1
00:00:02,100 --> 00:00:05,410
So we have this log and flow in place here.

2
00:00:05,410 --> 00:00:09,010
It's not wired up yet. And even if it would be wired up,

3
00:00:09,010 --> 00:00:10,450
we would as mentioned,

4
00:00:10,450 --> 00:00:14,850
not really be able to see if a user is now really treated as

5
00:00:14,850 --> 00:00:17,980
logged in since we have no logic on our website at the

6
00:00:17,980 --> 00:00:20,770
moment to reflect that.

7
00:00:20,770 --> 00:00:23,730
And that is what I want to change here for this,

8
00:00:23,730 --> 00:00:25,230
for all incoming requests.

9
00:00:25,230 --> 00:00:28,525
I want to check if that request is coming from a user that

10
00:00:28,525 --> 00:00:31,180
is actually locked in,

11
00:00:31,180 --> 00:00:33,940
and then we can use that information to, for example,

12
00:00:33,940 --> 00:00:37,630
show a different navigation bar with more and different

13
00:00:37,630 --> 00:00:41,060
options in the rendered website.

14
00:00:41,060 --> 00:00:44,980
And we could also lock down access to certain pages based on

15
00:00:44,980 --> 00:00:49,570
the authentication status, something we'll also do later.

16
00:00:49,570 --> 00:00:50,510
So either way,

17
00:00:50,510 --> 00:00:55,400
we want to look into the incoming request session to extract

18
00:00:55,400 --> 00:00:57,840
information from it and see whether it's coming from an

19
00:00:57,840 --> 00:00:59,190
authenticated user.

20
00:00:59,190 --> 00:01:02,060
And we can do that with our own middleware.

21
00:01:02,060 --> 00:01:03,650
Hence in the middlewares folder,

22
00:01:03,650 --> 00:01:05,740
I'll add a new middleware file,

23
00:01:05,740 --> 00:01:10,560
which will name authenticate or check

24
00:01:10,560 --> 00:01:11,530
off JS.

25
00:01:11,530 --> 00:01:13,800
That's that even better name.

26
00:01:13,800 --> 00:01:18,023
And in here, I'll add a function, check off status,

27
00:01:19,580 --> 00:01:21,500
which is a default middleware function.

28
00:01:21,500 --> 00:01:24,400
So which gets a request or response and the,

29
00:01:24,400 --> 00:01:26,310
this next function.

30
00:01:26,310 --> 00:01:28,450
And then in here,

31
00:01:28,450 --> 00:01:29,283
I in the end,

32
00:01:29,283 --> 00:01:30,850
want to

33
00:01:30,850 --> 00:01:32,260
get my

34
00:01:32,260 --> 00:01:33,410
user ID

35
00:01:33,410 --> 00:01:36,233
by accessing rec dot session dot UID.

36
00:01:37,260 --> 00:01:39,640
Because remember when we

37
00:01:39,640 --> 00:01:42,670
do call create user session or

38
00:01:42,670 --> 00:01:47,160
after checking for email and password correctness,

39
00:01:47,160 --> 00:01:50,980
then thanks to the function we wrote here.

40
00:01:50,980 --> 00:01:54,160
We will add a UID field two to session,

41
00:01:54,160 --> 00:01:57,540
and that will be stored on the server in that session data,

42
00:01:57,540 --> 00:01:59,440
in our case, in the database,

43
00:01:59,440 --> 00:02:02,033
because we're using the Mongo DB session store.

44
00:02:03,040 --> 00:02:06,370
So now for every incoming request with help of this custom

45
00:02:06,370 --> 00:02:09,320
middleware, I will look for this UID field.

46
00:02:09,320 --> 00:02:12,780
And this then either is undefined. If a doesn't exist,

47
00:02:12,780 --> 00:02:16,050
which means the user did not log in before,

48
00:02:16,050 --> 00:02:21,050
or it is a value, some ID value, which only can be the case.

49
00:02:21,760 --> 00:02:25,350
If the user did log in before otherwise it wouldn't have

50
00:02:25,350 --> 00:02:26,183
been set.

51
00:02:27,590 --> 00:02:30,200
So the offer here, I can check if not UID,

52
00:02:30,200 --> 00:02:32,943
which means the user does not have one,

53
00:02:32,943 --> 00:02:35,530
the user to which this session belongs.

54
00:02:35,530 --> 00:02:38,400
So the user from which this request is coming,

55
00:02:38,400 --> 00:02:41,310
and in this case, I want to return and not continue,

56
00:02:41,310 --> 00:02:45,100
and I will return the result of calling next.

57
00:02:45,100 --> 00:02:46,940
The result isn't too important,

58
00:02:46,940 --> 00:02:50,890
important is that we call next so that the request can still

59
00:02:50,890 --> 00:02:54,920
travel on because not being authenticated does not mean that

60
00:02:54,920 --> 00:02:57,970
we want to crash the app or send you an error.

61
00:02:57,970 --> 00:03:01,390
It just means that the there officer shouldn't execute.

62
00:03:01,390 --> 00:03:05,063
That's why return here because in the coat they're off after

63
00:03:05,063 --> 00:03:08,900
I will actually add a couple of response,

64
00:03:08,900 --> 00:03:12,180
specific fields with help of resolute KOLs,

65
00:03:12,180 --> 00:03:17,160
which we used before for the CSRF token to store the user ID

66
00:03:17,160 --> 00:03:21,450
in there, but to also add an S off utility field,

67
00:03:21,450 --> 00:03:26,320
which I set to true to indicate that the user with which we

68
00:03:26,320 --> 00:03:29,120
are working now is authenticated.

69
00:03:29,120 --> 00:03:32,690
And we can use this information in our views or our other

70
00:03:32,690 --> 00:03:35,823
route handlers and middleware functions. Then for example,

71
00:03:36,910 --> 00:03:39,820
and then their offer, I, again, call next.

72
00:03:39,820 --> 00:03:43,250
But now I only do that if we made a POS, does if check,

73
00:03:43,250 --> 00:03:46,230
which we only do, if the user has a user ID,

74
00:03:46,230 --> 00:03:48,130
which means the user is authenticated,

75
00:03:49,770 --> 00:03:51,280
then we can, of course,

76
00:03:51,280 --> 00:03:55,810
export does check off status middleware function year,

77
00:03:55,810 --> 00:04:00,810
and then registered this in app JS here where I'm already

78
00:04:01,070 --> 00:04:03,870
importing a bunch of other middleware functions.

79
00:04:03,870 --> 00:04:07,220
We can add the check off status middleware

80
00:04:08,060 --> 00:04:09,380
by requiring

81
00:04:09,380 --> 00:04:11,260
dot slash middlewares

82
00:04:11,260 --> 00:04:12,486
slash

83
00:04:12,486 --> 00:04:13,800
check off

84
00:04:15,400 --> 00:04:16,283
like this.

85
00:04:18,029 --> 00:04:22,060
And with it being required, we can use it.

86
00:04:22,060 --> 00:04:23,920
Now, we want to use it after the

87
00:04:23,920 --> 00:04:26,070
session middleware executed.

88
00:04:26,070 --> 00:04:29,670
Otherwise we won't be able to access the session.

89
00:04:29,670 --> 00:04:31,810
And it doesn't matter if we check for

90
00:04:31,810 --> 00:04:33,310
to see as I've token first,

91
00:04:33,310 --> 00:04:37,980
I will simply use my checkoff status middleware here after

92
00:04:37,980 --> 00:04:40,383
the add CSRF token middleware.

93
00:04:41,870 --> 00:04:44,690
So now we have this added here

94
00:04:45,750 --> 00:04:47,460
now with debt,

95
00:04:47,460 --> 00:04:49,980
since insight off that middleware,

96
00:04:49,980 --> 00:04:51,520
we just worked on

97
00:04:51,520 --> 00:04:54,600
I'm actually setting, wrestle.

98
00:04:54,600 --> 00:04:59,080
Locals is off and UID. We can use that data in our reviews.

99
00:04:59,080 --> 00:05:01,130
And for example, we can use it in our header.

100
00:05:01,130 --> 00:05:03,243
Now in our header,

101
00:05:03,243 --> 00:05:05,940
in this shared includes folder,

102
00:05:05,940 --> 00:05:08,615
we don't really have any navigation items yet,

103
00:05:08,615 --> 00:05:12,763
but what we can do in here is in this NAF bar,

104
00:05:12,763 --> 00:05:17,090
we can actually add a unordered list because we'll have one

105
00:05:17,090 --> 00:05:19,940
later anyways, with every navigation item,

106
00:05:19,940 --> 00:05:22,186
being one list item in that list.

107
00:05:22,186 --> 00:05:24,591
And there we can add I'll list item,

108
00:05:24,591 --> 00:05:27,683
which actually has to log out button.

109
00:05:28,740 --> 00:05:32,660
And that lists item here should only be added if the user is

110
00:05:32,660 --> 00:05:34,220
authenticated,

111
00:05:34,220 --> 00:05:37,880
otherwise it makes no sense to show a log out button.

112
00:05:37,880 --> 00:05:42,620
So then here we can use EJS text to add if condition in the

113
00:05:42,620 --> 00:05:45,790
template to check if locals is off.

114
00:05:45,790 --> 00:05:50,040
If this is true and keep in mind, that's this field,

115
00:05:50,040 --> 00:05:53,400
which I'm setting here in my custom middleware.

116
00:05:53,400 --> 00:05:54,977
So I'm checking if this is true,

117
00:05:54,977 --> 00:05:57,173
and then we have an opening curly brace,

118
00:05:58,580 --> 00:06:02,750
and then this template part here will be rendered

119
00:06:03,590 --> 00:06:05,100
and their offer.

120
00:06:05,100 --> 00:06:09,340
I just closed this, but now it is will only be rendered.

121
00:06:09,340 --> 00:06:12,860
If this here is true, that's how EJS works.

122
00:06:12,860 --> 00:06:14,500
So now in the navigation,

123
00:06:14,500 --> 00:06:18,200
we have some visual feedback telling us whether that worked

124
00:06:18,200 --> 00:06:20,679
or not with that. If I reload,

125
00:06:20,679 --> 00:06:24,330
I don't see log out anywhere in my navigation.

126
00:06:24,330 --> 00:06:25,250
It's not styled,

127
00:06:25,250 --> 00:06:29,070
but I don't see it anywhere because I haven't locked in yet.

128
00:06:29,070 --> 00:06:31,970
But now with all that logic added, once we do log in,

129
00:06:31,970 --> 00:06:35,750
we should be able to see it for this as a last step.

130
00:06:35,750 --> 00:06:39,920
We just need to make sure that the log in function and the

131
00:06:39,920 --> 00:06:44,330
off controller is actually wired up to the log in route to

132
00:06:44,330 --> 00:06:45,970
which we send the forum.

133
00:06:45,970 --> 00:06:50,970
Once it's submitted for dad in the auth routes JS file,

134
00:06:51,132 --> 00:06:53,860
we should register a new route

135
00:06:56,130 --> 00:06:59,320
a post route to slash login because

136
00:06:59,320 --> 00:07:00,610
that's the kind of request

137
00:07:00,610 --> 00:07:03,760
we're sending from inside the log in EJS file.

138
00:07:03,760 --> 00:07:07,510
And here we want to target off controller dot and then we

139
00:07:07,510 --> 00:07:09,860
need to expose that log-in function.

140
00:07:09,860 --> 00:07:12,320
We added into auth controller.

141
00:07:12,320 --> 00:07:13,580
So this function here,

142
00:07:13,580 --> 00:07:17,540
which we added needs to be added down there in the export at

143
00:07:17,540 --> 00:07:18,373
object.

144
00:07:20,780 --> 00:07:24,490
Once it is added there in the routes file on the auth

145
00:07:24,490 --> 00:07:26,653
controller, we can point at it.

146
00:07:28,970 --> 00:07:32,210
Now we should be able to send post requests there and

147
00:07:32,210 --> 00:07:35,483
trigger our authentication flow once we do so.

148
00:07:36,680 --> 00:07:40,150
If we now reload and I try logging in here

149
00:07:40,150 --> 00:07:42,343
with valid credentials,

150
00:07:44,080 --> 00:07:47,130
I'm redirected to the starting page and I have to log out

151
00:07:47,130 --> 00:07:48,370
button here.

152
00:07:48,370 --> 00:07:52,360
And that proves that logging in works that our

153
00:07:52,360 --> 00:07:55,695
authentication logic, which he was as sessions works,

154
00:07:55,695 --> 00:07:56,690
otherwise,

155
00:07:56,690 --> 00:08:00,510
we wouldn't see that button because this button is rendered

156
00:08:00,510 --> 00:08:01,450
conditionally,

157
00:08:01,450 --> 00:08:05,320
and it's only rendered if we are authenticated,

158
00:08:05,320 --> 00:08:07,173
that's the logic we added here.