Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,330 --> 00:00:03,630
Over the last lectures,
2
00:00:03,630 --> 00:00:05,290
we ensured that we can
3
00:00:05,290 --> 00:00:08,060
log in and log out and create users.
4
00:00:08,060 --> 00:00:11,200
And that we protect certain pages.
5
00:00:11,200 --> 00:00:14,260
And that we control which page can be visited,
6
00:00:14,260 --> 00:00:16,840
if we're locked in or locked out.
7
00:00:16,840 --> 00:00:19,010
That certain pages like the profile page
8
00:00:19,010 --> 00:00:22,500
can't be visited that were redirected automatically.
9
00:00:22,500 --> 00:00:24,890
And all of that works now.
10
00:00:24,890 --> 00:00:28,970
All of that works with help of the Next Auth package,
11
00:00:28,970 --> 00:00:32,600
and the session which it checks for us.
12
00:00:32,600 --> 00:00:34,390
And just to make this really clear,
13
00:00:34,390 --> 00:00:36,360
when I say session here,
14
00:00:36,360 --> 00:00:39,730
I am talking about this json web token.
15
00:00:39,730 --> 00:00:43,110
Which is managed automatically by Next Auth.
16
00:00:43,110 --> 00:00:45,040
Which is stored by Next Auth
17
00:00:45,040 --> 00:00:48,550
in our browser this cookie,
18
00:00:48,550 --> 00:00:51,210
which holds this token is created there.
19
00:00:51,210 --> 00:00:53,640
And Next Auth determines whether
20
00:00:53,640 --> 00:00:55,610
we have an active session,
21
00:00:55,610 --> 00:00:57,900
so if this user is logged in,
22
00:00:57,900 --> 00:01:00,500
by checking that cookie and that token
23
00:01:00,500 --> 00:01:02,440
that's stored in that cookie.
24
00:01:02,440 --> 00:01:05,489
That is what happens when we call getsession here,
25
00:01:05,489 --> 00:01:09,050
or in our main-navigation component
26
00:01:09,050 --> 00:01:11,560
when we use the useSession hook.
27
00:01:11,560 --> 00:01:14,093
And that's what we did up to this point.
28
00:01:14,950 --> 00:01:17,720
Now one crucial feature is missing,
29
00:01:17,720 --> 00:01:21,730
one of the main reasons for adding authentication.
30
00:01:21,730 --> 00:01:26,010
Because having this client site protection here is nice,
31
00:01:26,010 --> 00:01:28,650
protecting certain pages and making sure
32
00:01:28,650 --> 00:01:30,820
we can't reach certain pages,
33
00:01:30,820 --> 00:01:32,990
is all nice and good.
34
00:01:32,990 --> 00:01:34,410
But what really matters,
35
00:01:34,410 --> 00:01:36,810
is what we as a user can do.
36
00:01:36,810 --> 00:01:39,520
Which API routes we can hit.
37
00:01:39,520 --> 00:01:42,640
Here we got this change password example.
38
00:01:42,640 --> 00:01:44,170
But of course for example,
39
00:01:44,170 --> 00:01:45,970
if you're building an online shop,
40
00:01:45,970 --> 00:01:49,630
you might only want to allow logged in users,
41
00:01:49,630 --> 00:01:53,310
to create and delete and manage products.
42
00:01:53,310 --> 00:01:56,050
And in the interface which your website
43
00:01:56,050 --> 00:01:58,340
has for managing those products,
44
00:01:58,340 --> 00:02:01,625
you would be sending requests behind the scenes,
45
00:02:01,625 --> 00:02:04,560
to certain API end points,
46
00:02:04,560 --> 00:02:06,770
certain API routes.
47
00:02:06,770 --> 00:02:10,850
Where those requests then trigger certain operations.
48
00:02:10,850 --> 00:02:12,630
Like the creation of a product
49
00:02:12,630 --> 00:02:15,130
or the deletion of a product.
50
00:02:15,130 --> 00:02:17,870
And of course you want to make sure that,
51
00:02:17,870 --> 00:02:21,330
those requests only trigger those operations,
52
00:02:21,330 --> 00:02:24,500
if they come from authenticated users.
53
00:02:24,500 --> 00:02:28,170
So that if you have API routes in your project,
54
00:02:28,170 --> 00:02:31,200
API routes that do certain operations
55
00:02:31,200 --> 00:02:34,700
that are only allowed for authenticated users,
56
00:02:34,700 --> 00:02:38,660
that in those API routes you also verify,
57
00:02:38,660 --> 00:02:40,630
whether that request is coming
58
00:02:40,630 --> 00:02:43,330
from an authenticated user or not.
59
00:02:43,330 --> 00:02:45,870
Because even if you have full control
60
00:02:45,870 --> 00:02:47,920
over this user interface,
61
00:02:47,920 --> 00:02:52,920
requests to APIs can also be sent with other tools.
62
00:02:53,290 --> 00:02:56,530
From the command line, with tools like Postman
63
00:02:56,530 --> 00:02:59,580
which allows you to create http requests.
64
00:02:59,580 --> 00:03:03,650
So there are ways of sending requests to APIs,
65
00:03:03,650 --> 00:03:06,700
that don't require your website.
66
00:03:06,700 --> 00:03:10,170
And therefore protecting the pages on those websites,
67
00:03:10,170 --> 00:03:13,200
is one thing but we also need protection
68
00:03:13,200 --> 00:03:15,320
in those API routes.
69
00:03:15,320 --> 00:03:18,180
Where we validate incoming requests,
70
00:03:18,180 --> 00:03:21,100
and double check that this request
71
00:03:21,100 --> 00:03:24,140
is coming from an authenticated source.
72
00:03:24,140 --> 00:03:25,830
And I'm emphasizing this here,
73
00:03:25,830 --> 00:03:29,890
because this is another key part of authentication.
74
00:03:29,890 --> 00:03:32,300
It's not just about the client site,
75
00:03:32,300 --> 00:03:34,560
it is also about the server site ,
76
00:03:34,560 --> 00:03:36,950
about those API routes.
77
00:03:36,950 --> 00:03:38,940
And that's therefore what we're going to
78
00:03:38,940 --> 00:03:40,833
take a closer look at now.
5858
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.