1 00:00:00,360 --> 00:00:04,430 We've got almost everything set up to add users to a database. 2 00:00:04,430 --> 00:00:07,600 We've installed mongoose, set up a connection to Mongo D.B. 3 00:00:07,600 --> 00:00:09,040 and created a schema. 4 00:00:09,040 --> 00:00:12,810 The last part of the puzzle is inserting data into Mongo. 5 00:00:12,810 --> 00:00:16,820 As you can see our app doesn't really do much if you submit the form. 6 00:00:18,980 --> 00:00:23,200 We just get a user created message which isn't even really true. 7 00:00:23,200 --> 00:00:27,840 Our next step is to update the code for posting to the register route. 8 00:00:27,840 --> 00:00:32,290 The route's code is in the index.js file inside the route's directory of our app. 9 00:00:33,660 --> 00:00:35,690 Here's the code for the post route. 10 00:00:35,690 --> 00:00:38,280 You can see we're sending user created message, but 11 00:00:38,280 --> 00:00:40,580 we're not really doing anything else. 12 00:00:40,580 --> 00:00:42,410 Before we update this route however, 13 00:00:42,410 --> 00:00:45,750 we need to require the mongoose schema we created in the last video. 14 00:00:48,170 --> 00:00:51,780 I'll create a variable called user, and 15 00:00:51,780 --> 00:00:53,790 load the schema from the model's directory. 16 00:00:55,040 --> 00:00:56,060 Now let's update the route. 17 00:00:58,390 --> 00:01:00,270 I'm going to delete this return statement. 18 00:01:02,540 --> 00:01:04,420 And replace it with some error checking code. 19 00:01:05,930 --> 00:01:10,520 We wanna make sure the user has filled out every field in the form. 20 00:01:10,520 --> 00:01:12,750 We can do that with a basic conditional statement. 21 00:01:14,210 --> 00:01:18,350 Remember req R.E.Q. is the client request. 22 00:01:18,350 --> 00:01:21,310 That's the information coming from the browser. 23 00:01:21,310 --> 00:01:26,770 So for example req.body.email is the information in the email field. 24 00:01:26,770 --> 00:01:31,800 Req.body.favoritebook is what the user typed into the favorite book field. 25 00:01:33,370 --> 00:01:38,720 It's a series of 'and' conditions, meaning that all of these must be true. 26 00:01:38,720 --> 00:01:41,720 Basically if any of these are empty, meaning the user didn't 27 00:01:41,720 --> 00:01:45,860 type something into that form field, it'll produce a false value and 28 00:01:45,860 --> 00:01:51,440 bypass this part of the if statement, jumping immediately to an else statement. 29 00:01:53,450 --> 00:01:58,502 There we'll create an error and give it a message, all fields required. 30 00:02:04,326 --> 00:02:07,429 We'll return this error to our error-handling middleware, 31 00:02:07,429 --> 00:02:10,010 that'll get sent back to the browser. 32 00:02:10,010 --> 00:02:13,330 You'll notice that I set the status here to 400. 33 00:02:13,330 --> 00:02:17,380 400 is an http status code meaning bad request. 34 00:02:17,380 --> 00:02:20,590 You use that when the request could not be understood by the server 35 00:02:20,590 --> 00:02:24,050 due to malformed syntax, such as missing information. 36 00:02:24,050 --> 00:02:26,190 It means, that the user has to change something, 37 00:02:26,190 --> 00:02:29,840 like filling out the form correctly, before making the request again. 38 00:02:30,900 --> 00:02:34,370 Now, what do we do if the user did fill out all the form fields? 39 00:02:34,370 --> 00:02:38,220 Well, we should make sure that they also filled out the two 40 00:02:38,220 --> 00:02:40,730 password fields correctly, so that they matched. 41 00:02:42,150 --> 00:02:45,080 I'll add a comment here just to let me know what's happening in the code. 42 00:02:48,280 --> 00:02:50,180 And then a basic conditional statement. 43 00:02:53,230 --> 00:02:57,240 If the information in the password field doesn't match the information in 44 00:02:57,240 --> 00:03:00,610 the confirm password field, we'll create another error. 45 00:03:00,610 --> 00:03:04,242 Let's give it a message, passwords do not match. 46 00:03:07,122 --> 00:03:10,014 We'll set the status to 400, like we did before, 47 00:03:10,014 --> 00:03:13,050 and return the error to our error handling middleware. 48 00:03:14,560 --> 00:03:15,620 Okay, cool. 49 00:03:15,620 --> 00:03:16,500 Let's see if this works. 50 00:03:16,500 --> 00:03:20,030 I'm going to save this file and switch over to my terminal or 51 00:03:20,030 --> 00:03:22,910 you can switch over to your console if you're on Windows. 52 00:03:22,910 --> 00:03:23,980 And I'll type nodemon. 53 00:03:25,900 --> 00:03:28,780 You'll notice that I get an error here. 54 00:03:28,780 --> 00:03:31,470 Notice that error connection refused, Mongo error. 55 00:03:33,240 --> 00:03:35,670 For this to work we have to have Mongo running. 56 00:03:35,670 --> 00:03:36,980 I don't have it running it yet. 57 00:03:36,980 --> 00:03:44,160 So I'll do that by opening a new tab and typing Mongod to start the Mongo daemon. 58 00:03:44,160 --> 00:03:47,170 If you're on Windows, you'll use the Mongo executable. 59 00:03:47,170 --> 00:03:49,525 All right, I'm going to switch back to my first tab, 60 00:03:49,525 --> 00:03:52,260 where I've got the server running. 61 00:03:52,260 --> 00:03:56,600 It doesn't know about Mongo now running, so I'm going to stop it, 62 00:03:56,600 --> 00:04:00,110 clear this out and I’ll start it up again with nodemon. 63 00:04:03,095 --> 00:04:05,220 Okay, let's see what's happening. 64 00:04:05,220 --> 00:04:06,485 We'll switch back to Chrome. 65 00:04:06,485 --> 00:04:13,090 [BLANK-AUDIO] Check out the site and the sign up page. 66 00:04:13,090 --> 00:04:17,280 First, let's see if the error happens when I don't feel anything out. 67 00:04:17,280 --> 00:04:18,150 Sign up. 68 00:04:18,150 --> 00:04:20,850 All right there's the error, all fields are required. 69 00:04:22,290 --> 00:04:25,935 Now I will fill it out, but I'll not have matching passwords. 70 00:04:33,095 --> 00:04:37,090 When I hit the submit button, it says the passwords do not match. 71 00:04:37,090 --> 00:04:39,220 All right, we've got it working. 72 00:04:39,220 --> 00:04:41,770 However, we're not yet submitting anything or 73 00:04:41,770 --> 00:04:44,150 inserting it into Mongo, we'll do that next. 74 00:04:45,310 --> 00:04:49,000 I'll need to switch back to my text editor, and at this point, 75 00:04:49,000 --> 00:04:53,990 here in our code, we now know that we have all the information we asked for 76 00:04:53,990 --> 00:04:55,520 and that the passwords match. 77 00:04:57,130 --> 00:05:00,300 It's time to build up an object that's going to contain 78 00:05:00,300 --> 00:05:03,540 all the information that we wanna store inside of Mongo. 79 00:05:05,400 --> 00:05:09,734 I'll create a variable called user data it'll be an object and 80 00:05:09,734 --> 00:05:14,900 it'll have several keys: email, name, favorite book, and password. 81 00:05:17,810 --> 00:05:21,220 You'll notice that the value is coming from the request object. 82 00:05:21,220 --> 00:05:24,510 So it's the information that the user filled out in the form. 83 00:05:24,510 --> 00:05:29,630 The email field, the name field, favorite book field and the password field. 84 00:05:29,630 --> 00:05:32,530 In other words we're creating a new object which 85 00:05:32,530 --> 00:05:35,200 represents the document we wish to insert into Mongo. 86 00:05:35,200 --> 00:05:41,670 Now that we have that object in place, it's time to insert it into Mongo. 87 00:05:43,640 --> 00:05:46,520 I'll add another comment to let me know what I'm doing. 88 00:05:46,520 --> 00:05:49,750 We're going to be using the schema's create method 89 00:05:49,750 --> 00:05:51,970 to insert our document into Mongo. 90 00:05:54,770 --> 00:05:59,378 Remember User here is our mongoose model returned by our schema file. 91 00:06:04,174 --> 00:06:09,610 Create is a mongoose method that inserts a new document in Mongo based on that model. 92 00:06:12,100 --> 00:06:14,150 You'll see that if there's an error, 93 00:06:14,150 --> 00:06:17,990 we just pass the error off to our error handling middleware. 94 00:06:17,990 --> 00:06:22,920 Now if there's no error, meaning we successfully added a record to Mongo, 95 00:06:22,920 --> 00:06:26,790 the application sends the user directly to the profile page. 96 00:06:26,790 --> 00:06:30,000 We'll hook up the profile page functionality in the next part of this 97 00:06:30,000 --> 00:06:32,880 course, but let's see if we've got our form to work. 98 00:06:34,440 --> 00:06:37,890 I'll save this file and switch back to the terminal. 99 00:06:37,890 --> 00:06:40,760 You'll notice that in my terminal nodemon has stopped and 100 00:06:40,760 --> 00:06:43,510 restarted the application several times. 101 00:06:43,510 --> 00:06:46,210 In fact each time I saved a change to a JavaScript file. 102 00:06:47,790 --> 00:06:52,742 Now, in the browser, I'll add some information and sign up. 103 00:06:59,467 --> 00:07:03,233 Well, you can see in the URL that I was successfully redirected to 104 00:07:03,233 --> 00:07:04,960 the profile route. 105 00:07:04,960 --> 00:07:06,420 We haven't yet built that route. 106 00:07:06,420 --> 00:07:08,890 That's why you're seeing a file not found error. 107 00:07:08,890 --> 00:07:11,090 We'll do that in the next part of this course. 108 00:07:11,090 --> 00:07:13,390 But did anything happen with the database? 109 00:07:13,390 --> 00:07:15,910 Let's take a look using the Mongo shell. 110 00:07:15,910 --> 00:07:23,490 I'll go to my terminal, create a new tab, and type Mongo, to enter the Mongo shell. 111 00:07:24,760 --> 00:07:28,760 If you're on Windows you can launch the Mongo executable and follow along. 112 00:07:28,760 --> 00:07:34,450 Now in the shell, you can use your bookworm database by typing use bookworm. 113 00:07:36,610 --> 00:07:43,180 Then you can show the collections by typing 'show collections'. 114 00:07:43,180 --> 00:07:46,225 Don't worry about the system.indexes collection. 115 00:07:46,225 --> 00:07:48,640 Mongo created it for its own internal uses. 116 00:07:48,640 --> 00:07:52,570 We won't use it or touch it, but there's our new users collection. 117 00:07:53,660 --> 00:07:57,771 Finally, let's look inside that collection to see what's in there. 118 00:07:57,771 --> 00:08:01,841 I'll type db.users.find(). 119 00:08:03,558 --> 00:08:05,740 There it is, a new user record. 120 00:08:05,740 --> 00:08:07,100 It's kind of hard to read, so 121 00:08:07,100 --> 00:08:10,980 we can use a special Mongo method to make the output look better. 122 00:08:12,020 --> 00:08:19,100 I'll do the same find command and just add .pretty(). 123 00:08:19,100 --> 00:08:20,960 There is all the information from the form. 124 00:08:20,960 --> 00:08:24,420 There are also a couple of keys we didn't add ourselves. 125 00:08:24,420 --> 00:08:25,380 Mongo created them. 126 00:08:26,450 --> 00:08:29,085 ID is a unique ID for this document. 127 00:08:29,085 --> 00:08:32,810 No two user records will have the same ID, that's good 128 00:08:32,810 --> 00:08:37,710 because we can use this unique identifier to identify each user in our system. 129 00:08:37,710 --> 00:08:39,822 That will come in handy in the next part of this course. 130 00:08:39,822 --> 00:08:44,640 The __v is for versioning of this document. 131 00:08:45,880 --> 00:08:49,470 Mongo uses this key to keep track of versions of the document, see 132 00:08:49,470 --> 00:08:53,780 the teacher's notes for more information about Mongo document versioning. 133 00:08:53,780 --> 00:08:58,300 Now the rest of the document looks good, however check out this password key. 134 00:09:00,270 --> 00:09:04,925 I can read it, plain as day, in fact I can read it plain as plain text. 135 00:09:04,925 --> 00:09:06,790 Look at the password, it's just called pass. 136 00:09:07,940 --> 00:09:09,910 That's a big security no no. 137 00:09:09,910 --> 00:09:13,100 You don't want to save unencrypted passwords in a database. 138 00:09:13,100 --> 00:09:15,820 Anyone who gets their hands on that database information 139 00:09:15,820 --> 00:09:20,400 will have the credentials needed to log in and impersonate any user on your site. 140 00:09:21,420 --> 00:09:24,680 Now, in the next few videos I'll show you how to add encryption 141 00:09:24,680 --> 00:09:28,150 to hide sensitive data like a password from snoops. 142 00:09:28,150 --> 00:09:31,720 Now before I do that, however, I'm going to get rid of this document. 143 00:09:31,720 --> 00:09:34,330 We don't want that open password in there. 144 00:09:34,330 --> 00:09:38,180 So to remove a collection in the Mongo shell, you type db, 145 00:09:39,210 --> 00:09:42,990 the name of the collection, drop and parentheses. 146 00:09:42,990 --> 00:09:43,710 Okay. 147 00:09:43,710 --> 00:09:46,010 Let me show you how to store passwords the right way.