Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,290 --> 00:00:03,730 All right, so let's now create 2 00:00:03,730 --> 00:00:06,670 those new users, based on the model that 3 00:00:06,670 --> 00:00:09,093 we just implemented in the last video. 4 00:00:10,630 --> 00:00:14,180 So, we will do most of the user-related stuff 5 00:00:14,180 --> 00:00:17,350 like creating new users, logging users in, 6 00:00:17,350 --> 00:00:20,933 or updating passwords in the authentication controller. 7 00:00:22,190 --> 00:00:25,800 So all of the stuff that's related to authentication really, 8 00:00:25,800 --> 00:00:28,550 is not gonna be in the user controller 9 00:00:28,550 --> 00:00:30,250 that we actually created before, 10 00:00:30,250 --> 00:00:33,313 but instead we will create an authentication controller. 11 00:00:35,070 --> 00:00:36,990 So all the functions that are related 12 00:00:36,990 --> 00:00:38,943 to authentication will go here. 13 00:00:41,860 --> 00:00:44,300 And this will make a bit more sense later on, 14 00:00:44,300 --> 00:00:46,530 when we then start using all the functions 15 00:00:46,530 --> 00:00:48,103 that I'm gonna put in here. 16 00:00:49,500 --> 00:00:51,560 And now, the first thing that we need to do, 17 00:00:51,560 --> 00:00:53,983 is to import our user, 18 00:00:57,870 --> 00:01:00,610 so our user model of course, 19 00:01:00,610 --> 00:01:05,610 and that is at one level up, then it should be in models, 20 00:01:07,250 --> 00:01:08,577 and then userModel. 21 00:01:09,450 --> 00:01:10,283 All right. 22 00:01:12,490 --> 00:01:16,500 So, let's create and export our very first controller. 23 00:01:16,500 --> 00:01:18,347 And I'm gonna call this one signup. 24 00:01:20,020 --> 00:01:22,990 And so you see that I'm not calling it create user, 25 00:01:22,990 --> 00:01:25,060 like I did in a tour controller, 26 00:01:25,060 --> 00:01:27,300 but really I'm calling it signup because 27 00:01:27,300 --> 00:01:29,700 that's the name that has a bit more meaning 28 00:01:29,700 --> 00:01:31,913 in the context of authentication. 29 00:01:33,360 --> 00:01:36,510 So it's gonna be an async function of course, 30 00:01:36,510 --> 00:01:38,973 because we're gonna do some database operations. 31 00:01:42,190 --> 00:01:44,913 Then request, respond, and next as always, 32 00:01:46,000 --> 00:01:49,650 and then in here is where we create the new user. 33 00:01:49,650 --> 00:01:52,573 And so that's very similar to what we did before. 34 00:01:53,460 --> 00:01:55,590 So this time it's called newUser, 35 00:01:55,590 --> 00:01:57,070 and then remember how we create 36 00:01:57,070 --> 00:02:00,090 a new document based on a model. 37 00:02:00,090 --> 00:02:02,210 So we use the model name of course, 38 00:02:02,210 --> 00:02:04,610 which in this case is User, and then 39 00:02:04,610 --> 00:02:07,163 on that we use the create method. 40 00:02:08,740 --> 00:02:10,020 And then all we need to do is to 41 00:02:10,020 --> 00:02:12,150 pass in an object with the data 42 00:02:12,150 --> 00:02:14,353 from which the user should be created. 43 00:02:15,380 --> 00:02:20,093 And so just like before, that data is actually in req.body. 44 00:02:21,070 --> 00:02:23,430 And so all of this is gonna return a Promise, 45 00:02:23,430 --> 00:02:25,920 and so we need to await that, 46 00:02:25,920 --> 00:02:28,683 and so that's the reason why this is an async function. 47 00:02:30,150 --> 00:02:32,403 And I see that up here, we need exports. 48 00:02:34,374 --> 00:02:36,740 And now in the next step, we will then 49 00:02:36,740 --> 00:02:40,310 actually send that newUser to the client. 50 00:02:40,310 --> 00:02:45,283 So res.status, which is 201 for created, 51 00:02:46,720 --> 00:02:48,453 and then our JSON object. 52 00:02:52,160 --> 00:02:53,763 So that is success again, 53 00:02:55,010 --> 00:02:58,250 and then our data property which is again 54 00:02:58,250 --> 00:02:59,690 called an envelope here, 55 00:02:59,690 --> 00:03:03,510 so a property that is gonna contain the data itself. 56 00:03:03,510 --> 00:03:05,770 And the data is now called user, 57 00:03:05,770 --> 00:03:07,723 when before it was called tour, 58 00:03:09,105 --> 00:03:12,323 and so what we're gonna send in here is the newUser. 59 00:03:13,890 --> 00:03:16,270 Give it a save, and before we try this out, 60 00:03:16,270 --> 00:03:18,810 remember that this is an async function, 61 00:03:18,810 --> 00:03:21,393 and so we need to think about error handling here. 62 00:03:22,500 --> 00:03:24,470 So what do we need to do here? 63 00:03:24,470 --> 00:03:26,840 Well, we need to wrap this entire function 64 00:03:26,840 --> 00:03:29,770 that we just created into the catchAsync function 65 00:03:29,770 --> 00:03:31,570 that we created in the last section. 66 00:03:32,810 --> 00:03:37,160 So remember how we did that in the tourController, 67 00:03:37,160 --> 00:03:39,640 where all of the functions that are asynchronous 68 00:03:39,640 --> 00:03:42,740 are wrapped into this catchAsync function 69 00:03:42,740 --> 00:03:43,900 so that we don't have to write 70 00:03:43,900 --> 00:03:47,640 the try catch block in each and every function here. 71 00:03:47,640 --> 00:03:49,440 Remember that from the last section? 72 00:03:50,410 --> 00:03:52,450 So actually I'm gonna go ahead 73 00:03:52,450 --> 00:03:55,963 and copy this require statement here. 74 00:04:00,190 --> 00:04:02,353 So a bit lazy sometimes, 75 00:04:03,220 --> 00:04:07,253 not feel like writing the same code over and over again, 76 00:04:08,360 --> 00:04:12,570 so catchAsync, and then we need to 77 00:04:12,570 --> 00:04:16,303 close that down right here in the end. 78 00:04:18,793 --> 00:04:20,220 And now, all we need to do is to 79 00:04:20,220 --> 00:04:22,393 actually implement the route so that 80 00:04:22,393 --> 00:04:25,440 this signup handler here then can get called. 81 00:04:25,440 --> 00:04:27,650 And so let's go to our userRoutes, 82 00:04:27,650 --> 00:04:31,400 which we actually already created sometime before, 83 00:04:31,400 --> 00:04:33,923 and we already have some routes in here. 84 00:04:34,930 --> 00:04:37,653 But actually I'm gonna create a new one here now. 85 00:04:43,990 --> 00:04:46,700 And as I mentioned right in the beginning of this video, 86 00:04:46,700 --> 00:04:48,700 the user resource is a bit different 87 00:04:48,700 --> 00:04:50,290 from all the other resources. 88 00:04:50,290 --> 00:04:52,730 Again, because it really has to do with 89 00:04:52,730 --> 00:04:54,680 all things authentication. 90 00:04:54,680 --> 00:04:57,010 And so we have a different controller for that 91 00:04:57,010 --> 00:05:00,410 so the authController, the function names 92 00:05:00,410 --> 00:05:02,110 also have some different names, 93 00:05:02,110 --> 00:05:05,143 and so we will actually also have a special route. 94 00:05:08,540 --> 00:05:11,770 Let's say router.post, 95 00:05:11,770 --> 00:05:15,313 and then we will create a route for signup, so /signup, 96 00:05:18,450 --> 00:05:20,270 and then this is where we will use 97 00:05:20,270 --> 00:05:22,370 that function that we just created before. 98 00:05:23,260 --> 00:05:24,800 And of course before we can do that 99 00:05:24,800 --> 00:05:27,963 we need to require that authentication controller. 100 00:05:29,520 --> 00:05:32,040 So let's just duplicate this line here 101 00:05:32,040 --> 00:05:37,040 and replace user in two places, 102 00:05:37,440 --> 00:05:39,713 and so here we have our authController, 103 00:05:41,416 --> 00:05:42,716 and so let's now use that. 104 00:05:44,340 --> 00:05:45,173 .signup. 105 00:05:47,050 --> 00:05:49,790 So as you see, the signup is really 106 00:05:49,790 --> 00:05:51,410 kind of a special endpoint. 107 00:05:51,410 --> 00:05:53,560 It doesn't fit the REST architecture 108 00:05:53,560 --> 00:05:55,070 that we talked about before, 109 00:05:55,070 --> 00:05:57,920 because in this case it doesn't make much sense. 110 00:05:57,920 --> 00:06:00,030 And so remember how we said that 111 00:06:00,030 --> 00:06:02,690 in some special cases, we of course can create 112 00:06:02,690 --> 00:06:07,690 other endpoints that do not 100% fit that REST philosophy 113 00:06:07,980 --> 00:06:09,853 that is basically implemented here. 114 00:06:10,950 --> 00:06:15,040 So this here of course follows 100% the REST philosophy, 115 00:06:15,040 --> 00:06:17,790 where the name of the URL has nothing to do 116 00:06:17,790 --> 00:06:19,950 with the action that is actually performed. 117 00:06:19,950 --> 00:06:22,080 While up here, of course, it has. 118 00:06:22,080 --> 00:06:23,960 So the name of the route is signup 119 00:06:23,960 --> 00:06:25,953 because we are signing up users. 120 00:06:26,880 --> 00:06:28,760 And also down here we have implemented 121 00:06:28,760 --> 00:06:30,940 all of these different HTTP warps 122 00:06:31,810 --> 00:06:34,773 but in here for signup, we only really need POST. 123 00:06:35,668 --> 00:06:38,520 So we cannot really get data from signup, 124 00:06:38,520 --> 00:06:41,810 or we cannot patch patch a signup, so not update it. 125 00:06:41,810 --> 00:06:43,170 Doesn't really make sense, 126 00:06:43,170 --> 00:06:45,140 and so in this case all we want to do 127 00:06:45,140 --> 00:06:47,160 is to have a route for signup, 128 00:06:47,160 --> 00:06:48,953 where we can only POST data. 129 00:06:50,170 --> 00:06:52,370 Because again, it makes only sense 130 00:06:52,370 --> 00:06:54,740 to actually send data to this route, 131 00:06:54,740 --> 00:06:57,820 so that the new user is then created. 132 00:06:57,820 --> 00:07:00,240 And we will have different routes similar to this one, 133 00:07:00,240 --> 00:07:03,820 like for login, or for reset password, 134 00:07:03,820 --> 00:07:06,003 and all kinds of stuff like that. 135 00:07:07,163 --> 00:07:10,150 And we will also keep these routes here 136 00:07:10,150 --> 00:07:12,930 so the ones in a more REST format, 137 00:07:12,930 --> 00:07:15,180 because there's also the possibility 138 00:07:15,180 --> 00:07:18,370 of a system administrator updating or deleting 139 00:07:18,370 --> 00:07:21,423 or getting all the users based on their ID. 140 00:07:22,620 --> 00:07:24,590 But we will take care of that later, 141 00:07:24,590 --> 00:07:25,890 for now we just want to implement 142 00:07:25,890 --> 00:07:28,970 all the functions that are about authentication. 143 00:07:28,970 --> 00:07:30,620 So basically functions that are 144 00:07:30,620 --> 00:07:33,340 only relevant for the user itself. 145 00:07:33,340 --> 00:07:36,180 So it's not an admin that is gonna sign up a user, 146 00:07:36,180 --> 00:07:38,730 or it's not an admin that's gonna login a user, 147 00:07:38,730 --> 00:07:41,580 but instead, it's the own user that's gonna 148 00:07:41,580 --> 00:07:45,040 sign up himself, or log in himself. 149 00:07:45,040 --> 00:07:46,613 Okay, does that make sense? 150 00:07:47,570 --> 00:07:50,160 So we should have everything in place now, 151 00:07:50,160 --> 00:07:53,830 so that it should now work when we create our new user. 152 00:07:53,830 --> 00:07:57,270 So when we sign up basically, for our application. 153 00:07:57,270 --> 00:07:58,683 So let's try that now. 154 00:08:01,020 --> 00:08:02,447 Let's just copy this URL, 155 00:08:06,610 --> 00:08:08,393 users, and then, signup. 156 00:08:11,743 --> 00:08:13,710 Then we need to specify the Body, 157 00:08:14,640 --> 00:08:19,190 we say raw, and then JSON. 158 00:08:19,190 --> 00:08:20,720 Oh and also, don't forget of course, 159 00:08:20,720 --> 00:08:22,223 to set this one to POST. 160 00:08:25,478 --> 00:08:27,830 So, what data do we need here? 161 00:08:27,830 --> 00:08:30,293 Remember, first one is the name, 162 00:08:34,710 --> 00:08:39,710 then the email, and I'm putting my own here actually, 163 00:08:46,211 --> 00:08:49,211 then the password, and so let's just 164 00:08:50,360 --> 00:08:52,560 do something here, it doesn't really matter. 165 00:08:54,850 --> 00:08:56,330 And again, we're gonna talk about 166 00:08:56,330 --> 00:08:58,383 password management a bit later, 167 00:08:59,290 --> 00:09:01,140 and actually right in the next video. 168 00:09:02,420 --> 00:09:04,960 So now this one here should be the same. 169 00:09:04,960 --> 00:09:08,143 So pass1234, just as a test. 170 00:09:09,287 --> 00:09:11,820 And the photo remember is not required, 171 00:09:11,820 --> 00:09:13,663 and so I'm not doing that. 172 00:09:15,040 --> 00:09:16,133 And so let's see now. 173 00:09:17,990 --> 00:09:20,180 And now we get this error here, 174 00:09:20,180 --> 00:09:22,853 and that's because I misspelled password here. 175 00:09:24,150 --> 00:09:27,373 Okay, so that would be the German way of writing it. 176 00:09:28,370 --> 00:09:29,890 And now it's right. 177 00:09:29,890 --> 00:09:33,460 Okay, and indeed, we get our new user here. 178 00:09:33,460 --> 00:09:34,580 Perfect. 179 00:09:34,580 --> 00:09:38,350 Now let's say that we tried to do this with a GET. 180 00:09:38,350 --> 00:09:39,800 What would we get? 181 00:09:39,800 --> 00:09:42,300 Well, "This route is not yet defined," 182 00:09:42,300 --> 00:09:44,350 which is because we actually already 183 00:09:44,350 --> 00:09:47,620 kind of defined this route here, 184 00:09:47,620 --> 00:09:50,180 so basically this part here of the route, 185 00:09:50,180 --> 00:09:52,910 so let me quickly show you that, 186 00:09:52,910 --> 00:09:55,970 so it's not in the tourController, 187 00:09:55,970 --> 00:09:58,640 but in the userController. 188 00:09:58,640 --> 00:10:01,560 So basically we have getUser here, 189 00:10:01,560 --> 00:10:04,174 and then "This route is not yet defined." 190 00:10:04,174 --> 00:10:06,024 So that's the one that we're getting, 191 00:10:07,160 --> 00:10:09,860 but of course we're not not really interested in that. 192 00:10:11,460 --> 00:10:13,630 And let's now go ahead and save this here, 193 00:10:13,630 --> 00:10:16,613 to Postman so that we can then easily reuse it. 194 00:10:21,520 --> 00:10:22,513 So Sign Up. 195 00:10:24,700 --> 00:10:26,600 And now just to quickly confirm, 196 00:10:26,600 --> 00:10:29,420 let's actually open it in Compass here as well, 197 00:10:29,420 --> 00:10:32,320 and just see that at this point we only have tours, 198 00:10:32,320 --> 00:10:36,433 and so let's go here to natours, try to reload this, 199 00:10:37,490 --> 00:10:38,890 and that's probably up here, 200 00:10:41,000 --> 00:10:44,820 and so indeed, now we get our users collection here. 201 00:10:44,820 --> 00:10:47,120 So let's open that up, and indeed, 202 00:10:47,120 --> 00:10:49,470 we now get our first document here. 203 00:10:49,470 --> 00:10:51,640 So the user that we just created. 204 00:10:51,640 --> 00:10:54,430 Now in here you can see the plain password, 205 00:10:54,430 --> 00:10:57,270 and so of course that is not ideal. 206 00:10:57,270 --> 00:10:59,170 And of course, that is not ideal, 207 00:10:59,170 --> 00:11:03,090 so in a web application, passwords should never never ever 208 00:11:03,090 --> 00:11:05,983 be stored as plain in a database. 209 00:11:07,060 --> 00:11:10,020 So there's a lot of password management that needs to go on 210 00:11:10,020 --> 00:11:11,750 behind the scenes, and so that is 211 00:11:11,750 --> 00:11:14,513 exactly what we will do in the next video. 16360