59,963
And so let's actually disable that just like we did here.
77
00:04:01,340 --> 00:04:03,233
So just grab this piece of code.
78
00:04:07,790 --> 00:04:08,630
Alright?
79
00:04:08,630 --> 00:04:09,910
And now as I was saying,
80
00:04:09,910 --> 00:04:12,123
let's now create that login function.
81
00:04:15,270 --> 00:04:16,370
So and just like this,
82
00:04:17,380 --> 00:04:19,120
and this function is going to accept
83
00:04:19,120 --> 00:04:20,519
an email and and a password.
84
00:04:24,840 --> 00:04:25,770
And first of all,
85
00:04:25,770 --> 00:04:29,080
let's just see if this code is actually working.
86
00:04:29,080 --> 00:04:30,533
So we're going to alert,
87
00:04:31,560 --> 00:04:33,740
so basically create an alert window.
88
00:04:33,740 --> 00:04:36,563
And with this email and password.
89
00:04:38,910 --> 00:04:39,743
Alright?
90
00:04:42,920 --> 00:04:45,710
Now of course we also need to call this function
91
00:04:45,710 --> 00:04:49,300
again with email and password.
92
00:04:49,300 --> 00:04:54,300
And then finally, we also need to include this login file
93
00:04:54,600 --> 00:04:58,370
into our base template, alright?
94
00:04:58,370 --> 00:05:00,600
And again, as I was saying in the beginning,
95
00:05:00,600 --> 00:05:02,340
in the next video, we're going to bundle
96
00:05:02,340 --> 00:05:04,640
all of this front-end code here together
97
00:05:04,640 --> 00:05:06,423
into one big JavaScript file.
98
00:05:07,820 --> 00:05:08,653
Alright?
99
00:05:08,653 --> 00:05:10,810
So that's a lot better for performance
100
00:05:10,810 --> 00:05:14,143
and it's also a better developer experience for ourselves.
101
00:05:15,250 --> 00:05:18,330
Anyway, this should now be working.
102
00:05:18,330 --> 00:05:20,093
Let's just reload this page here.
103
00:05:25,783 --> 00:05:27,620
So I have to fill in, validate here,
104
00:05:27,620 --> 00:05:30,563
anyway, Chrome will not even allow me to submit the form.
105
00:05:32,920 --> 00:05:35,100
Alright, so here we get our alert
106
00:05:35,100 --> 00:05:37,020
with the email we just put in
107
00:05:37,020 --> 00:05:38,860
and then the password, I guess,
108
00:05:38,860 --> 00:05:40,080
doesn't show up because
109
00:05:40,080 --> 00:05:42,983
we kind of specified two values there.
110
00:05:46,140 --> 00:05:50,470
So instead, let's specify an object here
111
00:05:50,470 --> 00:05:52,020
and see if it works then again.
112
00:05:54,072 --> 00:05:57,322
(typing on a keyboard)
113
00:06:03,770 --> 00:06:05,410
Well, I guess it tries to convert
114
00:06:05,410 --> 00:06:07,473
that object to a string here.
115
00:06:08,400 --> 00:06:11,530
Okay, but, it doesn't really matter here.
116
00:06:11,530 --> 00:06:15,573
I'm usually more used to using Console.log instead of alert.
117
00:06:16,530 --> 00:06:17,900
Alright?
118
00:06:17,900 --> 00:06:20,960
But anyway, I'm sure it's working now here.
119
00:06:20,960 --> 00:06:23,783
And so let's now go ahead and create this function.
120
00:06:24,640 --> 00:06:28,910
So, in order to do these HTTP requests for the login,
121
00:06:28,910 --> 00:06:29,890
we are going to use
122
00:06:29,890 --> 00:06:34,130
a very popular library called Axios, okay?
123
00:06:34,130 --> 00:06:36,430
And in the next video we're actually going to download
124
00:06:36,430 --> 00:06:39,460
this library from NPM and bundle it together
125
00:06:39,460 --> 00:06:41,000
with all our other scripts,
126
00:06:41,000 --> 00:06:43,713
but for now, let's use it from a CDN.
127
00:06:45,240 --> 00:06:48,860
So, let's just Google
128
00:06:48,860 --> 00:06:52,260
Axios CDN, alright?
129
00:06:52,260 --> 00:06:55,513
Then, go ahead and copy this one here,
130
00:06:57,650 --> 00:06:59,403
and then, in our base script,
131
00:07:00,610 --> 00:07:04,583
let's put it right here at the first one, alright?
132
00:07:06,230 --> 00:07:07,300
So this will then expose
133
00:07:07,300 --> 00:07:10,080
an Axios object to the global scope,
134
00:07:10,080 --> 00:07:14,500
which we can then use in our login function, okay?
135
00:07:14,500 --> 00:07:17,123
And so we can then now say Axios,
136
00:07:18,000 --> 00:07:21,003
and then pass in the options for our request.
137
00:07:22,320 --> 00:07:26,380
So first off, let's say that we're doing a post-request.
138
00:07:26,380 --> 00:07:28,593
Then, we need a URL.
139
00:07:29,770 --> 00:07:31,140
Alright?
140
00:07:31,140 --> 00:07:33,313
So let's actually get that from Postman.
141
00:07:39,530 --> 00:07:41,543
So, this is our URL here.
142
00:07:43,250 --> 00:07:45,040
And we're also going to, of course,
143
00:07:45,040 --> 00:07:47,853
append the host then on there.
144
00:07:49,400 --> 00:07:52,910
So then here of course, it is http
145
00:07:55,440 --> 00:07:57,093
and then local host basically.
146
00:08:01,250 --> 00:08:02,530
And,
147
00:08:02,530 --> 00:08:05,260
so this is our login input,
148
00:08:05,260 --> 00:08:07,490
and now we need to specify the data
149
00:08:07,490 --> 00:08:10,473
that we're sending along with the request in the body.
150
00:08:13,040 --> 00:08:13,873
Alright?
151
00:08:13,873 --> 00:08:17,870
And so that is email: email.
152
00:08:17,870 --> 00:08:21,600
And so, as you already know, we can remove this email.
153
00:08:21,600 --> 00:08:22,433
Okay?
154
00:08:22,433 --> 00:08:24,810
So it's called email here, because our end point
155
00:08:24,810 --> 00:08:29,210
expects the data to be called email, right?
156
00:08:29,210 --> 00:08:31,250
So that's what we have here in the body.
157
00:08:31,250 --> 00:08:33,996
We need to specify a property called email,
158
00:08:33,996 --> 00:08:35,789
and one called password.
159
00:08:35,789 --> 00:08:37,830
And so that's exactly what we're doing here
160
00:08:37,830 --> 00:08:41,630
but it then has the same name as this parameter here.
161
00:08:41,630 --> 00:08:44,030
And so it's enough to just say email
162
00:08:45,000 --> 00:08:48,123
and the same applies for the password.
163
00:08:49,720 --> 00:08:50,760
Okay?
164
00:08:50,760 --> 00:08:53,350
Now, Axios here then returns a promise
165
00:08:53,350 --> 00:08:55,890
and so let's actually use a single await
166
00:08:55,890 --> 00:08:59,210
in order to wait for that value to come back.
167
00:08:59,210 --> 00:09:04,210
So await here, and then async right here.
168
00:09:05,110 --> 00:09:07,950
Now, keep in mind that this is client-facing code
169
00:09:07,950 --> 00:09:09,750
and only the more modern browsers
170
00:09:09,750 --> 00:09:12,290
can actually run a single await functions
171
00:09:12,290 --> 00:09:15,573
but in this course, I'm not really going to go into that.
172
00:09:17,130 --> 00:09:18,310
Okay?
173
00:09:18,310 --> 00:09:22,510
Anyways, let's save the result of this awaiting the promise
174
00:09:22,510 --> 00:09:25,640
into the result variable.
175
00:09:25,640 --> 00:09:28,623
And then just, to take a look at the result,
176
00:09:30,000 --> 00:09:33,453
let's say console.log result.
177
00:09:34,500 --> 00:09:35,333
Okay?
178
00:09:35,333 --> 00:09:37,870
Now one thing that I really like about Axios
179
00:09:37,870 --> 00:09:40,240
is the fact that it's going to throw an error
180
00:09:40,240 --> 00:09:43,780
whenever we get an error back from our API input.
181
00:09:43,780 --> 00:09:46,480
So let's say that there is a wrong password
182
00:09:46,480 --> 00:09:48,980
and so the server will send back a 403
183
00:09:48,980 --> 00:09:50,610
and so basically, an error.
184
00:09:50,610 --> 00:09:52,768
And so whenever there is an error,
185
00:09:52,768 --> 00:09:55,290
Axios will trigger an error as well.
186
00:09:55,290 --> 00:09:58,680
And so, that's very handy because, with that,
187
00:09:58,680 --> 00:10:00,763
we can now use a try catch block.
188
00:10:02,660 --> 00:10:03,493
Okay?
189
00:10:03,493 --> 00:10:05,840
So basically in order to do some error handling
190
00:10:05,840 --> 00:10:07,173
here on the client side.
191
00:10:08,750 --> 00:10:09,770
So, for example,
192
00:10:09,770 --> 00:10:12,090
when the user is correctly logged in,
193
00:10:12,090 --> 00:10:14,375
then you want to display some message saying that,
194
00:10:14,375 --> 00:10:16,470
and maybe some other logic,
195
00:10:16,470 --> 00:10:19,540
but if not, well, then we're going to be entering
196
00:10:19,540 --> 00:10:20,543
the catch block,
197
00:10:21,770 --> 00:10:26,093
and can then, take some other action based on the error.
198
00:10:27,022 --> 00:10:30,272
(typing on a keyboard)
199
00:10:31,670 --> 00:10:34,023
So, let's take a look at the error as well.
200
00:10:37,480 --> 00:10:42,120
And just to make sure, I also want to log the email
201
00:10:43,200 --> 00:10:45,253
and password to the console.
202
00:10:49,130 --> 00:10:51,583
So, let's try that here.
203
00:10:52,430 --> 00:10:53,663
Reload our page,
204
00:10:55,249 --> 00:10:58,499
(typing on a keyboard)
205
00:11:02,240 --> 00:11:05,160
And I'm putting a wrong password in now, okay?
206
00:11:05,160 --> 00:11:06,993
Test one, two, three, four, five.
207
00:11:09,100 --> 00:11:12,070
Let's take a look at our console here as well.
208
00:11:12,070 --> 00:11:15,740
And we get this error here from mapbox, js,
209
00:11:15,740 --> 00:11:17,330
but don't worry about that.
210
00:11:17,330 --> 00:11:19,430
We're going to fix that a bit later again.
211
00:11:21,848 --> 00:11:24,890
Bur for now, let's take a look at what happens here.
212
00:11:24,890 --> 00:11:28,900
And here we get some nice error, alright?
213
00:11:28,900 --> 00:11:32,670
And so, actually when we need to take a look at here
214
00:11:32,670 --> 00:11:34,253
is error.response.
215
00:11:36,630 --> 00:11:38,910
And then point data.
216
00:11:38,910 --> 00:11:42,550
Okay, and you will find this here in the Axios documentation
217
00:11:42,550 --> 00:11:45,113
in case you're wondering where that is coming from.
218
00:11:46,660 --> 00:11:47,493
Alright?
219
00:11:49,290 --> 00:11:52,140
Let me actually just go ahead and copy this email because
220
00:11:53,450 --> 00:11:56,713
it's not so good to always write it out manually.
221
00:12:00,200 --> 00:12:04,263
And now we actually get some nicely formatted error here.
222
00:12:05,440 --> 00:12:06,273
Okay?
223
00:12:06,273 --> 00:12:08,810
And so this is basically exactly the jsencode
224
00:12:08,810 --> 00:12:11,310
that we sent back from our server.
225
00:12:11,310 --> 00:12:12,143
Right?
226
00:12:12,143 --> 00:12:13,320
So, this is exactly the same
227
00:12:13,320 --> 00:12:15,220
as we've been seeing in Postman.
228
00:12:15,220 --> 00:12:20,220
So we get our entire error, the message, and also the stack.
229
00:12:20,270 --> 00:12:23,420
And so we see that we probably didn't provide
230
00:12:23,420 --> 00:12:26,523
the email and password correctly for some reason.
231
00:12:27,550 --> 00:12:30,330
So let's go back, take a look.
232
00:12:30,330 --> 00:12:34,230
Oh, so I did something weird here
233
00:12:34,230 --> 00:12:36,230
where I passed an object with
234
00:12:36,230 --> 00:12:38,003
both the email and the password.
235
00:12:38,980 --> 00:12:41,060
And so I think that that's from before
236
00:12:41,060 --> 00:12:42,900
when it tried to do that alert
237
00:12:42,900 --> 00:12:45,670
and I guess I did this in the wrong place.
238
00:12:45,670 --> 00:12:49,570
And so, that's why we actually saw undefined here.
239
00:12:49,570 --> 00:12:51,260
And here we got this object.
240
00:12:51,260 --> 00:12:53,820
So basically, email was this entire object,
241
00:12:53,820 --> 00:12:56,023
and password was then this undefined.
242
00:12:58,290 --> 00:12:59,123
Okay?
243
00:12:59,123 --> 00:13:01,400
So now, this should fix it,
244
00:13:01,400 --> 00:13:02,613
give it a reload.
245
00:13:07,930 --> 00:13:10,760
Ah, now we get this correct error
246
00:13:10,760 --> 00:13:12,500
that we were actually expecting.
247
00:13:12,500 --> 00:13:15,580
So now it's an incorrect email or password
248
00:13:15,580 --> 00:13:18,880
because I specified a wrong password, alright?
249
00:13:18,880 --> 00:13:21,441
But now, let's actually remove the five
250
00:13:21,441 --> 00:13:24,973
and so then test one, two, three, four, should be correct.
251
00:13:25,860 --> 00:13:28,010
So, let's log in,
252
00:13:28,010 --> 00:13:31,810
and now we get a 200 response.
253
00:13:31,810 --> 00:13:33,253
So, a successful one.
254
00:13:34,290 --> 00:13:35,890
So let's open this
255
00:13:35,890 --> 00:13:39,410
and what we are actually interested in is the data.
256
00:13:39,410 --> 00:13:42,030
So basically response.data
257
00:13:42,030 --> 00:13:43,260
because this is then actually
258
00:13:43,260 --> 00:13:46,960
where our jsen response is located.
259
00:13:46,960 --> 00:13:48,653
So here, we get,
260
00:13:50,210 --> 00:13:55,210
this data here, and we also get the status and the token.
261
00:13:55,410 --> 00:13:59,030
And so, this is here our correct jsen web token
262
00:13:59,030 --> 00:14:01,550
corresponding to this logged in user.
263
00:14:01,550 --> 00:14:03,170
Now, what's really interesting
264
00:14:03,170 --> 00:14:05,400
is to take a look at our cookies.
265
00:14:05,400 --> 00:14:07,540
And we do that in Google Chrome at least
266
00:14:07,540 --> 00:14:09,560
by clicking on this icon here
267
00:14:09,560 --> 00:14:12,180
and then down here, you have the cookies.
268
00:14:12,180 --> 00:14:14,900
And it also says that our connection is not secure
269
00:14:14,900 --> 00:14:15,940
and that's simply because
270
00:14:15,940 --> 00:14:19,330
we're not using HTTPS at this point,
271
00:14:19,330 --> 00:14:20,920
but nevermind about that.
272
00:14:20,920 --> 00:14:23,530
What matters here is that we now have this cookie
273
00:14:24,630 --> 00:14:27,620
and indeed, it is called, jsen web token,
274
00:14:27,620 --> 00:14:31,060
and it has exactly the jsen web token
275
00:14:31,060 --> 00:14:32,203
that we see down here.
276
00:14:33,360 --> 00:14:36,620
So, this is only the end, basically, of the string,
277
00:14:36,620 --> 00:14:40,710
so you see that this is equal to what we have down here.
278
00:14:40,710 --> 00:14:43,560
And it's this cookie here, will actually enable us
279
00:14:43,560 --> 00:14:46,030
to build this entire authentication.
280
00:14:46,030 --> 00:14:49,000
Again, because the browser will not send this cookie
281
00:14:49,000 --> 00:14:51,470
along with every new request.
282
00:14:51,470 --> 00:14:55,070
And let me actually show you in our back-end.
283
00:14:55,070 --> 00:14:59,930
So let's go back there, and let's go to app.js.
284
00:14:59,930 --> 00:15:02,320
And so now we're back in our note,
285
00:15:02,320 --> 00:15:03,943
or actually in our Express code.
286
00:15:05,320 --> 00:15:07,360
Now, in order to actually get access
287
00:15:07,360 --> 00:15:09,690
to the cookies that are in our request.
288
00:15:09,690 --> 00:15:13,050
In Express, we need to install a certain middleware.
289
00:15:13,050 --> 00:15:16,630
And so we need to install that from an NPM package.
290
00:15:16,630 --> 00:15:19,960
And so that's again, come to our other terminal
291
00:15:19,960 --> 00:15:21,550
and then NPM install
292
00:15:22,660 --> 00:15:25,313
the cookie parser.
293
00:15:26,210 --> 00:15:27,043
Okay?
294
00:15:27,043 --> 00:15:29,380
So basically, this package will then parse
295
00:15:29,380 --> 00:15:31,653
all the cookies from the incoming request.
296
00:15:37,360 --> 00:15:38,193
cookieParser.
297
00:15:44,600 --> 00:15:45,680
Alright?
298
00:15:45,680 --> 00:15:50,377
And now let's actually use it close to this body parser.
299
00:15:54,770 --> 00:15:56,003
Okay?
300
00:15:56,003 --> 00:15:57,050
So these two are very similar.
301
00:15:57,050 --> 00:15:59,750
This first one parses the data from the body
302
00:15:59,750 --> 00:16:03,070
and the second one parses the data from cookies.
303
00:16:03,070 --> 00:16:06,600
And so now, if in this middleware here,
304
00:16:06,600 --> 00:16:09,803
we can use request.cookies.
305
00:16:11,470 --> 00:16:13,080
And so now for each request,
306
00:16:13,080 --> 00:16:16,593
we will always display all the cookies in the console.
307
00:16:19,360 --> 00:16:22,440
So, if we now re-load this page,
308
00:16:22,440 --> 00:16:24,490
or really any other page,
309
00:16:24,490 --> 00:16:27,283
and so let me just open this one here in a new tab.
310
00:16:29,780 --> 00:16:33,420
So, if we now go back, we should see that cookie here.
311
00:16:33,420 --> 00:16:35,820
And, indeed, here it is.
312
00:16:35,820 --> 00:16:38,810
So this is the cookie that was just sent
313
00:16:38,810 --> 00:16:42,960
into our application by loading that page in the browser.
314
00:16:42,960 --> 00:16:44,223
And if I do that again,
315
00:16:45,710 --> 00:16:49,710
then, you will see another one, right?
316
00:16:49,710 --> 00:16:51,120
So here it is.
317
00:16:51,120 --> 00:16:54,790
And so now we can use this in order to protect our route.
318
00:16:54,790 --> 00:16:56,863
Alright, so let's try that out.
319
00:16:58,860 --> 00:16:59,693
Okay?
320
00:16:59,693 --> 00:17:01,070
But before we can do that,
321
00:17:01,070 --> 00:17:03,080
we need in our off controller
322
00:17:03,080 --> 00:17:05,770
to actually add that in here as well.
323
00:17:05,770 --> 00:17:08,839
So right now, we're only reading the jsen web token
324
00:17:08,839 --> 00:17:10,502
from the authorization header.
325
00:17:11,390 --> 00:17:12,223
Right?
326
00:17:12,223 --> 00:17:15,230
And only if they start with this bearer, kay?
327
00:17:15,230 --> 00:17:17,170
So for the bearer token.
328
00:17:17,170 --> 00:17:19,640
But now, we basically also want to read
329
00:17:19,640 --> 00:17:21,970
the jsen web token from a cookie.
330
00:17:21,970 --> 00:17:25,633
And so what we can do here is basically an else if,
331
00:17:27,869 --> 00:17:30,860
so if there was no token in the authorization header,
332
00:17:30,860 --> 00:17:33,333
well, then let's take a look at the cookies.
333
00:17:34,170 --> 00:17:36,807
So request.cookies
334
00:17:36,807 --> 00:17:39,520
.jsen web token.
335
00:17:39,520 --> 00:17:42,550
So JWT, which is the name of the cookie,
336
00:17:42,550 --> 00:17:45,110
and so therefore, in the cookies object,
337
00:17:45,110 --> 00:17:47,137
there will be a property called JWT.
338
00:17:49,120 --> 00:17:51,280
So this here, right?
339
00:17:51,280 --> 00:17:55,080
And so if this exists, well,
340
00:17:55,080 --> 00:17:58,040
then the token should be exactly that.
341
00:17:58,040 --> 00:17:58,873
So request
342
00:18:00,117 --> 00:18:00,950
.cookies
343
00:18:02,085 --> 00:18:03,593
.jwt.
344
00:18:05,590 --> 00:18:06,840
Okay.
345
00:18:06,840 --> 00:18:10,400
And so now with this, we're also able to authenticate users
346
00:18:10,400 --> 00:18:13,210
based on tokens sent via cookies
347
00:18:13,210 --> 00:18:15,780
and not only the authorization header.
348
00:18:15,780 --> 00:18:16,613
Great.
349
00:18:16,613 --> 00:18:18,580
And just to test this out,
350
00:18:18,580 --> 00:18:22,610
let's actually protect one of our routes here in the view.
351
00:18:22,610 --> 00:18:27,170
And I will do that with this tour detail page, okay?
352
00:18:27,170 --> 00:18:29,460
So that's just for testing
353
00:18:29,460 --> 00:18:31,920
'cause of course it doesn't make much sense,
354
00:18:31,920 --> 00:18:33,800
but I just wanted to show you that
355
00:18:33,800 --> 00:18:36,723
as it is right now, our login is already working.
356
00:18:37,860 --> 00:18:39,993
So let's import the authController here.
357
00:18:41,708 --> 00:18:44,958
(typing on a keyboard)
358
00:18:49,884 --> 00:18:54,860
And then, just like before, edit here into this route.
359
00:18:54,860 --> 00:18:58,770
So authController.protect.
360
00:18:58,770 --> 00:19:00,930
And so this is nothing new at this point.
361
00:19:00,930 --> 00:19:03,200
And then only if the user is logged in,
362
00:19:03,200 --> 00:19:04,993
we can go to the getTour.
363
00:19:06,400 --> 00:19:07,233
Great.
364
00:19:08,460 --> 00:19:09,710
So what I'm going to do now
365
00:19:09,710 --> 00:19:12,450
is to basically delete this cookie first
366
00:19:12,450 --> 00:19:13,850
just to show you what happens
367
00:19:13,850 --> 00:19:17,293
when a non-logged in user tries to access that route now.
368
00:19:18,180 --> 00:19:20,950
And so basically, if we remove this cookie,
369
00:19:20,950 --> 00:19:24,563
it is like logging out the user, right?
370
00:19:25,730 --> 00:19:28,970
So, if you now take a look our tours,
371
00:19:28,970 --> 00:19:30,653
then that should look just fine.
372
00:19:31,700 --> 00:19:34,090
But, if we now try to access this page,
373
00:19:34,090 --> 00:19:35,580
we should get an error.
374
00:19:35,580 --> 00:19:39,443
And indeed, there it is, saying that you are not logged in.
375
00:19:40,640 --> 00:19:41,550
Fair enough.
376
00:19:41,550 --> 00:19:44,903
So let's go back and let's actually log in.
377
00:19:50,833 --> 00:19:51,666
Okay?
378
00:19:51,666 --> 00:19:52,610
So here we go.
379
00:19:52,610 --> 00:19:53,550
And then in the future,
380
00:19:53,550 --> 00:19:55,570
we will of course also implement
381
00:19:55,570 --> 00:19:58,800
like some alert windows here and all that good stuff.
382
00:19:58,800 --> 00:20:02,380
But for now, again, let's just make it work.
383
00:20:02,380 --> 00:20:04,240
And so you see that we're back
384
00:20:04,240 --> 00:20:08,550
to having our nice cookie here, okay?
385
00:20:08,550 --> 00:20:12,163
And so, let's now try to access this protected route.
386
00:20:13,370 --> 00:20:16,050
And indeed, now it works.
387
00:20:16,050 --> 00:20:20,250
Fantastic, that's really great already, right?
388
00:20:20,250 --> 00:20:22,800
Now ideally, when a user is logged in,
389
00:20:22,800 --> 00:20:26,770
we then want not to display these buttons here,
390
00:20:26,770 --> 00:20:31,240
but instead, like some user menu or a picture of the user.
391
00:20:31,240 --> 00:20:32,650
So basically showing,
392
00:20:32,650 --> 00:20:35,545
that user is actually logged in, right?
393
00:20:35,545 --> 00:20:38,090
So let's do that in the next video,
394
00:20:38,090 --> 00:20:41,220
along with bundling all our JavaScript files together
395
00:20:41,220 --> 00:20:44,090
in the front-end as I was explaining earlier.
396
00:20:44,090 --> 00:20:47,650
So don't wait, let's move straight to the next one.
397
00:20:47,650 --> 00:20:48,483
See you there.
29911
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.