1
00:00:01,630 --> 00:00:06,930
Now that Mongo D.B. is all set up let's start to work on authentication on our Express API.

2
00:00:06,970 --> 00:00:11,800
We're going to first begin with a quick overview of how we're going to handle the authentication process.

3
00:00:11,800 --> 00:00:15,730
So in this diagram right here I've diagrammed out exactly what's gonna happen when a user tries to sign

4
00:00:15,730 --> 00:00:17,290
up for a new account.

5
00:00:17,290 --> 00:00:23,140
Remember our accounts are going to be based upon email and password authentication so whenever a user

6
00:00:23,140 --> 00:00:27,070
first uses our application they need to first sign up for an account.

7
00:00:27,220 --> 00:00:33,580
When that occurs we're gonna have our phone make a post request to our Express API inside of this post

8
00:00:33,580 --> 00:00:39,330
request we're going to include the email and password that the user wants to use to sign up now.

9
00:00:39,370 --> 00:00:42,340
Emails inside of our application must be unique.

10
00:00:42,540 --> 00:00:46,750
In other words we cannot have two different user accounts with the same email.

11
00:00:46,830 --> 00:00:52,140
So before the Express API receives that email and password and uses it to make a new account the Express

12
00:00:52,140 --> 00:00:58,200
API will first reach out to mongo DV and make sure that nobody has ever signed up with that email before.

13
00:00:58,200 --> 00:01:03,390
If that email is already in use then the Express API will immediately send an error message back to

14
00:01:03,390 --> 00:01:09,890
whoever made this post request if the email is not in use then we'll go ahead and create a new user

15
00:01:09,890 --> 00:01:10,620
account.

16
00:01:10,670 --> 00:01:16,370
So we're gonna take that email and password we're gonna make a new entry inside of Mongo D.B. and reflect

17
00:01:16,370 --> 00:01:20,210
that user's email and password inside there at that point.

18
00:01:20,210 --> 00:01:25,220
We would then consider our user to be logged into our application in order to consider a user to be

19
00:01:25,220 --> 00:01:25,950
logged in.

20
00:01:26,000 --> 00:01:31,850
We're going to provide the user with something called a Jason web token or JWT.

21
00:01:31,850 --> 00:01:38,150
That's also sometimes pronounced as just this Jason web token is an encoded string or essentially a

22
00:01:38,150 --> 00:01:41,270
string that has some information inside of it.

23
00:01:41,270 --> 00:01:46,700
This string is going to prove that the email or smear of the user is the person who provided the email

24
00:01:46,730 --> 00:01:48,650
of test at test dot com.

25
00:01:48,980 --> 00:01:54,020
That Jason web token is going to prove that the user is signed into our application so we will expect

26
00:01:54,020 --> 00:01:59,220
them to provide that Jason web token with any follow up requests to authenticate themselves.

27
00:01:59,270 --> 00:02:03,550
We're going to go into a lot of detail around this Jason web token as we start to implement it.

28
00:02:03,560 --> 00:02:08,720
So for right now we'll just kind of ignore that part instead let's first focus on just making sure that

29
00:02:08,720 --> 00:02:14,570
we can receive some email and password in a post request and then make a query off to our Mongo DB database

30
00:02:14,750 --> 00:02:18,520
to see if anyone has already used that email before.

31
00:02:18,640 --> 00:02:18,850
All right.

32
00:02:18,860 --> 00:02:20,580
So let's flip back over to our code editor.

33
00:02:20,590 --> 00:02:25,750
We're gonna start to write out some code to receive that post request and then issue that query.

34
00:02:25,750 --> 00:02:31,930
So going to flip back over my editor and inside my S.R. C directory I'm going to make a new folder called

35
00:02:32,020 --> 00:02:39,220
Roots then inside there I'm going to make a new file called off routes dot J.S. so inside this file

36
00:02:39,280 --> 00:02:44,380
we're going to write out all of our request handling logic to deal with anything related to authentication

37
00:02:44,770 --> 00:02:50,530
so that might be signing up or signing in or whatever else inside of here we're going to first begin

38
00:02:50,530 --> 00:02:58,560
by requiring in the Express library will then use Express to create something called a router so I'll

39
00:02:58,560 --> 00:03:05,850
say router is express dot router like so a router is essentially a little object that allows us to associate

40
00:03:05,850 --> 00:03:08,450
some number of root handlers with it.

41
00:03:08,700 --> 00:03:12,050
We can then take that router and associate it back with our app object.

42
00:03:12,060 --> 00:03:19,690
We had it created inside of indexed dot J.S. so on this router I'm going to add router dot post slash

43
00:03:19,810 --> 00:03:27,370
sign up like so so we're saying that anytime that someone makes a post request to slash sign up we want

44
00:03:27,370 --> 00:03:33,990
to run that function right there this function will be called with our rec and rez objects.

45
00:03:33,990 --> 00:03:35,390
It's now in the body of this function.

46
00:03:35,430 --> 00:03:39,210
We're going to go through the entire process that we just described so we're gonna see if anyone is

47
00:03:39,210 --> 00:03:44,550
signed up with that email before have some error handling and eventually synthesize that Jason web token

48
00:03:44,580 --> 00:03:46,820
and send it back to the phone.

49
00:03:47,060 --> 00:03:47,600
Right now.

50
00:03:47,610 --> 00:03:52,820
Anytime we get a post request let's just send back another text response so I'll do something like Red

51
00:03:52,870 --> 00:03:53,920
Dot send.

52
00:03:54,170 --> 00:04:01,370
You made a post request so we'll just do a little bit of testing here to make sure we have some ability

53
00:04:01,370 --> 00:04:06,590
to actually send some arbitrary information to our API and then we'll start working on that actual authentication

54
00:04:07,460 --> 00:04:10,700
to make sure that our router is used by our application.

55
00:04:10,730 --> 00:04:18,070
We're going to export it at the bottom to file then back inside of index dot J.S. at the very top.

56
00:04:18,170 --> 00:04:26,530
I will import or require in that router that we just export it so look in the roots directory and find

57
00:04:26,530 --> 00:04:34,000
the roots file and then to use that router with our app that we created right here right after we create

58
00:04:34,000 --> 00:04:34,360
the app.

59
00:04:34,370 --> 00:04:41,110
I'll say app use of roots said essentially associates all the request handlers we added to the router

60
00:04:41,260 --> 00:04:44,490
with our main express application all right.

61
00:04:44,500 --> 00:04:48,010
Now here's the thing we're going to very quickly want to test out this root handler.

62
00:04:48,010 --> 00:04:52,690
Like even right now I want to attempt to make a post request to slash sign up just to get back that

63
00:04:52,690 --> 00:04:56,230
text message and make sure that we associated that router correctly.

64
00:04:56,230 --> 00:05:01,200
The problem however is that we cannot very easily use the browser to do that.

65
00:05:01,270 --> 00:05:06,340
Remember anytime you write out a address inside of your address bar and hit the enter key that makes

66
00:05:06,370 --> 00:05:09,640
a get type request to that address.

67
00:05:09,640 --> 00:05:14,040
So we don't want to make a gate type request instead we want to make a post request.

68
00:05:14,320 --> 00:05:19,570
So to test out this root handler very easily we can use a small third party tool.

69
00:05:19,570 --> 00:05:20,820
So let's take a quick pause right here.

70
00:05:20,830 --> 00:05:24,730
When we come back the next video we're going to install this little third party tool and understand

71
00:05:24,760 --> 00:05:27,970
how we're going to use it to test out our API in general.

72
00:05:27,970 --> 00:05:30,820
So quick pause and we'll try that tool out in the next video.