1
00:00:00,210 --> 00:00:05,640
In this video we're going to turn our attention back to the lag in end point and we're going to set

2
00:00:05,640 --> 00:00:11,260
this up to actually generate a Jason Webb token and send it back to the user.

3
00:00:11,280 --> 00:00:17,280
We'll also do the exact same thing for signing up if you just signed up you shouldn't have to log in

4
00:00:17,280 --> 00:00:19,130
in order to start doing things.

5
00:00:19,200 --> 00:00:22,910
We know you're that user because we just created your account.

6
00:00:22,980 --> 00:00:30,050
So both of these requests are going to end up sending back JWT authentication tokens.

7
00:00:30,120 --> 00:00:35,100
That means we don't want to write all of the code for generating the token right here in either of the

8
00:00:35,100 --> 00:00:39,060
handlers because we would need to duplicate it to both places.

9
00:00:39,060 --> 00:00:45,450
Instead we'll create another function we can reuse whenever we need to generate an authentication token

10
00:00:45,480 --> 00:00:47,130
for a given user.

11
00:00:47,130 --> 00:00:53,340
Now we're gonna go ahead and use the function before we define it so we can see what we're getting ourselves

12
00:00:53,340 --> 00:00:59,430
into right here we're going to create a function that returns the token in that token will get sent

13
00:00:59,430 --> 00:01:00,290
to the user.

14
00:01:00,360 --> 00:01:03,800
We'll modify these send call below in just a second.

15
00:01:03,880 --> 00:01:06,600
We can create that function to return a promise.

16
00:01:06,630 --> 00:01:12,600
So we will use a weight to actually get the token back since that function is going to do asynchronous

17
00:01:12,630 --> 00:01:13,620
things.

18
00:01:13,620 --> 00:01:20,860
And right here this function it's not going to be accessible on uppercase U user like we did with find

19
00:01:20,880 --> 00:01:22,290
by credentials.

20
00:01:22,290 --> 00:01:28,350
This makes sense when we're not working with an individual user but we're working with the user collection

21
00:01:28,440 --> 00:01:29,480
as a whole.

22
00:01:29,610 --> 00:01:34,660
In this case though we're trying to generate a token for a very specific user.

23
00:01:34,710 --> 00:01:40,500
So we're going to set up the method to live on the user instance which in this case would be user defined

24
00:01:40,590 --> 00:01:41,720
right here.

25
00:01:41,730 --> 00:01:47,450
So that would be user dot and then we can pick whatever name we'd like for our method.

26
00:01:47,520 --> 00:01:52,920
Let's go ahead and use something like generate off token.

27
00:01:52,920 --> 00:01:58,000
So we're gonna call generate auth token that'll generate the token for this user.

28
00:01:58,050 --> 00:02:02,370
It'll give us the token back and we can send that back to the requester.

29
00:02:02,490 --> 00:02:07,860
So let's go ahead and actually start to put some of this into practice by figuring out how we can create

30
00:02:07,890 --> 00:02:12,240
a new method for an instance of user to do that.

31
00:02:12,240 --> 00:02:15,950
We're going to head over to the user models file once again.

32
00:02:16,080 --> 00:02:22,260
Now down below we already created something similar that was fined by credentials up here we'll add

33
00:02:22,320 --> 00:02:28,230
the new method we'll start off with user schema as we will be setting something on there but instead

34
00:02:28,230 --> 00:02:35,730
of user schema dot statics like we had down below it's gonna be user schema and we're accessing methods

35
00:02:36,000 --> 00:02:41,820
from here we can setup a new method and right here we'll call that what we call it in our other file

36
00:02:42,030 --> 00:02:49,890
that was generate off token and I will set this up as a standard function since we are going to need

37
00:02:49,890 --> 00:02:50,690
to use the.

38
00:02:50,720 --> 00:02:54,860
This binding like we did with our middleware down below.

39
00:02:54,990 --> 00:03:00,160
So I will use an async function not an async aero function.

40
00:03:00,440 --> 00:03:06,740
And right here we'll have access to the ability to write that code so static methods are accessible

41
00:03:06,740 --> 00:03:14,180
on the model sometimes called Model methods and our methods are accessible on the instances sometimes

42
00:03:14,180 --> 00:03:16,430
called instance methods.

43
00:03:16,490 --> 00:03:20,910
So let's go ahead and actually fill this out to generate and return a token.

44
00:03:20,960 --> 00:03:27,230
So we're calling this on a specific user and we get access to that user via this much like we did for

45
00:03:27,230 --> 00:03:29,030
our middleware function.

46
00:03:29,030 --> 00:03:36,260
So const user equals this is a good way to get started allowing us to access user instead of this this

47
00:03:36,260 --> 00:03:40,200
line not necessary it just makes life a little bit easier.

48
00:03:40,400 --> 00:03:47,760
And the next thing we're going to do is generate a JWT using JWT dot sign.

49
00:03:47,780 --> 00:03:51,110
So up top let's go ahead and load this in first.

50
00:03:51,440 --> 00:03:56,990
A new const JWT which gets its value from requiring the following.

51
00:03:57,140 --> 00:04:04,910
Jason web token now once we have the require call in place we can actually use the method down below.

52
00:04:04,910 --> 00:04:11,330
So right here we know we're going to get our token back as we did in index dot J S and we'll be using

53
00:04:11,360 --> 00:04:16,730
JWT dot sign to provide our payload and our secret.

54
00:04:16,730 --> 00:04:19,760
We can pick whatever value we'd like for the secret.

55
00:04:19,760 --> 00:04:22,510
I'll use the same value I had used before.

56
00:04:22,520 --> 00:04:24,260
This is my new course.

57
00:04:24,260 --> 00:04:28,640
So right here this is my new course.

58
00:04:28,640 --> 00:04:33,300
Next up we have to provide a payload that uniquely identifies the user.

59
00:04:33,320 --> 00:04:35,800
And here we're just going to use their I.D..

60
00:04:35,930 --> 00:04:43,200
So we'll set underscore I.D. equal to will then use user dot I.D..

61
00:04:43,220 --> 00:04:45,620
And remember this is an object I.D..

62
00:04:45,830 --> 00:04:53,090
So I'll use to string to convert that to a standard string which is what JWT is expecting.

63
00:04:53,090 --> 00:04:59,180
So now we actually have a token created and we can go ahead and return it from this function.

64
00:04:59,180 --> 00:05:04,280
So right here I'm going to use return to return the token.

65
00:05:04,280 --> 00:05:11,390
And now we can test things out I'll save the User model I'll save the user router to make sure this

66
00:05:11,390 --> 00:05:16,720
code is actually running an over going to do is change what we're sending back.

67
00:05:16,790 --> 00:05:20,180
Currently we're just sending back the user instead.

68
00:05:20,420 --> 00:05:27,500
We're going to send back an object with two properties one the user property will still contain all

69
00:05:27,500 --> 00:05:32,330
of that user data and the other the token property will contain our token.

70
00:05:32,600 --> 00:05:37,010
So here I'm using these shorthand syntax to define both properties.

71
00:05:37,010 --> 00:05:43,420
I'm gonna save the program and we'll head over to the log in request in post man once again.

72
00:05:43,430 --> 00:05:48,590
So over here I have that log in request and in the previous video it did work as expected.

73
00:05:48,590 --> 00:05:50,840
We got our user data back.

74
00:05:50,840 --> 00:05:56,230
I'm gonna go ahead and send it off again without making any changes to it and things is still work.

75
00:05:56,240 --> 00:05:59,020
We still get a two hundred down below though.

76
00:05:59,180 --> 00:06:05,900
We have user data on the user property and we have our authentication token down below.

77
00:06:05,900 --> 00:06:11,870
So at this point we're providing the authentication token to the client and the client can now take

78
00:06:11,870 --> 00:06:15,950
this and make other requests that require authentication.

79
00:06:15,950 --> 00:06:21,710
Now currently no request requires authentication but we're work on fixing that shortly.

80
00:06:21,710 --> 00:06:26,690
Now one thing you'll notice about the current setup is that we're not keeping track of this token value

81
00:06:26,720 --> 00:06:32,660
anywhere on the server the server simply generates it with the correct secret and sends it back.

82
00:06:32,660 --> 00:06:35,150
Now this has an important implication.

83
00:06:35,180 --> 00:06:37,720
Users can't truly log out.

84
00:06:37,790 --> 00:06:42,460
This token as long as it exists means the user is logged in.

85
00:06:42,500 --> 00:06:49,010
So if it gets in the wrong hands a user has no way to log out and invalidate a given token.

86
00:06:49,010 --> 00:06:53,710
We can go ahead and fix that by tracking tokens we generate for users.

87
00:06:53,720 --> 00:06:59,930
This will allow a user to log in from multiple devices like their laptop and a phone then they'd be

88
00:06:59,930 --> 00:07:04,400
able to log out of one while still being logged in to the other.

89
00:07:04,400 --> 00:07:09,100
So all we're going to do is store all of the tokens we generate for a user.

90
00:07:09,200 --> 00:07:09,580
Right.

91
00:07:09,620 --> 00:07:11,540
As part of the user document.

92
00:07:11,690 --> 00:07:14,950
Let's go ahead and knock that out to wrap up the video.

93
00:07:15,050 --> 00:07:20,540
Now to start this feature we're going to head over to users and for the first time in a long time we're

94
00:07:20,540 --> 00:07:23,960
going to add something new on to each individual user.

95
00:07:23,960 --> 00:07:29,840
We have name email password and age down below we'll add a another field.

96
00:07:29,840 --> 00:07:36,470
This one is going to be called tokens and tokens is actually going to be an array of objects.

97
00:07:36,470 --> 00:07:40,490
So right here we set up an array with one item an object.

98
00:07:40,550 --> 00:07:45,140
And right here we can define what each object should look like.

99
00:07:45,140 --> 00:07:51,480
Each object is going to have fields of its own similar to age password email and name.

100
00:07:51,530 --> 00:07:57,980
And in this case we're just going to have one each token in that tokens array will be an checked with

101
00:07:57,980 --> 00:08:03,170
a single field called token token is going to be a string.

102
00:08:03,260 --> 00:08:09,430
So I'll set type equal to string like I've done plenty of times before for other Mongoose fields.

103
00:08:09,650 --> 00:08:11,720
And it's also going to be required.

104
00:08:11,750 --> 00:08:17,540
So if you're going to add a new item and to the tokens array it needs this property right here I'll

105
00:08:17,540 --> 00:08:20,270
set required equal to true.

106
00:08:20,270 --> 00:08:25,940
Now there's no need for any other validation since this is a value that will always be provided by the

107
00:08:25,940 --> 00:08:26,720
server.

108
00:08:26,720 --> 00:08:32,510
So there's no need to do anything like trim it since it's not something the user is typing in or providing

109
00:08:32,720 --> 00:08:34,570
in any way whatsoever.

110
00:08:34,580 --> 00:08:39,140
All we're doing here is providing us a way to store an array of objects.

111
00:08:39,170 --> 00:08:40,810
Each has a token property.

112
00:08:40,880 --> 00:08:44,180
It is the token we're trying to track now.

113
00:08:44,180 --> 00:08:48,940
Down below we can add the newly generated token to this tokens array.

114
00:08:48,950 --> 00:08:50,730
Let's go ahead and get that done.

115
00:08:50,780 --> 00:08:56,990
We're going to make a change to the function we just created that is generate off token and right here

116
00:08:57,020 --> 00:09:03,200
after the token is created we're going to add it to that array and we're going to save the user making

117
00:09:03,200 --> 00:09:06,230
sure that token shows up in the database.

118
00:09:06,230 --> 00:09:10,390
All that means for us is we will be concatenate eating the item onto the array.

119
00:09:10,400 --> 00:09:14,750
So I'm going to set user dot tokens equal to here.

120
00:09:14,750 --> 00:09:21,670
We'll use user dot tokens dogs can cat to concatenate on a new item.

121
00:09:21,680 --> 00:09:27,760
That'll be an object with the token property to find which is exactly what we said we had an array of

122
00:09:27,770 --> 00:09:29,660
when we defined it up above.

123
00:09:29,660 --> 00:09:30,550
Right here.

124
00:09:30,860 --> 00:09:36,680
The token property will get its value from the token variable so I'll use these shorthand syntax to

125
00:09:36,680 --> 00:09:37,880
define that.

126
00:09:37,910 --> 00:09:43,430
Now the only other thing we should do is make sure that we call save so the token does get saved to

127
00:09:43,430 --> 00:09:44,660
the database.

128
00:09:44,660 --> 00:09:47,980
I will await a call to user dot save.

129
00:09:47,990 --> 00:09:49,400
And there we go.

130
00:09:49,460 --> 00:09:54,830
Now we are generating tokens and we're also saving them to the database.

131
00:09:54,830 --> 00:10:01,100
So once again from post man I'm going to log in as the user I'm gonna see that the request works and

132
00:10:01,100 --> 00:10:03,220
I do indeed get a new token back.

133
00:10:03,380 --> 00:10:08,320
And now I'm also getting back a tokens array with these stored tokens.

134
00:10:08,420 --> 00:10:14,600
Now like password this is something we're gonna hide and clean up very shortly but for now it's OK that

135
00:10:14,600 --> 00:10:15,810
it's coming back.

136
00:10:15,860 --> 00:10:21,560
What I want to do is head over to the database so I'm going to crack open robo 3 T.

137
00:10:21,650 --> 00:10:26,710
I'm gonna refresh that user's collection and since I had deleted the database shortly.

138
00:10:26,720 --> 00:10:29,480
This is actually the only user I have.

139
00:10:29,480 --> 00:10:31,560
Right here we have a single token.

140
00:10:31,640 --> 00:10:37,530
If I go ahead and expand the record I can take a look at the tokens array.

141
00:10:37,610 --> 00:10:40,820
I have one item with a single property token.

142
00:10:40,820 --> 00:10:47,030
Now you'll notice that my token document the object in my array of objects it actually has an object

143
00:10:47,060 --> 00:10:48,620
I.D. of its own.

144
00:10:48,650 --> 00:10:56,480
This is known as a sub document and some documents like regular documents also have an object I.D. automatically

145
00:10:56,510 --> 00:10:58,090
generated for them.

146
00:10:58,100 --> 00:11:04,180
Now we're not going to use it but it is indeed there and I wanted to explain why it's showing up alongside

147
00:11:04,250 --> 00:11:06,940
of the property that we actually configured.

148
00:11:06,980 --> 00:11:14,240
So now the log in request actually generates and stores and authentication token and it sends it back

149
00:11:14,390 --> 00:11:16,060
to you from here.

150
00:11:16,070 --> 00:11:20,430
We're gonna go ahead and do something similar for these sign up request up above.

151
00:11:20,540 --> 00:11:23,290
And it's actually gonna be your challenge for the video.

152
00:11:23,300 --> 00:11:29,680
What I'd like you to do is have these sign up request also send back a new authentication token.

153
00:11:29,780 --> 00:11:35,510
So when a new user creates an account they shouldn't need to provide their credentials once just to

154
00:11:35,510 --> 00:11:38,210
provide them again right away to log in.

155
00:11:38,480 --> 00:11:43,070
So sign up will also generate and return and authentication token.

156
00:11:43,160 --> 00:11:44,170
So right here.

157
00:11:44,180 --> 00:11:48,210
Step 1 generate a token for the saved user.

158
00:11:48,230 --> 00:11:54,440
So after we save the user and we know their data is valid you're going to generate the new token using

159
00:11:54,440 --> 00:12:00,560
the function we've already created then you're gonna make sure to send back both the user and the token

160
00:12:00,740 --> 00:12:02,500
as the response body.

161
00:12:02,540 --> 00:12:10,010
And finally you'll test your work create a new user in post man and ensure that you get a token back.

162
00:12:10,010 --> 00:12:11,660
Take some time to knock that out.

163
00:12:11,660 --> 00:12:14,330
Test your work and when you're done click play

164
00:12:17,780 --> 00:12:18,620
how'd that go.

165
00:12:18,620 --> 00:12:21,490
I'm going to kick things off with step number one.

166
00:12:21,500 --> 00:12:28,530
I want to generate a token for the saved user and I'm gonna do that right here after the user is saved.

167
00:12:28,540 --> 00:12:37,410
That'll be a call to user dot generate auth token and we know we get the token back.

168
00:12:37,410 --> 00:12:39,420
So let's create a variable for it.

169
00:12:39,450 --> 00:12:43,550
Const token equals whatever comes back from the function.

170
00:12:43,560 --> 00:12:46,440
Now that function is indeed a synchronous.

171
00:12:46,440 --> 00:12:48,370
So once again we'll use a wait.

172
00:12:48,480 --> 00:12:51,150
Exactly like we had done down below.

173
00:12:51,150 --> 00:12:57,050
Next up we want to modify send it to send back the user end the token right here to do that.

174
00:12:57,060 --> 00:13:00,730
We'll send back an object with both of those as properties.

175
00:13:00,740 --> 00:13:08,280
User first then after that token the last thing to do is to test our work.

176
00:13:08,280 --> 00:13:15,180
I want to create a new user from postman and ensure they do indeed have a authentication token associated

177
00:13:15,180 --> 00:13:15,630
with them.

178
00:13:16,140 --> 00:13:22,410
So for this I will head back over to postman we'll go to our create user request.

179
00:13:22,440 --> 00:13:24,380
Now this email is already taken.

180
00:13:24,390 --> 00:13:26,480
So I'll just add to after it.

181
00:13:26,490 --> 00:13:27,550
So now it's Andrew.

182
00:13:27,560 --> 00:13:35,370
To add example dot com I'll fire off that create user request I get a two a one down below which is

183
00:13:35,370 --> 00:13:38,980
great but what's even better is that I'm getting a token showing up.

184
00:13:39,270 --> 00:13:45,800
So this would be an authentication token that the new user can now use to do authenticated things.