We've got almost everything set up to add users to a database.

We've installed mongoose, set up a connection to Mongo D.B.

and created a schema.

The last part of the puzzle is inserting data into Mongo.

As you can see our app doesn't really do much if you submit the form.

We just get a user created message which isn't even really true.

Our next step is to update the code for posting to the register route.

The route's code is in the index.js file inside the route's directory of our app.

Here's the code for the post route.

You can see we're sending user created message, but

we're not really doing anything else.

Before we update this route however,

we need to require the mongoose schema we created in the last video.

I'll create a variable called user, and

load the schema from the model's directory.

Now let's update the route.

I'm going to delete this return statement.

And replace it with some error checking code.

We wanna make sure the user has filled out every field in the form.

We can do that with a basic conditional statement.

Remember req R.E.Q. is the client request.

That's the information coming from the browser.

So for example req.body.email is the information in the email field.

Req.body.favoritebook is what the user typed into the favorite book field.

It's a series of 'and' conditions, meaning that all of these must be true.

Basically if any of these are empty, meaning the user didn't

type something into that form field, it'll produce a false value and

bypass this part of the if statement, jumping immediately to an else statement.

There we'll create an error and give it a message, all fields required.

We'll return this error to our error-handling middleware,

that'll get sent back to the browser.

You'll notice that I set the status here to 400.

400 is an http status code meaning bad request.

You use that when the request could not be understood by the server

due to malformed syntax, such as missing information.

It means, that the user has to change something,

like filling out the form correctly, before making the request again.

Now, what do we do if the user did fill out all the form fields?

Well, we should make sure that they also filled out the two

password fields correctly, so that they matched.

I'll add a comment here just to let me know what's happening in the code.

And then a basic conditional statement.

If the information in the password field doesn't match the information in

the confirm password field, we'll create another error.

Let's give it a message, passwords do not match.

We'll set the status to 400, like we did before,

and return the error to our error handling middleware.

Okay, cool.

Let's see if this works.

I'm going to save this file and switch over to my terminal or

you can switch over to your console if you're on Windows.

And I'll type nodemon.

You'll notice that I get an error here.

Notice that error connection refused, Mongo error.

For this to work we have to have Mongo running.

I don't have it running it yet.

So I'll do that by opening a new tab and typing Mongod to start the Mongo daemon.

If you're on Windows, you'll use the Mongo executable.

All right, I'm going to switch back to my first tab,

where I've got the server running.

It doesn't know about Mongo now running, so I'm going to stop it,

clear this out and I’ll start it up again with nodemon.

Okay, let's see what's happening.

We'll switch back to Chrome.

[BLANK-AUDIO] Check out the site and the sign up page.

First, let's see if the error happens when I don't feel anything out.

Sign up.

All right there's the error, all fields are required.

Now I will fill it out, but I'll not have matching passwords.

When I hit the submit button, it says the passwords do not match.

All right, we've got it working.

However, we're not yet submitting anything or

inserting it into Mongo, we'll do that next.

I'll need to switch back to my text editor, and at this point,

here in our code, we now know that we have all the information we asked for

and that the passwords match.

It's time to build up an object that's going to contain

all the information that we wanna store inside of Mongo.

I'll create a variable called user data it'll be an object and

it'll have several keys: email, name, favorite book, and password.

You'll notice that the value is coming from the request object.

So it's the information that the user filled out in the form.

The email field, the name field, favorite book field and the password field.

In other words we're creating a new object which

represents the document we wish to insert into Mongo.

Now that we have that object in place, it's time to insert it into Mongo.

I'll add another comment to let me know what I'm doing.

We're going to be using the schema's create method

to insert our document into Mongo.

Remember User here is our mongoose model returned by our schema file.

Create is a mongoose method that inserts a new document in Mongo based on that model.

You'll see that if there's an error,

we just pass the error off to our error handling middleware.

Now if there's no error, meaning we successfully added a record to Mongo,

the application sends the user directly to the profile page.

We'll hook up the profile page functionality in the next part of this

course, but let's see if we've got our form to work.

I'll save this file and switch back to the terminal.

You'll notice that in my terminal nodemon has stopped and

restarted the application several times.

In fact each time I saved a change to a JavaScript file.

Now, in the browser, I'll add some information and sign up.

Well, you can see in the URL that I was successfully redirected to

the profile route.

We haven't yet built that route.

That's why you're seeing a file not found error.

We'll do that in the next part of this course.

But did anything happen with the database?

Let's take a look using the Mongo shell.

I'll go to my terminal, create a new tab, and type Mongo, to enter the Mongo shell.

If you're on Windows you can launch the Mongo executable and follow along.

Now in the shell, you can use your bookworm database by typing use bookworm.

Then you can show the collections by typing 'show collections'.

Don't worry about the system.indexes collection.

Mongo created it for its own internal uses.

We won't use it or touch it, but there's our new users collection.

Finally, let's look inside that collection to see what's in there.

I'll type db.users.find().

There it is, a new user record.

It's kind of hard to read, so

we can use a special Mongo method to make the output look better.

I'll do the same find command and just add .pretty().

There is all the information from the form.

There are also a couple of keys we didn't add ourselves.

Mongo created them.

ID is a unique ID for this document.

No two user records will have the same ID, that's good

because we can use this unique identifier to identify each user in our system.

That will come in handy in the next part of this course.

The __v is for versioning of this document.

Mongo uses this key to keep track of versions of the document, see

the teacher's notes for more information about Mongo document versioning.

Now the rest of the document looks good, however check out this password key.

I can read it, plain as day, in fact I can read it plain as plain text.

Look at the password, it's just called pass.

That's a big security no no.

You don't want to save unencrypted passwords in a database.

Anyone who gets their hands on that database information

will have the credentials needed to log in and impersonate any user on your site.

Now, in the next few videos I'll show you how to add encryption

to hide sensitive data like a password from snoops.

Now before I do that, however, I'm going to get rid of this document.

We don't want that open password in there.

So to remove a collection in the Mongo shell, you type db,

the name of the collection, drop and parentheses.

Okay.

Let me show you how to store passwords the right way.