1
00:00:01,140 --> 00:00:03,030
-: We've now got a middleware in place

2
00:00:03,030 --> 00:00:05,430
to keep users out of this sign-in route

3
00:00:05,430 --> 00:00:08,400
if they have not supplied the correct username and password

4
00:00:08,400 --> 00:00:10,140
or email and password.

5
00:00:10,140 --> 00:00:13,410
As a reminder, that's happening because we've supplied

6
00:00:13,410 --> 00:00:15,570
a required sign-in middleware

7
00:00:15,570 --> 00:00:18,090
to our post to a sign in route.

8
00:00:18,090 --> 00:00:21,750
So, before our user's ever gonna see authentication.signin,

9
00:00:21,750 --> 00:00:22,890
they're gonna run through our

10
00:00:22,890 --> 00:00:25,170
local strategy middleware right here.

11
00:00:25,170 --> 00:00:27,630
And if they did not supply the correct email and password,

12
00:00:27,630 --> 00:00:29,580
boom, they get knocked out of the flow.

13
00:00:30,900 --> 00:00:32,670
So, the last thing we have to do in here,

14
00:00:32,670 --> 00:00:35,880
our user has already supplied and had verified

15
00:00:35,880 --> 00:00:37,320
their email and password,

16
00:00:37,320 --> 00:00:39,840
we just need to give them a token.

17
00:00:39,840 --> 00:00:41,340
So, remember we already created

18
00:00:41,340 --> 00:00:44,040
a token for user helper up here,

19
00:00:44,040 --> 00:00:46,680
but the catch was that we had to supply an actual user

20
00:00:46,680 --> 00:00:50,430
because the token is going to wrap the user's ID.

21
00:00:50,430 --> 00:00:53,500
So, we need to somehow get access to the current user's

22
00:00:55,230 --> 00:00:56,940
current user model, there we go.

23
00:00:56,940 --> 00:00:59,553
Current user model inside of this function.

24
00:01:00,660 --> 00:01:02,430
Luckily, passport has our back.

25
00:01:02,430 --> 00:01:04,590
If you recall in our passport file,

26
00:01:04,590 --> 00:01:07,170
when we set up our local strategy,

27
00:01:07,170 --> 00:01:09,930
this done callback that we called at the very end

28
00:01:09,930 --> 00:01:11,550
when we said yes, the two user,

29
00:01:11,550 --> 00:01:13,680
you know, correct email, correct password,

30
00:01:13,680 --> 00:01:15,660
everything's good, we found the user model

31
00:01:15,660 --> 00:01:19,740
and we supplied it to this done callback right here.

32
00:01:19,740 --> 00:01:22,740
So, this done call back is supplied by passport

33
00:01:22,740 --> 00:01:24,990
and passport, very helpfully

34
00:01:24,990 --> 00:01:26,820
takes this user model right here

35
00:01:26,820 --> 00:01:31,560
and it assigns it to req.user or request.user,

36
00:01:32,490 --> 00:01:34,950
that means in our authentication controller.

37
00:01:34,950 --> 00:01:38,370
In here, we can make reference to req.user

38
00:01:38,370 --> 00:01:40,770
and that is our user object.

39
00:01:40,770 --> 00:01:43,980
So, now, we can just use our token for user helper

40
00:01:43,980 --> 00:01:47,613
and return a token back to whoever tried to sign in.

41
00:01:49,020 --> 00:01:51,060
So, we will say,

42
00:01:51,060 --> 00:01:52,720
response.send

43
00:01:53,880 --> 00:01:55,320
token

44
00:01:55,320 --> 00:01:57,390
token for user

45
00:01:57,390 --> 00:01:58,983
req.user, like so.

46
00:02:00,840 --> 00:02:03,060
All right. Let's go ahead and test this out inside a postman

47
00:02:03,060 --> 00:02:04,660
and see if everything's working.

48
00:02:05,520 --> 00:02:08,130
I'm going to go ahead and create a completely fresh user.

49
00:02:08,130 --> 00:02:08,963
So I'm gonna,

50
00:02:08,963 --> 00:02:11,940
I've got a post, I'm gonna go to sign up

51
00:02:11,940 --> 00:02:15,000
and I'm going to have a completely fresh email here

52
00:02:15,000 --> 00:02:18,930
of email 09, just needs to be something unique.

53
00:02:18,930 --> 00:02:22,230
So, I'll sign up, I get my token, so that's good.

54
00:02:22,230 --> 00:02:23,670
You know, my signup is still working.

55
00:02:23,670 --> 00:02:24,990
This is the handling the case

56
00:02:24,990 --> 00:02:26,820
in which a user is first signing up.

57
00:02:26,820 --> 00:02:29,910
But I wanna handle the case in which I am signing in.

58
00:02:29,910 --> 00:02:33,300
So, I'm gonna change my route up here to sign in.

59
00:02:33,300 --> 00:02:35,700
I'm gonna leave my email and password here

60
00:02:35,700 --> 00:02:37,920
'cause I have to supply email and password

61
00:02:37,920 --> 00:02:40,350
in order to attempt to sign in.

62
00:02:40,350 --> 00:02:42,090
I'll send.

63
00:02:42,090 --> 00:02:44,190
And I successfully get back a token.

64
00:02:44,190 --> 00:02:45,930
Perfect. Just what we wanted.

65
00:02:45,930 --> 00:02:47,130
So, this token means

66
00:02:47,130 --> 00:02:49,890
yes, you supplied the correct email and password

67
00:02:49,890 --> 00:02:51,990
for this existing account.

68
00:02:51,990 --> 00:02:54,060
We verify that it has the correct email,

69
00:02:54,060 --> 00:02:56,280
we verified it as the correct password,

70
00:02:56,280 --> 00:02:58,170
and in return we give you a token

71
00:02:58,170 --> 00:03:01,830
that corresponds to this user account right here.

72
00:03:01,830 --> 00:03:04,020
If I try giving the wrong password right now,

73
00:03:04,020 --> 00:03:07,050
so, let's say, I do a password abcd

74
00:03:07,050 --> 00:03:08,640
and I send again,

75
00:03:08,640 --> 00:03:10,620
I get an error of unauthorized.

76
00:03:10,620 --> 00:03:13,263
So, I'm not allowed to get access to this route.

77
00:03:14,880 --> 00:03:16,590
Let's go back to the correct password.

78
00:03:16,590 --> 00:03:18,240
What was it? 123.

79
00:03:18,240 --> 00:03:20,190
And I'm back to getting my token again.

80
00:03:20,190 --> 00:03:21,600
Just what we wanted.

81
00:03:21,600 --> 00:03:23,970
So this is fantastic. This looks very good.

82
00:03:23,970 --> 00:03:26,040
We've got our token, we've got our sign in,

83
00:03:26,040 --> 00:03:27,030
we've got our sign up,

84
00:03:27,030 --> 00:03:29,790
and we've also got a protected route.

85
00:03:29,790 --> 00:03:32,640
Remember, our protected route was the root route

86
00:03:32,640 --> 00:03:35,040
of just local host 3090.

87
00:03:35,040 --> 00:03:36,900
And then we took our token

88
00:03:36,900 --> 00:03:40,140
and we added it as an authorization header in here.

89
00:03:40,140 --> 00:03:42,453
So, if we send a get request,

90
00:03:43,890 --> 00:03:46,350
we get "hi there" back.

91
00:03:46,350 --> 00:03:48,000
If we do not supply our token,

92
00:03:48,000 --> 00:03:50,073
so, if I click this little checkbox here,

93
00:03:51,217 --> 00:03:52,560
"unauthorized".

94
00:03:52,560 --> 00:03:53,850
We need to supply a token

95
00:03:53,850 --> 00:03:56,580
in order to get access to this content.

96
00:03:56,580 --> 00:03:57,413
So, this is awesome.

97
00:03:57,413 --> 00:03:58,650
This is our server in total.

98
00:03:58,650 --> 00:04:00,916
We've got our different routes put together.

99
00:04:00,916 --> 00:04:03,210
Let's go ahead and do a wrap up of our server

100
00:04:03,210 --> 00:04:04,263
in the next section.