1
00:00:00,980 --> 00:00:03,330
We are all done with our sign in and sign up.

2
00:00:03,330 --> 00:00:04,180
Root handlers.

3
00:00:04,190 --> 00:00:06,420
We're not gonna start to move on to a current user.

4
00:00:06,430 --> 00:00:07,610
It's inside my rat's directory.

5
00:00:07,620 --> 00:00:13,160
Often the current user t s file let me first begin by telling you the goal of this root handler.

6
00:00:13,160 --> 00:00:17,840
So here's what we're going to try to implement at some point time a react application is going to need

7
00:00:17,840 --> 00:00:21,620
to figure out whether or not the user is signed into our application.

8
00:00:21,620 --> 00:00:26,540
The react application that can not directly look at the cookie and tried to inspect and decide whether

9
00:00:26,540 --> 00:00:28,930
or not there is a valid JS on web token inside there.

10
00:00:29,360 --> 00:00:34,700
We have set up our cookies in such a way that they can not be actually executed or accessed from javascript

11
00:00:34,700 --> 00:00:36,230
running inside the browser.

12
00:00:36,290 --> 00:00:41,450
So instead the react application needs to be able to make a request to something inside of our app to

13
00:00:41,450 --> 00:00:46,400
figure out whether or not the user is currently logged in and that is the goal of this current user

14
00:00:46,420 --> 00:00:46,690
route.

15
00:00:46,690 --> 00:00:52,300
HANDLER So at some point time or react application is going to make requests to figure out who the current

16
00:00:52,300 --> 00:00:56,110
user is or essentially whether or not the user is logged in.

17
00:00:56,920 --> 00:01:00,520
That request is going to include a cookie if it exists.

18
00:01:00,520 --> 00:01:03,420
So we are going to get a cookie with this incoming request.

19
00:01:03,460 --> 00:01:09,130
Maybe if the user is not logged in There Will Be No cookie but if they are logged in there will be a

20
00:01:09,130 --> 00:01:15,700
cookie present so inside of our off service or more specifically inside of this current user root handler

21
00:01:16,080 --> 00:01:22,980
we're going to take a look at that req not session dot J W T property so remember that is where we are

22
00:01:22,980 --> 00:01:29,940
going to see our Jason web token show up so if the cookie is set there will be a Jason web token there.

23
00:01:30,000 --> 00:01:31,140
If the cookie is not set.

24
00:01:31,140 --> 00:01:37,300
Chances are there will not be a Jason web token so we're going to then take a look at that property

25
00:01:37,570 --> 00:01:44,020
if it is not set or if for some reason that just on a Web token is invalid then we're going to return

26
00:01:44,050 --> 00:01:50,360
early and we're going to send back a response it looks like this otherwise if there is a Jason web token

27
00:01:50,360 --> 00:01:56,660
set on that session and the Jason web token is valid then we're going to send back the payload that

28
00:01:56,660 --> 00:01:58,970
is stored inside the Jason web token.

29
00:01:58,970 --> 00:02:00,620
So it's going to look something like this right here.

30
00:02:00,740 --> 00:02:06,070
We're going to provide an object with a current user property and then for current user we're going

31
00:02:06,070 --> 00:02:12,490
to put in the payload from the Jason web token so that's the general idea.

32
00:02:12,510 --> 00:02:13,610
You'll notice I put this diagram.

33
00:02:13,620 --> 00:02:21,030
I said if the Jason web token is invalid or valid remember at any given point in time a user can't technically

34
00:02:21,210 --> 00:02:23,920
tried to mess around with her Jason web token.

35
00:02:23,970 --> 00:02:29,460
They can try to manipulate the information inside there and pretend that they are some other user or

36
00:02:29,460 --> 00:02:35,790
change their email address or something like that but because we have set up this secure signature thing

37
00:02:35,850 --> 00:02:40,830
which is on a Web token we're going to be able to very easily detect if the Jason web token has been

38
00:02:40,830 --> 00:02:42,960
manipulated in any way.

39
00:02:42,960 --> 00:02:48,240
So if it has been manipulated that's the case in which we will just return early and say Sorry you're

40
00:02:48,240 --> 00:02:53,380
not logged in your Jason web token doesn't really look that all that valid OK.

41
00:02:53,390 --> 00:02:54,430
So it's all this in mind.

42
00:02:54,500 --> 00:02:55,850
Let's take a quick pause right here.

43
00:02:55,880 --> 00:03:00,800
We get back to the next video but all this implementation together inside of our current user root handler.