1
00:00:01,280 --> 00:00:03,590
In this video we're going to create that second middleware.

2
00:00:03,770 --> 00:00:08,240
The goal this Middleware is to reject any incoming request the user is not logged in.

3
00:00:08,390 --> 00:00:10,010
So it's gonna be very simple in nature.

4
00:00:10,010 --> 00:00:14,570
All we have to do since we already put that other one together is take a look at the recurrent user

5
00:00:14,570 --> 00:00:17,210
property if recurrent user is not defined.

6
00:00:17,210 --> 00:00:18,870
That means the user is not logged in.

7
00:00:18,890 --> 00:00:22,520
So we are going to reject the requests or essentially respond with an error.

8
00:00:23,060 --> 00:00:28,110
So let's get started on that middleware right away because it's gonna be pretty easy to put together.

9
00:00:28,160 --> 00:00:28,400
All right.

10
00:00:28,430 --> 00:00:32,780
So back over here I'm going to find my middleware directory and I'll make a new file inside there called

11
00:00:33,020 --> 00:00:37,870
require off to yes then inside if you're at the very top.

12
00:00:37,880 --> 00:00:47,690
Once again we will import request response and next function from express well then put together a function

13
00:00:47,690 --> 00:00:59,750
called require off and once again for the argument list we'll put in Iraq of request rez response and

14
00:00:59,810 --> 00:01:01,760
next next.

15
00:01:01,760 --> 00:01:08,340
Function so we are going to really make a big assumption here we're going to assume that we will never

16
00:01:08,340 --> 00:01:13,860
use the require auth middleware without previously running the current user middleware.

17
00:01:13,860 --> 00:01:18,480
So in other words by the time this request shows up inside of require off we should have already checked

18
00:01:18,480 --> 00:01:22,920
to see if there is a Jason Webb token present we should have already attempted to decode it and set

19
00:01:22,920 --> 00:01:25,320
it on the recurrent user property.

20
00:01:25,350 --> 00:01:30,600
So again if recurrent user is not defined that means we need to reject this request and respond with

21
00:01:30,600 --> 00:01:39,130
an error so we can do something like if there is no recurrent user property then we should return early

22
00:01:40,150 --> 00:01:49,180
and we can do something like a resort send or a one a for a one you will recall means forbidden And

23
00:01:49,190 --> 00:01:55,310
we can't excuse me that should be a status we could send back something Alex like our common error structure

24
00:01:55,640 --> 00:01:59,820
remember that com their structure is that structure we encoded it in all those customers.

25
00:01:59,960 --> 00:02:03,780
Now as soon as I start looking at this we're kind of going back to that same similar scenario when we

26
00:02:03,780 --> 00:02:08,600
were talking about all those custom error things where we are trying to manually write out how to respond

27
00:02:08,630 --> 00:02:11,400
or how to handle some kind of air condition.

28
00:02:11,450 --> 00:02:16,130
So as soon as I see this right here I think maybe rather than trying to manually write out the response

29
00:02:16,130 --> 00:02:21,140
right here maybe you would make a lot more sense to create yet another custom air inside of our project

30
00:02:21,560 --> 00:02:27,740
to handle any time a user tries to access some kind of resource that they are not authorized to access.

31
00:02:27,740 --> 00:02:33,440
So in other words long story short let's create another custom air to handle this response or the case

32
00:02:33,440 --> 00:02:39,410
in which a user is trying to access a route that they do not have access to inside my ears directory

33
00:02:39,470 --> 00:02:49,810
I'm gonna make a new file called not authorized air dot T.S. so we're going to create yet another custom

34
00:02:49,810 --> 00:03:01,500
air inside of your remember to do so we will import custom air at the top from customer we will then

35
00:03:01,500 --> 00:03:08,640
create an export a class we're gonna call it not authorized air and it's going to be extending custom

36
00:03:08,850 --> 00:03:13,540
air once again typescript is going to guide us and how to implement this.

37
00:03:13,560 --> 00:03:20,140
So we need to implement that serialize Eris method Andy status code method as well so for the status

38
00:03:20,140 --> 00:03:27,000
code we probably want a status good for one which in HDP parlance means a you're not authorized or you

39
00:03:27,000 --> 00:03:32,480
are forbidden from accessing this we can then put on the method of serialize errors

40
00:03:35,930 --> 00:03:40,670
and recall that if we mouse over that thing we will be told that we have to return an array of objects

41
00:03:40,940 --> 00:03:43,480
for each object has a message and possibly a field.

42
00:03:43,580 --> 00:03:50,000
So in our case we'll just send back a hard coded message something says hey you are not authorized so

43
00:03:50,030 --> 00:04:02,340
I will return an array of objects that has a message property and I'll put inside they're not authorized.

44
00:04:02,380 --> 00:04:05,590
Last thing we're gonna put inside of here is a constructor once again.

45
00:04:05,680 --> 00:04:09,910
Remember we are just putting in the constructor to set up that set credit type of thing that is required

46
00:04:09,910 --> 00:04:13,270
because we are ultimately extending a built in class.

47
00:04:13,520 --> 00:04:27,590
Don't put in a constructor I will call super l do an object set Prato type of this and not authorized

48
00:04:27,620 --> 00:04:29,570
air dot prototype.

49
00:04:29,570 --> 00:04:32,090
You'll notice that we have an air around our super called right here.

50
00:04:32,090 --> 00:04:37,310
That is because the parent constructor of customer expects to be called with some message or some kind

51
00:04:37,310 --> 00:04:39,380
of string describing exactly what went wrong.

52
00:04:39,980 --> 00:04:44,660
So we can just use the same string we use down here we can put in something like not authorized

53
00:04:47,370 --> 00:04:47,630
okay.

54
00:04:47,680 --> 00:04:48,790
So there's our customer.

55
00:04:48,790 --> 00:04:55,020
So let's say this file will then go backwards the require of middleware and again rather than throwing

56
00:04:55,020 --> 00:04:59,370
or trying to send back some manual response right here we can instead just throw that error that we

57
00:04:59,370 --> 00:05:01,620
had just created in our error handling middleware.

58
00:05:01,650 --> 00:05:03,010
We'll take care of everything from there.

59
00:05:03,990 --> 00:05:10,520
So at the top we will import not authorized air rom errors

60
00:05:13,270 --> 00:05:21,880
and then rather than returning right there we can throw a new not authorized air now assuming that the

61
00:05:21,880 --> 00:05:26,620
user is logged in if they are logged in and they get past this if statement we want to allow the user

62
00:05:26,620 --> 00:05:31,280
to continue on to the next middleware or possibly our actual route handling function.

63
00:05:31,420 --> 00:05:35,670
So if they get past that statement we'll just call the next function and attribute

64
00:05:38,550 --> 00:05:40,250
all right let's say this.

65
00:05:40,530 --> 00:05:47,070
Now we don't have any root handlers inside of this app that need to have some kind of require off middleware

66
00:05:47,070 --> 00:05:47,790
on them.

67
00:05:47,790 --> 00:05:53,010
So we're going to a very temporarily apply it to the current user middle or something the current user

68
00:05:53,010 --> 00:05:54,150
route handler.

69
00:05:54,270 --> 00:06:01,310
So we're going to temporarily make sure that you must be logged in in order to access current user.

70
00:06:01,360 --> 00:06:04,860
So I'm gonna go and find that current user route handler at the very top.

71
00:06:04,870 --> 00:06:14,380
I will import the middleware we just created so require off from middle wears require off and then remember

72
00:06:14,380 --> 00:06:19,990
our big assumption here is that we are always going to run require off right after using current user

73
00:06:22,040 --> 00:06:23,270
or I should say right after.

74
00:06:23,270 --> 00:06:29,860
But at some point after current user so I will put in require like so.

75
00:06:30,000 --> 00:06:31,200
All right so let's say this.

76
00:06:31,380 --> 00:06:34,370
Now we could go back over to postmen and test it out now.

77
00:06:34,390 --> 00:06:37,070
At present I am signed in inside a postman.

78
00:06:37,300 --> 00:06:41,700
So if I send this request off to get current user right now it should still succeed.

79
00:06:41,920 --> 00:06:43,280
Yep definitely does.

80
00:06:43,390 --> 00:06:48,360
But if I go over to that third tab where I can log out so I'll send that in.

81
00:06:48,370 --> 00:06:50,920
So now I'm no longer signed into the application.

82
00:06:51,070 --> 00:06:55,810
If I now try to print out current user again I should get an airbag something and says Sorry you can't

83
00:06:55,810 --> 00:06:58,140
access this route because you are not logged in.

84
00:06:58,520 --> 00:06:59,900
So I will send this.

85
00:06:59,950 --> 00:07:01,270
And sure enough there we go.

86
00:07:01,750 --> 00:07:05,290
So I get back an error with the message of not authorised.

87
00:07:05,320 --> 00:07:05,890
All right.

88
00:07:05,890 --> 00:07:06,850
Fantastic.

89
00:07:06,850 --> 00:07:10,810
So we've now got these two utility middleware put together that we're probably going to need to use

90
00:07:10,810 --> 00:07:15,770
at some point time even if we don't really need them inside of our service just yet.

91
00:07:15,850 --> 00:07:20,710
Now back inside of current user the root handler a current user I am going to delete the require off

92
00:07:20,710 --> 00:07:21,700
middleware right there.

93
00:07:21,700 --> 00:07:28,120
Again we were just doing a very quick test and I will delete require off right there and you know we're

94
00:07:28,120 --> 00:07:33,250
not using JWT inside of here anymore so delete that as well.

95
00:07:33,250 --> 00:07:34,900
All right that's it.

96
00:07:34,900 --> 00:07:40,450
Well we've got those two utility middleware put together and I think overall our entire auto service

97
00:07:40,510 --> 00:07:42,360
is now in a pretty good state.

98
00:07:42,400 --> 00:07:46,090
So let's take a quick pause right here and figure out exactly what we need to do next.