1
00:00:00,430 --> 00:00:05,580
In the last video we spoke about how we needed to make sure that user has at least one credit inside

2
00:00:05,580 --> 00:00:08,300
their account before we allow them to create a survey.

3
00:00:08,340 --> 00:00:13,710
So we're going to make a new middleware file in order to check to make sure that the user has the minimum

4
00:00:13,710 --> 00:00:15,060
number of credits.

5
00:00:15,060 --> 00:00:20,310
Now we are only doing this as a middleware because we might have additional routes in the future where

6
00:00:20,310 --> 00:00:25,380
we want to secure it and make sure the user has some minimum number of credits so we could have just

7
00:00:25,380 --> 00:00:30,550
as easily done all this logic that we're about to write inside of the request handler body right here.

8
00:00:30,570 --> 00:00:35,880
I'm just thinking towards the future and thinking hey we might want to kind of reference the same code

9
00:00:35,880 --> 00:00:37,450
at some point in the future.

10
00:00:37,930 --> 00:00:39,270
OK let's get to it.

11
00:00:39,270 --> 00:00:42,650
We're going to make a new file inside of our middleware directory.

12
00:00:42,780 --> 00:00:47,060
So make a new file and I'm going to call it require credits.

13
00:00:47,120 --> 00:00:48,510
Yes.

14
00:00:48,990 --> 00:00:54,120
Then inside of here we're going to end up with the middleware that looks very very very much similar

15
00:00:54,420 --> 00:00:57,320
to what we had done previously inside of require in.

16
00:00:57,450 --> 00:01:01,790
So if we flip over or require log in I'm just going to select everything inside this file.

17
00:01:01,860 --> 00:01:03,150
I'm going to copy it all.

18
00:01:03,220 --> 00:01:07,550
I'm going to go back to require credits and then paste it like so.

19
00:01:08,530 --> 00:01:08,870
OK.

20
00:01:08,910 --> 00:01:14,250
So at present we've got this checkup here to say hey if you don't meet some requirements like if your

21
00:01:14,250 --> 00:01:18,480
requests come in if there's something wrong with it we're going to kick you out early and we're not

22
00:01:18,480 --> 00:01:22,670
going to let you go to the next middleware or wrap handler in the chain.

23
00:01:22,890 --> 00:01:25,250
So we're going to keep the exact same structure here.

24
00:01:25,260 --> 00:01:30,720
All we really have to do is update the statement up here and then update the error message as well.

25
00:01:31,170 --> 00:01:38,220
So we'll say if the current user does not have greater than zero credits in the words if you have zero

26
00:01:38,430 --> 00:01:43,570
or negative for some reason credits inside of our application we want to kick you out early.

27
00:01:43,800 --> 00:01:46,070
So we're going to update the if statement.

28
00:01:46,290 --> 00:01:50,310
Remember that the number of credits that the user has is contained within the user model.

29
00:01:50,310 --> 00:01:58,180
So we can say rec user dot credits like so and we'll say if your number of credits is less than one

30
00:01:58,430 --> 00:02:04,680
and the words you have one are less than one like zero or point five whatever it might be if you have

31
00:02:04,680 --> 00:02:05,970
less than one credits.

32
00:02:06,150 --> 00:02:08,490
We're going to boots you out early.

33
00:02:08,490 --> 00:02:15,090
Now we will merely change the error message that gets sent back here from you must log in to say something

34
00:02:15,090 --> 00:02:17,550
instead like you don't

35
00:02:20,200 --> 00:02:21,890
you don't have enough.

36
00:02:22,100 --> 00:02:26,050
You know let's do it very simple as a say not enough credits.

37
00:02:26,050 --> 00:02:26,890
Very simple.

38
00:02:26,950 --> 00:02:31,450
I was kind of hesitating there because I wanted to put in a contraction or I want to use a single quote

39
00:02:31,750 --> 00:02:36,560
but the string overall is used in single quote and I was just thinking about it a little bit.

40
00:02:36,570 --> 00:02:36,840
OK.

41
00:02:36,850 --> 00:02:39,220
So now the status code for the response.

42
00:02:39,220 --> 00:02:44,960
Remember the status quo that we sent back isn't really necessarily the most important thing in the world.

43
00:02:44,980 --> 00:02:51,950
Really all we care about is making sure that it is in the 400 range a status code in the 400 range.

44
00:02:51,970 --> 00:02:58,420
So like from 400 to 499 indicates to whoever made the request that they made some air in the request

45
00:02:58,420 --> 00:03:00,920
or they did something wrong essentially.

46
00:03:00,940 --> 00:03:06,190
So all we really care about indicating here is the status quo code is telling the user hey there's something

47
00:03:06,190 --> 00:03:08,390
wrong with the request you just made.

48
00:03:08,950 --> 00:03:10,030
So we have a 401.

49
00:03:10,030 --> 00:03:10,810
Right here.

50
00:03:10,810 --> 00:03:17,620
I do want to mention that in the actual HTP spec there actually is a status code that actually kind

51
00:03:17,620 --> 00:03:20,410
of matches up with what we're trying to tell the user here.

52
00:03:20,410 --> 00:03:26,890
So this is the W3 or documentation on all status codes.

53
00:03:27,190 --> 00:03:30,160
If we look up in the 400 range.

54
00:03:30,160 --> 00:03:32,000
So we're currently using 401.

55
00:03:32,030 --> 00:03:36,220
On authorized to tell the user Hey you're not signed in for that other middleware.

56
00:03:36,220 --> 00:03:40,290
Now if I'm the one that we are putting together right now they're actually kind of is a status Coode

57
00:03:40,330 --> 00:03:43,440
that very much fits the bill here for two payment required.

58
00:03:43,480 --> 00:03:46,730
And the words you have to pay us money to do what you're trying to do.

59
00:03:46,960 --> 00:03:50,080
But this code is not actually in public use right now.

60
00:03:50,080 --> 00:03:52,970
You could see very plainly it says reserved for future use.

61
00:03:52,990 --> 00:04:00,550
So instead I think that we'll use a 403 forbidden to kind of indicate Hey you're not quite authorized

62
00:04:00,550 --> 00:04:02,310
to do what you're trying to do here.

63
00:04:02,320 --> 00:04:04,140
Not exactly.

64
00:04:04,190 --> 00:04:10,630
You know not quite exactly in communicating the intent of what we're trying to say here but close enough

65
00:04:11,070 --> 00:04:13,920
in lieu of the fact that we can't use for O2.

66
00:04:13,960 --> 00:04:17,870
So we'll send back a status of four or three like so.

67
00:04:18,550 --> 00:04:18,910
OK.

68
00:04:18,970 --> 00:04:21,200
So that's all required credits middleware.

69
00:04:21,250 --> 00:04:26,410
Again there's only one location site of our application where we want to do this check right now but

70
00:04:26,470 --> 00:04:31,300
I can easily imagine at some point in the future having other routes where we need to make sure the

71
00:04:31,300 --> 00:04:36,370
user has some minimum amount of money inside of their account.

72
00:04:36,490 --> 00:04:42,280
So I'm not going to close the required credits middleware and the require loggin middleware.

73
00:04:42,310 --> 00:04:47,980
I'm now back inside of our survey route's file and I'm going to require in and hook up the new middleware

74
00:04:47,980 --> 00:04:49,490
that we've just created.

75
00:04:49,570 --> 00:05:00,680
So I'll say Konst required credits is require up one directory middleware weares require credits like

76
00:05:00,700 --> 00:05:06,290
some then we need to make sure that we wire up the middleware itself to the request handler.

77
00:05:06,330 --> 00:05:12,780
Again remember we can put in as many middleware as we want to the request handler function.

78
00:05:12,790 --> 00:05:14,800
The post function.

79
00:05:14,910 --> 00:05:20,100
The only requirement is we need to make sure that we add them in as arguments in the order that we want

80
00:05:20,100 --> 00:05:21,730
them to be executed.

81
00:05:21,780 --> 00:05:27,330
So you can very easily imagine that we definitely want to make sure that the user is logged in before

82
00:05:27,330 --> 00:05:29,540
we check the number of credits they have.

83
00:05:29,670 --> 00:05:34,410
But we definitely want to do both of these checks before they get to the actual request handler body

84
00:05:34,500 --> 00:05:36,220
which is the Aero function here.

85
00:05:36,540 --> 00:05:40,230
So I think that right after checking to make sure that the user is logged in.

86
00:05:40,350 --> 00:05:45,900
But right before we actually create the survey we can do this check to make sure that a user has the

87
00:05:45,900 --> 00:05:47,540
minimum number of credits.

88
00:05:47,610 --> 00:05:52,870
So I'm going to add in the required credits right here.

89
00:05:52,940 --> 00:05:55,030
So I got a pretty long line of code here.

90
00:05:55,070 --> 00:05:58,000
I'm going to zoom out for just a second so you can see the whole thing.

91
00:05:58,340 --> 00:06:03,980
So in total we're saying if anyone makes a post request to API slash surveys first make sure that they

92
00:06:03,980 --> 00:06:09,650
are logged in then make sure they have enough credits and then you can finally go ahead and create a

93
00:06:09,650 --> 00:06:12,820
survey or do whatever logic you want to put inside of here.

94
00:06:13,390 --> 00:06:13,720
OK.

95
00:06:13,730 --> 00:06:14,810
So I think that's about it.

96
00:06:14,810 --> 00:06:20,140
We're now ready to move onto the actual survey creation process inside of this request handler body.

97
00:06:20,270 --> 00:06:22,370
So let's take care of that in the next section.

98
00:06:22,370 --> 00:06:24,010
I'll see you in just a minute.