1
00:00:00,940 --> 00:00:01,270
All right.

2
00:00:01,270 --> 00:00:03,740
Let's go ahead and start to implement our root handler.

3
00:00:03,840 --> 00:00:09,070
LOGAN We're going to follow these same series of steps we saw back over here inside this current user

4
00:00:09,070 --> 00:00:10,210
file at the very top.

5
00:00:10,210 --> 00:00:15,160
I'm going to import one or two things that we're probably going to end up needing though up the top.

6
00:00:15,310 --> 00:00:20,670
I'm going to add in an import or JWT from Jason web token.

7
00:00:20,710 --> 00:00:26,560
Remember this is the GDP library that we're using to not only create but also validate the token and

8
00:00:26,560 --> 00:00:31,130
extract information from it then inside of the request handler itself.

9
00:00:31,130 --> 00:00:34,300
I'm going to delete the resource and that's already inside there.

10
00:00:34,400 --> 00:00:39,410
We're going to first begin by taking a look at the record session dot JWT property.

11
00:00:39,650 --> 00:00:49,610
So if not rec session JWT that thing is not set then let's return early and we will do a rez dot sent

12
00:00:50,480 --> 00:00:54,840
and say the current user is no right away.

13
00:00:54,850 --> 00:00:57,580
You'll notice that we get an error around wrecked out session.

14
00:00:57,580 --> 00:01:02,650
We saw this error tied to typescript just a little bit ago back inside of the with sign up or sign in

15
00:01:02,710 --> 00:01:03,760
one of the other.

16
00:01:04,180 --> 00:01:11,530
If we hover over it you'll see that typescript is being told by the cookie session libraries high definition

17
00:01:11,530 --> 00:01:19,660
file a lot of terminology there that the wrecked out session property might be either null undefined

18
00:01:20,140 --> 00:01:25,840
or an actual cookie at session object not just you know the only case or the only scenario where we're

19
00:01:25,840 --> 00:01:31,360
going to add this object really be null or undefined is if we somehow get to this root handler without

20
00:01:31,360 --> 00:01:34,960
first executing this cookie session middleware.

21
00:01:34,960 --> 00:01:39,120
So if the request does not flow through that cookie session middleware and the rect session property

22
00:01:39,130 --> 00:01:41,570
will not be set.

23
00:01:41,650 --> 00:01:44,460
And so that's why typescript is being a little bit upset here.

24
00:01:44,680 --> 00:01:46,820
So we can fix this up by adding in a very simple check.

25
00:01:46,830 --> 00:01:49,860
We can say if not wrecked out session.

26
00:01:49,860 --> 00:01:55,890
So if that thing doesn't exist for some reason or if the JWT property is not set then we're just gonna

27
00:01:55,890 --> 00:02:02,960
say the user is not logged in the code you see right here we can condense down using a special little

28
00:02:02,960 --> 00:02:04,460
typescript operator.

29
00:02:04,460 --> 00:02:08,010
So notice how we are first checking to see if a record session exists.

30
00:02:08,240 --> 00:02:11,740
We can add it in right after a record session instead.

31
00:02:11,900 --> 00:02:13,280
A little question mark.

32
00:02:13,370 --> 00:02:19,340
So this right here is 100 percent equivalent to what we just had a moment ago if record session is not

33
00:02:19,340 --> 00:02:25,640
defined then this entire if statement or this entire expression right here will evaluate or I should

34
00:02:25,640 --> 00:02:29,140
say with the question mark really that's going to all evaluate to be true.

35
00:02:29,150 --> 00:02:32,520
So it's 100 percent equivalent to what we had just a moment ago.

36
00:02:32,540 --> 00:02:38,620
Well the question mark is just checking to see if some internal property actually exists or not OK so

37
00:02:38,620 --> 00:02:42,180
that's going to handle this first case right here.

38
00:02:42,190 --> 00:02:45,760
So now after that we're gonna try to decode the data on a Web token.

39
00:02:45,760 --> 00:02:50,080
We're gonna check out and see whether or not it is actually valid if it's not valid.

40
00:02:50,080 --> 00:02:52,570
We're going to once again send back current user of null.

41
00:02:52,610 --> 00:02:58,760
Otherwise if it is valid we're going to send back this object that has the payload inside their so after

42
00:02:58,760 --> 00:03:05,270
the if statement will say constant payload is JWT not verify.

43
00:03:05,270 --> 00:03:10,070
Remember very quickly we had seen back in the documentation when we're looking at the JWT library.

44
00:03:10,070 --> 00:03:15,360
This is how we decode or essentially extract information out of a chase on a Web token.

45
00:03:15,440 --> 00:03:21,860
The first argument is going to be the token itself that will be rec session JWT and then the second

46
00:03:21,890 --> 00:03:29,190
argument is going to be the J W T key which we had set up previously as an environment variable.

47
00:03:29,330 --> 00:03:37,860
So quick reminder back inside of sign in T S when we had generated that Jason Webb token we use that

48
00:03:37,860 --> 00:03:41,070
process EMV JWT key right there.

49
00:03:41,280 --> 00:03:46,100
That is our signing key and we need it in order to validate the token.

50
00:03:46,310 --> 00:03:49,250
We're going to provide that as the second argument right here.

51
00:03:49,250 --> 00:03:52,720
Process in the data to underscore key.

52
00:03:52,720 --> 00:03:58,850
Now once again typescript is not really or doesn't really want us to assume that that property is defined

53
00:03:59,180 --> 00:04:03,460
as it is entirely possible that we're going to start up our app forgetting to set that environment variable.

54
00:04:03,470 --> 00:04:05,150
So that's why we get that error there.

55
00:04:05,150 --> 00:04:10,010
But as we saw just a bit ago back inside of sign in and sign up we are very sure that we already check

56
00:04:10,010 --> 00:04:11,490
to see if that thing is defined.

57
00:04:11,510 --> 00:04:14,710
So we put the question mark at the very or seeing the estimation at the very end.

58
00:04:14,810 --> 00:04:18,650
It tells typescript to just not worry about it as a further reminder.

59
00:04:18,650 --> 00:04:23,810
We had check to make sure that the property actually was defined back inside of our roots indexed to

60
00:04:23,850 --> 00:04:30,590
yes file specifically inside the start function so if our app starts up without that environment variable

61
00:04:30,590 --> 00:04:32,300
being set we threw an error back there.

62
00:04:32,390 --> 00:04:36,970
That's essentially where we just took care of that so once again inside of current user I'm going to

63
00:04:36,970 --> 00:04:38,750
put a question mark right afterwards

64
00:04:41,650 --> 00:04:41,870
now.

65
00:04:41,890 --> 00:04:43,510
Something really interesting here.

66
00:04:43,510 --> 00:04:48,240
Remember a user can technically try to fiddle around or mess around with the properties inside this

67
00:04:48,240 --> 00:04:54,980
chase on a Web token when we call verify if the token has been messed with in any way then verify it

68
00:04:54,990 --> 00:04:57,150
is going to throw an error.

69
00:04:57,160 --> 00:04:59,720
So we need to make sure that we try to capture that error.

70
00:04:59,740 --> 00:05:06,930
We're gonna wrap this with a try catch statements but again if something goes wrong with verifying the

71
00:05:06,930 --> 00:05:10,360
token we're going to throw an error and we're gonna end up inside of catch.

72
00:05:10,530 --> 00:05:16,490
And in that scenario as we saw back in the diagram if the Jason Webb token is invalid we're just gonna

73
00:05:16,510 --> 00:05:17,870
say Hey you're not logged in.

74
00:05:17,880 --> 00:05:27,060
So current user of no inside the catch statement we'll do a resort sent or user of no

75
00:05:30,050 --> 00:05:33,090
but then finally we can handle this very last case here.

76
00:05:33,100 --> 00:05:36,580
So if the token is valid if we have a token we have successfully decoded it.

77
00:05:36,610 --> 00:05:37,900
We have the payload.

78
00:05:37,930 --> 00:05:39,850
We're gonna send that back inside the response.

79
00:05:40,720 --> 00:05:48,700
So after Conte's payload right there we'll do a red dot sent rent user and we'll stick the payload in

80
00:05:48,880 --> 00:05:50,780
like so.

81
00:05:50,830 --> 00:05:51,400
All right.

82
00:05:51,400 --> 00:05:52,140
That should be it.

83
00:05:52,440 --> 00:05:53,600
Let's save this.

84
00:05:53,620 --> 00:06:01,990
Let's go back over to postmen and we're gonna do a quick test so over inside of post man I'm going to

85
00:06:01,990 --> 00:06:06,670
first make sure that I am successfully logged into the application so I can make sure I am making a

86
00:06:06,670 --> 00:06:08,400
post request to sign in.

87
00:06:08,440 --> 00:06:10,440
I've got some valid credentials right here.

88
00:06:10,490 --> 00:06:15,010
I'm going to send that request off I get back a good response and if I go to the cookies tab I can see

89
00:06:15,010 --> 00:06:17,970
very plainly that I do in fact have a cookie set.

90
00:06:17,970 --> 00:06:22,300
So presumably there is a js on web token inside there yeah.

91
00:06:22,340 --> 00:06:23,270
That's good.

92
00:06:23,270 --> 00:06:27,540
I'm not going to open up a second tab inside a postman.

93
00:06:27,600 --> 00:06:33,420
I'm going to set the request out to get and I'll make that request to HDD P.S. ticketing

94
00:06:36,450 --> 00:06:41,620
not Dev API users current user.

95
00:06:41,780 --> 00:06:50,190
I'll make sure that I set headers with a content type of application.

96
00:06:50,210 --> 00:06:56,150
Jason and we're not gonna have a body because we are making a get request now just you know whenever

97
00:06:56,150 --> 00:07:02,190
we get a cookie set inside a postman postman is going to automatically send that cookie to any follow

98
00:07:02,190 --> 00:07:07,040
up request to the same domain as a matter of fact we can actually see that if we go to the right hand

99
00:07:07,040 --> 00:07:10,850
side over here and click on that cookies button.

100
00:07:10,850 --> 00:07:14,630
So this is listing out all the active cookies we have inside a postman.

101
00:07:14,630 --> 00:07:17,090
And at present we've got the ticketing dot Dev cookie.

102
00:07:17,150 --> 00:07:19,310
So again our JWT is inside there.

103
00:07:20,120 --> 00:07:24,890
So when we make this request we should be including our taste on the web token.

104
00:07:24,890 --> 00:07:25,160
All right.

105
00:07:25,160 --> 00:07:26,750
I'm going to send this off.

106
00:07:26,750 --> 00:07:27,500
And there we go.

107
00:07:27,500 --> 00:07:32,750
So I've got my current user and I got the body or the payload of the Jason web token.

108
00:07:32,750 --> 00:07:37,640
So I'm being told my email my I.D. and the issue would at time of the token.

109
00:07:37,640 --> 00:07:42,080
So in the context of a react application if we got back a response like this in our ReACT app we would

110
00:07:42,080 --> 00:07:50,000
assume that the user was logged in let's now repeat this process but we are going to go ahead and delete

111
00:07:50,090 --> 00:07:50,820
our cookie.

112
00:07:50,840 --> 00:07:53,060
So I got to go back over to the cookies tab.

113
00:07:53,270 --> 00:07:54,220
I'm going to delete the cookie.

114
00:07:54,230 --> 00:07:59,930
Associate with ticketing dot dev and then I will make the request to get the current user.

115
00:07:59,930 --> 00:08:02,020
Once again.

116
00:08:02,050 --> 00:08:03,500
So now we did not include a cookie.

117
00:08:03,550 --> 00:08:08,320
And so we get a current user of no OK.

118
00:08:08,350 --> 00:08:09,820
Well this looks pretty good.

119
00:08:09,880 --> 00:08:14,870
So we now have a route to figure out whether or not the user is signed into the application.

120
00:08:15,040 --> 00:08:19,770
We are going to very quickly have to come back over here and start to refactor some stuff.

121
00:08:19,990 --> 00:08:21,320
I know it's kind of unfortunate.

122
00:08:21,370 --> 00:08:25,420
We do want to eventually have a middleware that's going to automatically try to figure out whether or

123
00:08:25,420 --> 00:08:31,450
not the user is logged in for us to limit access to some routes and also to just take some information

124
00:08:31,450 --> 00:08:34,280
about the user and throw it onto the request object.

125
00:08:34,450 --> 00:08:37,960
But those are two middleware so we're going to put together a little bit later and then kind of use

126
00:08:37,960 --> 00:08:39,940
to spruce up this file a little bit.

127
00:08:40,110 --> 00:08:43,990
We did have to go to this process just to understand that yeah we gonna check to see if there's the

128
00:08:43,990 --> 00:08:45,190
chase on a Web token.

129
00:08:45,190 --> 00:08:48,520
We got to decode the JWT and so on.

130
00:08:48,960 --> 00:08:50,050
So quick pause right here.

131
00:08:50,050 --> 00:08:54,460
We're gonna take care of handling these sign outs process in the next video.