1
00:00:00,210 --> 00:00:05,460
In this video you're going to add a new route that allows users to log out of the application so they

2
00:00:05,460 --> 00:00:09,750
have the ability to log in and generate a new authentication token.

3
00:00:09,780 --> 00:00:14,280
And we have code in place to actually verify the authentication tokens.

4
00:00:14,370 --> 00:00:20,000
And now it's time to figure out how these can get removed when the user is done to do this we will.

5
00:00:20,000 --> 00:00:25,090
As I mentioned just be setting up a single new route over in the user router.

6
00:00:25,260 --> 00:00:26,760
And I'm going to add it just below.

7
00:00:26,760 --> 00:00:29,360
Sign up and log in right here.

8
00:00:29,370 --> 00:00:35,640
We're going to set up a third route related to authentication that will allow a user to log out right

9
00:00:35,640 --> 00:00:36,030
here.

10
00:00:36,030 --> 00:00:43,440
That'll be router dot post and we're going to set up the following You are all forward slash users forward

11
00:00:43,440 --> 00:00:45,230
slash log out.

12
00:00:45,240 --> 00:00:49,140
Now this particular endpoint is gonna require authentication.

13
00:00:49,140 --> 00:00:54,750
You have to be authenticated in order to log out and then we'll set up our callback function.

14
00:00:54,750 --> 00:01:01,290
The root handler and I'll set it up as an async function where we get access to the request and the

15
00:01:01,290 --> 00:01:02,670
response.

16
00:01:02,670 --> 00:01:09,090
Now inside of here what we want to have access to is the particular token that they used when authenticating.

17
00:01:09,120 --> 00:01:15,300
Remember if I have five different sessions where I'm logged in such as for my personal computer or my

18
00:01:15,300 --> 00:01:20,640
phone and my work computer and I log out of one I don't want to log out of everything.

19
00:01:21,000 --> 00:01:26,610
So I want to target these specific token that was used when they authenticated right here.

20
00:01:26,610 --> 00:01:32,580
Now to get that done all we're going to do is make a one line change two off dot J S we are adding the

21
00:01:32,580 --> 00:01:36,150
user onto the request so it can be accessed later.

22
00:01:36,150 --> 00:01:42,510
Right here we're just going to add to the token on as well so request dot token is going to equal the

23
00:01:42,510 --> 00:01:46,460
token that was used right here in the variable above.

24
00:01:46,470 --> 00:01:52,150
Now once we save the program the other route handlers will have access to that token.

25
00:01:52,200 --> 00:01:57,330
And right here we can use it to delete it correctly off of that user profile.

26
00:01:57,330 --> 00:02:01,850
Now the first thing we're going to do as always is set up a tri catch statement.

27
00:02:01,980 --> 00:02:09,000
And once we have that in place we can focus on actually removing a given item from that tokens array

28
00:02:09,390 --> 00:02:13,080
and to do this we'll use the array filter method which we've used before.

29
00:02:13,080 --> 00:02:18,790
Now the nice thing here is that since we were authenticated we already have access to the user data.

30
00:02:18,810 --> 00:02:25,790
There's no need to fetch it again because right here request dot user is the user which means that all

31
00:02:25,800 --> 00:02:30,190
I'm going to do is change request dot user dot tokens.

32
00:02:30,270 --> 00:02:33,840
Then I'll use the same method to save my changes.

33
00:02:33,840 --> 00:02:39,530
Now right here we're going to set the tokens array equal to a filtered version of itself.

34
00:02:39,570 --> 00:02:47,510
So request dot user dot tokens dot filter and we'll provide our callback function.

35
00:02:47,550 --> 00:02:50,580
Now right here we get access to the individual token.

36
00:02:50,580 --> 00:02:57,360
Now remember that is the object that has a token property and the underscore I.D. property and down

37
00:02:57,360 --> 00:03:00,460
below we can figure out what exactly we want to do.

38
00:03:00,530 --> 00:03:06,690
And right here all we're going to do is return true when the token that we're currently looking at isn't

39
00:03:06,690 --> 00:03:09,270
the one that was used for authentication.

40
00:03:09,270 --> 00:03:14,960
So right here I'm going to return we'll look at the current token we are iterating over.

41
00:03:14,970 --> 00:03:17,730
Remember that's an object with the token property.

42
00:03:17,730 --> 00:03:23,810
So it's token dot token and we're going to check when it's not equal to the one that was used.

43
00:03:23,820 --> 00:03:28,610
That is request dot token if they're not equal we're going to return true.

44
00:03:28,620 --> 00:03:34,230
Keeping it in the tokens array if they are equal it will end up returning false filtering it out and

45
00:03:34,230 --> 00:03:35,370
removing it.

46
00:03:35,490 --> 00:03:38,670
Now nothing is going to get saved until we actually call save.

47
00:03:38,700 --> 00:03:46,740
So right here I will use a wait with request dot user dot save and then we can worry about sending that

48
00:03:46,740 --> 00:03:54,460
response back if things went well over going to do is send back a two hundred using response dot send.

49
00:03:54,690 --> 00:04:00,320
If things didn't go well then we'll go ahead and send back a 500 response dot status.

50
00:04:00,330 --> 00:04:06,280
Five hundred and right here using send to send that off now that we have this in place.

51
00:04:06,330 --> 00:04:08,800
Users have the ability to log out.

52
00:04:09,030 --> 00:04:13,910
Let's go ahead and save our work and make sure it's actually functioning as expected.

53
00:04:13,920 --> 00:04:20,100
We're also going to set up a new request over in that task app collection so we can fire this off as

54
00:04:20,130 --> 00:04:22,080
often as we need to.

55
00:04:22,080 --> 00:04:29,280
So right here in post man we're going to add a new request to the task at collection right here I'm

56
00:04:29,280 --> 00:04:32,810
going to call this one log out user.

57
00:04:33,020 --> 00:04:37,310
I'll go ahead and save that to the collection and it's showing up down below.

58
00:04:37,400 --> 00:04:38,960
I'm going to drag that up above.

59
00:04:38,960 --> 00:04:43,400
Keeping it organized with my other routes related to authentication.

60
00:04:43,400 --> 00:04:48,720
And then once I have that in place we can open it up and focus on actually customizing it.

61
00:04:48,740 --> 00:04:55,340
Now here I want to use the post H TTP method and I do want to use my environment variable which we ended

62
00:04:55,340 --> 00:04:57,570
up setting up in the last video.

63
00:04:57,740 --> 00:05:02,250
Then it was forward slash users forward slash log out.

64
00:05:02,300 --> 00:05:07,120
Now for this one I do need to be logged in and under authorization.

65
00:05:07,130 --> 00:05:11,940
I already have inherent off from parent showing up so there's no need to change anything.

66
00:05:11,960 --> 00:05:14,270
This request is actually done.

67
00:05:14,270 --> 00:05:15,920
So what I'm going to do is save it.

68
00:05:16,010 --> 00:05:20,300
And before I fire it off I'm going to make sure this token is working.

69
00:05:20,300 --> 00:05:26,420
So over here I'll run read profile and make sure I can actually get the profile and then I'll log out

70
00:05:26,450 --> 00:05:27,750
and try to do this again.

71
00:05:28,310 --> 00:05:34,310
So over in the log out request all I'm going to do is fire it off as is I get my two hundred which is

72
00:05:34,310 --> 00:05:35,550
a great sign.

73
00:05:35,690 --> 00:05:41,590
And to verify that things are working I'll try to authenticate with that token once again over here

74
00:05:41,630 --> 00:05:43,730
getting the user's profile.

75
00:05:43,730 --> 00:05:45,440
I fire that off and what do I get.

76
00:05:45,440 --> 00:05:53,060
I get a four a one unauthorized and down below I have my error message coming from off the DOT J S telling

77
00:05:53,060 --> 00:05:55,410
me to please authenticate.

78
00:05:55,430 --> 00:05:56,480
So there we go.

79
00:05:56,540 --> 00:06:01,610
Once we have that off the middleware in place we can customize our other routes without a heck of a

80
00:06:01,610 --> 00:06:02,620
lot of work.

81
00:06:02,660 --> 00:06:08,540
Here we were able to create that log out route pretty easily since we already had access to the token

82
00:06:08,660 --> 00:06:10,610
on request dot token.

83
00:06:10,610 --> 00:06:14,920
And we already had access to the user on request not user.

84
00:06:14,990 --> 00:06:19,730
All we had to do was alter the array and save things sending the response back.

85
00:06:19,730 --> 00:06:25,640
Now what if you wanted to create a variation of this route that allows you to log out of all sessions

86
00:06:25,850 --> 00:06:30,280
so you can see services like Netflix and Gmail that allow you to do this.

87
00:06:30,290 --> 00:06:33,690
So I have my Netflix account and I give it out to a bunch of friends.

88
00:06:33,770 --> 00:06:39,230
I'm sick of having to share the account so I log out of all sessions to kick them all out and I change

89
00:06:39,410 --> 00:06:40,550
the password.

90
00:06:40,550 --> 00:06:47,120
We can do the same thing here allowing a given user to log out wiping all of the tokens instead of just

91
00:06:47,120 --> 00:06:49,210
the one they're actually using.

92
00:06:49,280 --> 00:06:54,430
And down below right here that's going to be your challenge for the video.

93
00:06:54,450 --> 00:06:59,120
So your goal is to create a way with a new route to log out of all sessions.

94
00:06:59,130 --> 00:07:06,120
You're going to set it up as the following post forward slash users forward slash log out all.

95
00:07:06,120 --> 00:07:10,840
Then you're going to set up the root handler to wipe the tokens array completely.

96
00:07:10,950 --> 00:07:15,440
You'll send back a two hundred if it went well or a five hundred if it went poorly.

97
00:07:15,450 --> 00:07:20,220
And finally you'll test your work so log in as a user five or six times.

98
00:07:20,220 --> 00:07:24,040
Make sure you have a few tokens in that tokens array.

99
00:07:24,060 --> 00:07:27,020
Use a log out all and they should all be gone.

100
00:07:27,030 --> 00:07:31,620
You can check the database to make sure all of the tokens have been wiped.

101
00:07:31,620 --> 00:07:36,600
Take some time to knock that out test your work and when you're done come back and click play

102
00:07:40,480 --> 00:07:41,290
how'd that go.

103
00:07:41,290 --> 00:07:42,210
I'll kick things off.

104
00:07:42,220 --> 00:07:43,420
Just up above.

105
00:07:43,420 --> 00:07:50,740
By setting up a call to Router dot post the following You are all forward slash users forward slash

106
00:07:50,800 --> 00:07:58,580
log out all and this one is going to require authentication once again and then we'll set up our async

107
00:07:58,580 --> 00:07:59,960
function right here.

108
00:07:59,960 --> 00:08:01,760
Request and response.

109
00:08:01,760 --> 00:08:04,240
Setting up the arrow function body.

110
00:08:04,340 --> 00:08:07,270
Now we have to fill out the actual root handler itself.

111
00:08:07,280 --> 00:08:14,080
And right here we'll start by using try catch as we've always done and then we'll move on to the actual

112
00:08:14,080 --> 00:08:16,470
task of wiping the tokens array.

113
00:08:16,690 --> 00:08:22,540
Now up above we had to use filter to filter out specific tokens while leaving others in place about

114
00:08:22,660 --> 00:08:23,580
to wipe everything.

115
00:08:23,590 --> 00:08:30,240
All we do is set request dot user dot tokens equal to an empty array.

116
00:08:30,340 --> 00:08:32,590
Then we can go ahead and save those changes.

117
00:08:32,620 --> 00:08:37,130
So I will await request dot user dot save.

118
00:08:37,210 --> 00:08:38,020
And that's it.

119
00:08:38,020 --> 00:08:41,410
Now we can just send back the appropriate response.

120
00:08:41,410 --> 00:08:47,830
I'll use response dot send to send back a two hundred if things went well and down below response dot

121
00:08:47,830 --> 00:08:50,430
status to send back a five hundred.

122
00:08:50,470 --> 00:08:58,000
If the catch block runs and there we go that's all it takes to create a new route handler for supporting

123
00:08:58,000 --> 00:09:00,970
the ability to log out of all sessions.

124
00:09:00,970 --> 00:09:03,550
Now down below we need to test our work.

125
00:09:03,550 --> 00:09:09,790
So what I'm gonna do is remove those challenge comments and save the user router over inside of postmen.

126
00:09:09,790 --> 00:09:13,090
We'll go through the process of creating this new request.

127
00:09:13,270 --> 00:09:19,930
Right here I have log out user if I click the menu to the side of it I can actually duplicate this and

128
00:09:19,930 --> 00:09:23,970
then I can create a new request which I'll rename right here.

129
00:09:25,940 --> 00:09:31,510
I'm going to go ahead and call that log out all or something similar.

130
00:09:31,600 --> 00:09:38,170
And don't we need to do is change the path up above to log out all and we can save it.

131
00:09:38,250 --> 00:09:39,240
Perfect.

132
00:09:39,240 --> 00:09:43,610
So now we want to make sure we have a couple of authentication tokens in place.

133
00:09:43,650 --> 00:09:46,250
What I'm going to do is log in a few times.

134
00:09:46,260 --> 00:09:52,850
So right here I'll go ahead and log in a log in once twice and a third time.

135
00:09:53,060 --> 00:09:58,610
And before I actually use log out all I'll head over to the database and make sure they're all showing

136
00:09:58,610 --> 00:10:01,210
up over in robo 3D.

137
00:10:01,310 --> 00:10:06,170
I have my users collection which I'll take a moment to refresh and one of these users should have a

138
00:10:06,170 --> 00:10:07,240
bunch of tokens.

139
00:10:07,250 --> 00:10:08,870
They only have one.

140
00:10:08,900 --> 00:10:09,350
There we go.

141
00:10:09,350 --> 00:10:12,230
The first one who has seven authentication tokens.

142
00:10:12,530 --> 00:10:16,930
So we're going to go ahead and log out all and make sure all of those go away.

143
00:10:17,030 --> 00:10:20,270
I'll switch back over to post man via this request.

144
00:10:20,270 --> 00:10:26,780
Off we get our two hundred and now we'll go back over to robo three TI and refresh the data.

145
00:10:26,780 --> 00:10:29,740
If I expand that first user again what do I see.

146
00:10:29,900 --> 00:10:34,570
I see zero tokens in the tokens array which is fantastic.

147
00:10:34,580 --> 00:10:40,380
So now users have a log out ability for individual sessions or for all of them.

148
00:10:40,460 --> 00:10:44,710
And now users can perform all of the steps in the authentication process.

149
00:10:44,720 --> 00:10:45,810
They can sign up.

150
00:10:45,890 --> 00:10:47,120
They can log in.

151
00:10:47,150 --> 00:10:51,800
They can use their log in token and they can log out from here.

152
00:10:51,800 --> 00:10:56,530
We're going to continue adding more features to the application in the next video.

153
00:10:56,540 --> 00:11:00,540
We're going to learn how we can hide additional data that's getting sent back.

154
00:11:00,680 --> 00:11:07,580
Things like the user password and user tokens which we never want to send back to the client even if

155
00:11:07,580 --> 00:11:09,800
that client is authenticated.

156
00:11:09,800 --> 00:11:10,280
All right.

157
00:11:10,280 --> 00:11:12,140
Let's jump right in to the next one.