Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,160 --> 00:00:04,610 Now it's finally time to use the login API 2 00:00:04,610 --> 00:00:06,830 that we built in previous sections 3 00:00:06,830 --> 00:00:09,100 and there is a ton of stuff to do here 4 00:00:09,100 --> 00:00:12,880 in order to make the front-end interact with the back-end. 5 00:00:12,880 --> 00:00:15,680 And so we're doing this in separate lectures. 6 00:00:15,680 --> 00:00:17,833 Anyway, let's now get started. 7 00:00:19,740 --> 00:00:21,570 And this is how it's gonna work. 8 00:00:21,570 --> 00:00:25,180 So, we're gonna allow users to log into our website 9 00:00:25,180 --> 00:00:28,990 by doing an HTTP request, or an ATEX call 10 00:00:28,990 --> 00:00:31,580 as many people like to call it also. 11 00:00:31,580 --> 00:00:35,890 And we're doing that HTTP request to the login API end point 12 00:00:35,890 --> 00:00:38,340 that we implemented before using the data 13 00:00:38,340 --> 00:00:41,820 that the user provides in this form that we have here. 14 00:00:41,820 --> 00:00:45,614 So, remember that our API will then send back a cookie 15 00:00:45,614 --> 00:00:49,010 which automatically gets stored in the browser. 16 00:00:49,010 --> 00:00:51,650 And also automatically gets send back 17 00:00:51,650 --> 00:00:53,990 with each subsequent request. 18 00:00:53,990 --> 00:00:56,950 And as you will see, this is a fundamental key 19 00:00:56,950 --> 00:01:00,040 in order to make our authentication system work. 20 00:01:00,040 --> 00:01:01,940 But anyway, since we're doing 21 00:01:01,940 --> 00:01:04,518 this HTTP request in the browser, 22 00:01:04,518 --> 00:01:09,220 we will, of course, again, be working on the client side. 23 00:01:09,220 --> 00:01:10,900 But anyway, since we're doing 24 00:01:10,900 --> 00:01:13,570 an HTTP request in the browser, 25 00:01:13,570 --> 00:01:17,010 we'll still be working on client side jobs script code. 26 00:01:17,010 --> 00:01:20,410 So just like we did with the Mapbox implementation. 27 00:01:20,410 --> 00:01:21,570 Alright? 28 00:01:21,570 --> 00:01:24,430 So let's now go ahead and create a new file here. 29 00:01:24,430 --> 00:01:29,063 And so that's in public, js, and new file, 30 00:01:30,190 --> 00:01:33,030 which I'm gonna call login.js 31 00:01:33,960 --> 00:01:36,380 and in the next video, we're actually going to bundle 32 00:01:36,380 --> 00:01:38,260 all these separate JavaScript files 33 00:01:38,260 --> 00:01:40,630 that we're creating here for the front-end 34 00:01:40,630 --> 00:01:42,970 together into one big bundle. 35 00:01:42,970 --> 00:01:43,820 Alright? 36 00:01:43,820 --> 00:01:47,240 But for now, let's actually just focus on making 37 00:01:47,240 --> 00:01:49,510 this login functionality work. 38 00:01:49,510 --> 00:01:52,820 But anyway, let's now start by adding an event listener, 39 00:01:52,820 --> 00:01:57,139 listening for the submit event on our login form, okay? 40 00:01:57,139 --> 00:02:01,260 So, our login form has this form class here. 41 00:02:01,260 --> 00:02:04,307 Okay, so let's now select this for element 42 00:02:04,307 --> 00:02:07,820 and then on there, listen for the submit event. 43 00:02:07,820 --> 00:02:10,430 I hope that you're familiar with this kind of logic 44 00:02:10,430 --> 00:02:12,510 in the client-side JavaScript. 45 00:02:12,510 --> 00:02:14,810 And so hopefully, this is nothing new for you. 46 00:02:15,810 --> 00:02:19,193 So, document.querySelector, 47 00:02:20,260 --> 00:02:23,063 which we use in order to select based on the class. 48 00:02:24,940 --> 00:02:27,040 Add then that Selector name, 49 00:02:27,040 --> 00:02:32,040 and now add EventListener, listening for the submit event. 50 00:02:32,940 --> 00:02:35,740 So basically, an event that the browser will fire off 51 00:02:35,740 --> 00:02:39,363 whenever a user clicks on the submit button on the form. 52 00:02:40,220 --> 00:02:41,810 Add then in the collect function, 53 00:02:41,810 --> 00:02:46,123 we're gonna have access to that event itself, okay? 54 00:02:47,680 --> 00:02:49,500 And so the third thing that we actually do 55 00:02:49,500 --> 00:02:52,843 is to say event.preventDefault. 56 00:02:56,770 --> 00:02:57,750 Okay? 57 00:02:57,750 --> 00:03:01,580 So this prevents the form from la-loading any other page. 58 00:03:01,580 --> 00:03:03,925 Next up, let's actually get the email 59 00:03:03,925 --> 00:03:06,740 and the password value that the user puts in. 60 00:03:06,740 --> 00:03:10,485 And so these are, in this element, with the ID email, 61 00:03:10,485 --> 00:03:13,310 and the ID password, okay? 62 00:03:13,310 --> 00:03:15,020 So these two input fields 63 00:03:15,020 --> 00:03:18,114 and let's get this data as well. 64 00:03:18,114 --> 00:03:21,364 (typing on a keyboard) 65 00:03:24,933 --> 00:03:26,440 So document, 66 00:03:26,440 --> 00:03:27,933 get element by ID. 67 00:03:29,310 --> 00:03:32,230 Email, and then we use the value property 68 00:03:32,230 --> 00:03:34,670 in order to reach that value out there. 69 00:03:34,670 --> 00:03:37,893 Not nodeValue, just value. 70 00:03:39,520 --> 00:03:42,930 Let's duplicate this line, okay? 71 00:03:42,930 --> 00:03:45,330 And so now let's do the actual logging in 72 00:03:45,330 --> 00:03:47,940 in a separate function, okay? 73 00:03:47,940 --> 00:03:49,880 Now we get here, this eslint error 74 00:03:49,880 --> 00:03:53,040 and that's again because we have eslint 75 00:03:53,040 --> 00:03:56,450 only configurated for not JS code. 76 00:03:56,450 --> 00:03:59,963 And so let's actually disable that just like we did here. 77 00:04:01,340 --> 00:04:03,233 So just grab this piece of code. 78 00:04:07,790 --> 00:04:08,630 Alright? 79 00:04:08,630 --> 00:04:09,910 And now as I was saying, 80 00:04:09,910 --> 00:04:12,123 let's now create that login function. 81 00:04:15,270 --> 00:04:16,370 So and just like this, 82 00:04:17,380 --> 00:04:19,120 and this function is going to accept 83 00:04:19,120 --> 00:04:20,519 an email and and a password. 84 00:04:24,840 --> 00:04:25,770 And first of all, 85 00:04:25,770 --> 00:04:29,080 let's just see if this code is actually working. 86 00:04:29,080 --> 00:04:30,533 So we're going to alert, 87 00:04:31,560 --> 00:04:33,740 so basically create an alert window. 88 00:04:33,740 --> 00:04:36,563 And with this email and password. 89 00:04:38,910 --> 00:04:39,743 Alright? 90 00:04:42,920 --> 00:04:45,710 Now of course we also need to call this function 91 00:04:45,710 --> 00:04:49,300 again with email and password. 92 00:04:49,300 --> 00:04:54,300 And then finally, we also need to include this login file 93 00:04:54,600 --> 00:04:58,370 into our base template, alright? 94 00:04:58,370 --> 00:05:00,600 And again, as I was saying in the beginning, 95 00:05:00,600 --> 00:05:02,340 in the next video, we're going to bundle 96 00:05:02,340 --> 00:05:04,640 all of this front-end code here together 97 00:05:04,640 --> 00:05:06,423 into one big JavaScript file. 98 00:05:07,820 --> 00:05:08,653 Alright? 99 00:05:08,653 --> 00:05:10,810 So that's a lot better for performance 100 00:05:10,810 --> 00:05:14,143 and it's also a better developer experience for ourselves. 101 00:05:15,250 --> 00:05:18,330 Anyway, this should now be working. 102 00:05:18,330 --> 00:05:20,093 Let's just reload this page here. 103 00:05:25,783 --> 00:05:27,620 So I have to fill in, validate here, 104 00:05:27,620 --> 00:05:30,563 anyway, Chrome will not even allow me to submit the form. 105 00:05:32,920 --> 00:05:35,100 Alright, so here we get our alert 106 00:05:35,100 --> 00:05:37,020 with the email we just put in 107 00:05:37,020 --> 00:05:38,860 and then the password, I guess, 108 00:05:38,860 --> 00:05:40,080 doesn't show up because 109 00:05:40,080 --> 00:05:42,983 we kind of specified two values there. 110 00:05:46,140 --> 00:05:50,470 So instead, let's specify an object here 111 00:05:50,470 --> 00:05:52,020 and see if it works then again. 112 00:05:54,072 --> 00:05:57,322 (typing on a keyboard) 113 00:06:03,770 --> 00:06:05,410 Well, I guess it tries to convert 114 00:06:05,410 --> 00:06:07,473 that object to a string here. 115 00:06:08,400 --> 00:06:11,530 Okay, but, it doesn't really matter here. 116 00:06:11,530 --> 00:06:15,573 I'm usually more used to using Console.log instead of alert. 117 00:06:16,530 --> 00:06:17,900 Alright? 118 00:06:17,900 --> 00:06:20,960 But anyway, I'm sure it's working now here. 119 00:06:20,960 --> 00:06:23,783 And so let's now go ahead and create this function. 120 00:06:24,640 --> 00:06:28,910 So, in order to do these HTTP requests for the login, 121 00:06:28,910 --> 00:06:29,890 we are going to use 122 00:06:29,890 --> 00:06:34,130 a very popular library called Axios, okay? 123 00:06:34,130 --> 00:06:36,430 And in the next video we're actually going to download 124 00:06:36,430 --> 00:06:39,460 this library from NPM and bundle it together 125 00:06:39,460 --> 00:06:41,000 with all our other scripts, 126 00:06:41,000 --> 00:06:43,713 but for now, let's use it from a CDN. 127 00:06:45,240 --> 00:06:48,860 So, let's just Google 128 00:06:48,860 --> 00:06:52,260 Axios CDN, alright? 129 00:06:52,260 --> 00:06:55,513 Then, go ahead and copy this one here, 130 00:06:57,650 --> 00:06:59,403 and then, in our base script, 131 00:07:00,610 --> 00:07:04,583 let's put it right here at the first one, alright? 132 00:07:06,230 --> 00:07:07,300 So this will then expose 133 00:07:07,300 --> 00:07:10,080 an Axios object to the global scope, 134 00:07:10,080 --> 00:07:14,500 which we can then use in our login function, okay? 135 00:07:14,500 --> 00:07:17,123 And so we can then now say Axios, 136 00:07:18,000 --> 00:07:21,003 and then pass in the options for our request. 137 00:07:22,320 --> 00:07:26,380 So first off, let's say that we're doing a post-request. 138 00:07:26,380 --> 00:07:28,593 Then, we need a URL. 139 00:07:29,770 --> 00:07:31,140 Alright? 140 00:07:31,140 --> 00:07:33,313 So let's actually get that from Postman. 141 00:07:39,530 --> 00:07:41,543 So, this is our URL here. 142 00:07:43,250 --> 00:07:45,040 And we're also going to, of course, 143 00:07:45,040 --> 00:07:47,853 append the host then on there. 144 00:07:49,400 --> 00:07:52,910 So then here of course, it is http 145 00:07:55,440 --> 00:07:57,093 and then local host basically. 146 00:08:01,250 --> 00:08:02,530 And, 147 00:08:02,530 --> 00:08:05,260 so this is our login input, 148 00:08:05,260 --> 00:08:07,490 and now we need to specify the data 149 00:08:07,490 --> 00:08:10,473 that we're sending along with the request in the body. 150 00:08:13,040 --> 00:08:13,873 Alright? 151 00:08:13,873 --> 00:08:17,870 And so that is email: email. 152 00:08:17,870 --> 00:08:21,600 And so, as you already know, we can remove this email. 153 00:08:21,600 --> 00:08:22,433 Okay? 154 00:08:22,433 --> 00:08:24,810 So it's called email here, because our end point 155 00:08:24,810 --> 00:08:29,210 expects the data to be called email, right? 156 00:08:29,210 --> 00:08:31,250 So that's what we have here in the body. 157 00:08:31,250 --> 00:08:33,996 We need to specify a property called email, 158 00:08:33,996 --> 00:08:35,789 and one called password. 159 00:08:35,789 --> 00:08:37,830 And so that's exactly what we're doing here 160 00:08:37,830 --> 00:08:41,630 but it then has the same name as this parameter here. 161 00:08:41,630 --> 00:08:44,030 And so it's enough to just say email 162 00:08:45,000 --> 00:08:48,123 and the same applies for the password. 163 00:08:49,720 --> 00:08:50,760 Okay? 164 00:08:50,760 --> 00:08:53,350 Now, Axios here then returns a promise 165 00:08:53,350 --> 00:08:55,890 and so let's actually use a single await 166 00:08:55,890 --> 00:08:59,210 in order to wait for that value to come back. 167 00:08:59,210 --> 00:09:04,210 So await here, and then async right here. 168 00:09:05,110 --> 00:09:07,950 Now, keep in mind that this is client-facing code 169 00:09:07,950 --> 00:09:09,750 and only the more modern browsers 170 00:09:09,750 --> 00:09:12,290 can actually run a single await functions 171 00:09:12,290 --> 00:09:15,573 but in this course, I'm not really going to go into that. 172 00:09:17,130 --> 00:09:18,310 Okay? 173 00:09:18,310 --> 00:09:22,510 Anyways, let's save the result of this awaiting the promise 174 00:09:22,510 --> 00:09:25,640 into the result variable. 175 00:09:25,640 --> 00:09:28,623 And then just, to take a look at the result, 176 00:09:30,000 --> 00:09:33,453 let's say console.log result. 177 00:09:34,500 --> 00:09:35,333 Okay? 178 00:09:35,333 --> 00:09:37,870 Now one thing that I really like about Axios 179 00:09:37,870 --> 00:09:40,240 is the fact that it's going to throw an error 180 00:09:40,240 --> 00:09:43,780 whenever we get an error back from our API input. 181 00:09:43,780 --> 00:09:46,480 So let's say that there is a wrong password 182 00:09:46,480 --> 00:09:48,980 and so the server will send back a 403 183 00:09:48,980 --> 00:09:50,610 and so basically, an error. 184 00:09:50,610 --> 00:09:52,768 And so whenever there is an error, 185 00:09:52,768 --> 00:09:55,290 Axios will trigger an error as well. 186 00:09:55,290 --> 00:09:58,680 And so, that's very handy because, with that, 187 00:09:58,680 --> 00:10:00,763 we can now use a try catch block. 188 00:10:02,660 --> 00:10:03,493 Okay? 189 00:10:03,493 --> 00:10:05,840 So basically in order to do some error handling 190 00:10:05,840 --> 00:10:07,173 here on the client side. 191 00:10:08,750 --> 00:10:09,770 So, for example, 192 00:10:09,770 --> 00:10:12,090 when the user is correctly logged in, 193 00:10:12,090 --> 00:10:14,375 then you want to display some message saying that, 194 00:10:14,375 --> 00:10:16,470 and maybe some other logic, 195 00:10:16,470 --> 00:10:19,540 but if not, well, then we're going to be entering 196 00:10:19,540 --> 00:10:20,543 the catch block, 197 00:10:21,770 --> 00:10:26,093 and can then, take some other action based on the error. 198 00:10:27,022 --> 00:10:30,272 (typing on a keyboard) 199 00:10:31,670 --> 00:10:34,023 So, let's take a look at the error as well. 200 00:10:37,480 --> 00:10:42,120 And just to make sure, I also want to log the email 201 00:10:43,200 --> 00:10:45,253 and password to the console. 202 00:10:49,130 --> 00:10:51,583 So, let's try that here. 203 00:10:52,430 --> 00:10:53,663 Reload our page, 204 00:10:55,249 --> 00:10:58,499 (typing on a keyboard) 205 00:11:02,240 --> 00:11:05,160 And I'm putting a wrong password in now, okay? 206 00:11:05,160 --> 00:11:06,993 Test one, two, three, four, five. 207 00:11:09,100 --> 00:11:12,070 Let's take a look at our console here as well. 208 00:11:12,070 --> 00:11:15,740 And we get this error here from mapbox, js, 209 00:11:15,740 --> 00:11:17,330 but don't worry about that. 210 00:11:17,330 --> 00:11:19,430 We're going to fix that a bit later again. 211 00:11:21,848 --> 00:11:24,890 Bur for now, let's take a look at what happens here. 212 00:11:24,890 --> 00:11:28,900 And here we get some nice error, alright? 213 00:11:28,900 --> 00:11:32,670 And so, actually when we need to take a look at here 214 00:11:32,670 --> 00:11:34,253 is error.response. 215 00:11:36,630 --> 00:11:38,910 And then point data. 216 00:11:38,910 --> 00:11:42,550 Okay, and you will find this here in the Axios documentation 217 00:11:42,550 --> 00:11:45,113 in case you're wondering where that is coming from. 218 00:11:46,660 --> 00:11:47,493 Alright? 219 00:11:49,290 --> 00:11:52,140 Let me actually just go ahead and copy this email because 220 00:11:53,450 --> 00:11:56,713 it's not so good to always write it out manually. 221 00:12:00,200 --> 00:12:04,263 And now we actually get some nicely formatted error here. 222 00:12:05,440 --> 00:12:06,273 Okay? 223 00:12:06,273 --> 00:12:08,810 And so this is basically exactly the jsencode 224 00:12:08,810 --> 00:12:11,310 that we sent back from our server. 225 00:12:11,310 --> 00:12:12,143 Right? 226 00:12:12,143 --> 00:12:13,320 So, this is exactly the same 227 00:12:13,320 --> 00:12:15,220 as we've been seeing in Postman. 228 00:12:15,220 --> 00:12:20,220 So we get our entire error, the message, and also the stack. 229 00:12:20,270 --> 00:12:23,420 And so we see that we probably didn't provide 230 00:12:23,420 --> 00:12:26,523 the email and password correctly for some reason. 231 00:12:27,550 --> 00:12:30,330 So let's go back, take a look. 232 00:12:30,330 --> 00:12:34,230 Oh, so I did something weird here 233 00:12:34,230 --> 00:12:36,230 where I passed an object with 234 00:12:36,230 --> 00:12:38,003 both the email and the password. 235 00:12:38,980 --> 00:12:41,060 And so I think that that's from before 236 00:12:41,060 --> 00:12:42,900 when it tried to do that alert 237 00:12:42,900 --> 00:12:45,670 and I guess I did this in the wrong place. 238 00:12:45,670 --> 00:12:49,570 And so, that's why we actually saw undefined here. 239 00:12:49,570 --> 00:12:51,260 And here we got this object. 240 00:12:51,260 --> 00:12:53,820 So basically, email was this entire object, 241 00:12:53,820 --> 00:12:56,023 and password was then this undefined. 242 00:12:58,290 --> 00:12:59,123 Okay? 243 00:12:59,123 --> 00:13:01,400 So now, this should fix it, 244 00:13:01,400 --> 00:13:02,613 give it a reload. 245 00:13:07,930 --> 00:13:10,760 Ah, now we get this correct error 246 00:13:10,760 --> 00:13:12,500 that we were actually expecting. 247 00:13:12,500 --> 00:13:15,580 So now it's an incorrect email or password 248 00:13:15,580 --> 00:13:18,880 because I specified a wrong password, alright? 249 00:13:18,880 --> 00:13:21,441 But now, let's actually remove the five 250 00:13:21,441 --> 00:13:24,973 and so then test one, two, three, four, should be correct. 251 00:13:25,860 --> 00:13:28,010 So, let's log in, 252 00:13:28,010 --> 00:13:31,810 and now we get a 200 response. 253 00:13:31,810 --> 00:13:33,253 So, a successful one. 254 00:13:34,290 --> 00:13:35,890 So let's open this 255 00:13:35,890 --> 00:13:39,410 and what we are actually interested in is the data. 256 00:13:39,410 --> 00:13:42,030 So basically response.data 257 00:13:42,030 --> 00:13:43,260 because this is then actually 258 00:13:43,260 --> 00:13:46,960 where our jsen response is located. 259 00:13:46,960 --> 00:13:48,653 So here, we get, 260 00:13:50,210 --> 00:13:55,210 this data here, and we also get the status and the token. 261 00:13:55,410 --> 00:13:59,030 And so, this is here our correct jsen web token 262 00:13:59,030 --> 00:14:01,550 corresponding to this logged in user. 263 00:14:01,550 --> 00:14:03,170 Now, what's really interesting 264 00:14:03,170 --> 00:14:05,400 is to take a look at our cookies. 265 00:14:05,400 --> 00:14:07,540 And we do that in Google Chrome at least 266 00:14:07,540 --> 00:14:09,560 by clicking on this icon here 267 00:14:09,560 --> 00:14:12,180 and then down here, you have the cookies. 268 00:14:12,180 --> 00:14:14,900 And it also says that our connection is not secure 269 00:14:14,900 --> 00:14:15,940 and that's simply because 270 00:14:15,940 --> 00:14:19,330 we're not using HTTPS at this point, 271 00:14:19,330 --> 00:14:20,920 but nevermind about that. 272 00:14:20,920 --> 00:14:23,530 What matters here is that we now have this cookie 273 00:14:24,630 --> 00:14:27,620 and indeed, it is called, jsen web token, 274 00:14:27,620 --> 00:14:31,060 and it has exactly the jsen web token 275 00:14:31,060 --> 00:14:32,203 that we see down here. 276 00:14:33,360 --> 00:14:36,620 So, this is only the end, basically, of the string, 277 00:14:36,620 --> 00:14:40,710 so you see that this is equal to what we have down here. 278 00:14:40,710 --> 00:14:43,560 And it's this cookie here, will actually enable us 279 00:14:43,560 --> 00:14:46,030 to build this entire authentication. 280 00:14:46,030 --> 00:14:49,000 Again, because the browser will not send this cookie 281 00:14:49,000 --> 00:14:51,470 along with every new request. 282 00:14:51,470 --> 00:14:55,070 And let me actually show you in our back-end. 283 00:14:55,070 --> 00:14:59,930 So let's go back there, and let's go to app.js. 284 00:14:59,930 --> 00:15:02,320 And so now we're back in our note, 285 00:15:02,320 --> 00:15:03,943 or actually in our Express code. 286 00:15:05,320 --> 00:15:07,360 Now, in order to actually get access 287 00:15:07,360 --> 00:15:09,690 to the cookies that are in our request. 288 00:15:09,690 --> 00:15:13,050 In Express, we need to install a certain middleware. 289 00:15:13,050 --> 00:15:16,630 And so we need to install that from an NPM package. 290 00:15:16,630 --> 00:15:19,960 And so that's again, come to our other terminal 291 00:15:19,960 --> 00:15:21,550 and then NPM install 292 00:15:22,660 --> 00:15:25,313 the cookie parser. 293 00:15:26,210 --> 00:15:27,043 Okay? 294 00:15:27,043 --> 00:15:29,380 So basically, this package will then parse 295 00:15:29,380 --> 00:15:31,653 all the cookies from the incoming request. 296 00:15:37,360 --> 00:15:38,193 cookieParser. 297 00:15:44,600 --> 00:15:45,680 Alright? 298 00:15:45,680 --> 00:15:50,377 And now let's actually use it close to this body parser. 299 00:15:54,770 --> 00:15:56,003 Okay? 300 00:15:56,003 --> 00:15:57,050 So these two are very similar. 301 00:15:57,050 --> 00:15:59,750 This first one parses the data from the body 302 00:15:59,750 --> 00:16:03,070 and the second one parses the data from cookies. 303 00:16:03,070 --> 00:16:06,600 And so now, if in this middleware here, 304 00:16:06,600 --> 00:16:09,803 we can use request.cookies. 305 00:16:11,470 --> 00:16:13,080 And so now for each request, 306 00:16:13,080 --> 00:16:16,593 we will always display all the cookies in the console. 307 00:16:19,360 --> 00:16:22,440 So, if we now re-load this page, 308 00:16:22,440 --> 00:16:24,490 or really any other page, 309 00:16:24,490 --> 00:16:27,283 and so let me just open this one here in a new tab. 310 00:16:29,780 --> 00:16:33,420 So, if we now go back, we should see that cookie here. 311 00:16:33,420 --> 00:16:35,820 And, indeed, here it is. 312 00:16:35,820 --> 00:16:38,810 So this is the cookie that was just sent 313 00:16:38,810 --> 00:16:42,960 into our application by loading that page in the browser. 314 00:16:42,960 --> 00:16:44,223 And if I do that again, 315 00:16:45,710 --> 00:16:49,710 then, you will see another one, right? 316 00:16:49,710 --> 00:16:51,120 So here it is. 317 00:16:51,120 --> 00:16:54,790 And so now we can use this in order to protect our route. 318 00:16:54,790 --> 00:16:56,863 Alright, so let's try that out. 319 00:16:58,860 --> 00:16:59,693 Okay? 320 00:16:59,693 --> 00:17:01,070 But before we can do that, 321 00:17:01,070 --> 00:17:03,080 we need in our off controller 322 00:17:03,080 --> 00:17:05,770 to actually add that in here as well. 323 00:17:05,770 --> 00:17:08,839 So right now, we're only reading the jsen web token 324 00:17:08,839 --> 00:17:10,502 from the authorization header. 325 00:17:11,390 --> 00:17:12,223 Right? 326 00:17:12,223 --> 00:17:15,230 And only if they start with this bearer, kay? 327 00:17:15,230 --> 00:17:17,170 So for the bearer token. 328 00:17:17,170 --> 00:17:19,640 But now, we basically also want to read 329 00:17:19,640 --> 00:17:21,970 the jsen web token from a cookie. 330 00:17:21,970 --> 00:17:25,633 And so what we can do here is basically an else if, 331 00:17:27,869 --> 00:17:30,860 so if there was no token in the authorization header, 332 00:17:30,860 --> 00:17:33,333 well, then let's take a look at the cookies. 333 00:17:34,170 --> 00:17:36,807 So request.cookies 334 00:17:36,807 --> 00:17:39,520 .jsen web token. 335 00:17:39,520 --> 00:17:42,550 So JWT, which is the name of the cookie, 336 00:17:42,550 --> 00:17:45,110 and so therefore, in the cookies object, 337 00:17:45,110 --> 00:17:47,137 there will be a property called JWT. 338 00:17:49,120 --> 00:17:51,280 So this here, right? 339 00:17:51,280 --> 00:17:55,080 And so if this exists, well, 340 00:17:55,080 --> 00:17:58,040 then the token should be exactly that. 341 00:17:58,040 --> 00:17:58,873 So request 342 00:18:00,117 --> 00:18:00,950 .cookies 343 00:18:02,085 --> 00:18:03,593 .jwt. 344 00:18:05,590 --> 00:18:06,840 Okay. 345 00:18:06,840 --> 00:18:10,400 And so now with this, we're also able to authenticate users 346 00:18:10,400 --> 00:18:13,210 based on tokens sent via cookies 347 00:18:13,210 --> 00:18:15,780 and not only the authorization header. 348 00:18:15,780 --> 00:18:16,613 Great. 349 00:18:16,613 --> 00:18:18,580 And just to test this out, 350 00:18:18,580 --> 00:18:22,610 let's actually protect one of our routes here in the view. 351 00:18:22,610 --> 00:18:27,170 And I will do that with this tour detail page, okay? 352 00:18:27,170 --> 00:18:29,460 So that's just for testing 353 00:18:29,460 --> 00:18:31,920 'cause of course it doesn't make much sense, 354 00:18:31,920 --> 00:18:33,800 but I just wanted to show you that 355 00:18:33,800 --> 00:18:36,723 as it is right now, our login is already working. 356 00:18:37,860 --> 00:18:39,993 So let's import the authController here. 357 00:18:41,708 --> 00:18:44,958 (typing on a keyboard) 358 00:18:49,884 --> 00:18:54,860 And then, just like before, edit here into this route. 359 00:18:54,860 --> 00:18:58,770 So authController.protect. 360 00:18:58,770 --> 00:19:00,930 And so this is nothing new at this point. 361 00:19:00,930 --> 00:19:03,200 And then only if the user is logged in, 362 00:19:03,200 --> 00:19:04,993 we can go to the getTour. 363 00:19:06,400 --> 00:19:07,233 Great. 364 00:19:08,460 --> 00:19:09,710 So what I'm going to do now 365 00:19:09,710 --> 00:19:12,450 is to basically delete this cookie first 366 00:19:12,450 --> 00:19:13,850 just to show you what happens 367 00:19:13,850 --> 00:19:17,293 when a non-logged in user tries to access that route now. 368 00:19:18,180 --> 00:19:20,950 And so basically, if we remove this cookie, 369 00:19:20,950 --> 00:19:24,563 it is like logging out the user, right? 370 00:19:25,730 --> 00:19:28,970 So, if you now take a look our tours, 371 00:19:28,970 --> 00:19:30,653 then that should look just fine. 372 00:19:31,700 --> 00:19:34,090 But, if we now try to access this page, 373 00:19:34,090 --> 00:19:35,580 we should get an error. 374 00:19:35,580 --> 00:19:39,443 And indeed, there it is, saying that you are not logged in. 375 00:19:40,640 --> 00:19:41,550 Fair enough. 376 00:19:41,550 --> 00:19:44,903 So let's go back and let's actually log in. 377 00:19:50,833 --> 00:19:51,666 Okay? 378 00:19:51,666 --> 00:19:52,610 So here we go. 379 00:19:52,610 --> 00:19:53,550 And then in the future, 380 00:19:53,550 --> 00:19:55,570 we will of course also implement 381 00:19:55,570 --> 00:19:58,800 like some alert windows here and all that good stuff. 382 00:19:58,800 --> 00:20:02,380 But for now, again, let's just make it work. 383 00:20:02,380 --> 00:20:04,240 And so you see that we're back 384 00:20:04,240 --> 00:20:08,550 to having our nice cookie here, okay? 385 00:20:08,550 --> 00:20:12,163 And so, let's now try to access this protected route. 386 00:20:13,370 --> 00:20:16,050 And indeed, now it works. 387 00:20:16,050 --> 00:20:20,250 Fantastic, that's really great already, right? 388 00:20:20,250 --> 00:20:22,800 Now ideally, when a user is logged in, 389 00:20:22,800 --> 00:20:26,770 we then want not to display these buttons here, 390 00:20:26,770 --> 00:20:31,240 but instead, like some user menu or a picture of the user. 391 00:20:31,240 --> 00:20:32,650 So basically showing, 392 00:20:32,650 --> 00:20:35,545 that user is actually logged in, right? 393 00:20:35,545 --> 00:20:38,090 So let's do that in the next video, 394 00:20:38,090 --> 00:20:41,220 along with bundling all our JavaScript files together 395 00:20:41,220 --> 00:20:44,090 in the front-end as I was explaining earlier. 396 00:20:44,090 --> 00:20:47,650 So don't wait, let's move straight to the next one. 397 00:20:47,650 --> 00:20:48,483 See you there. 29911