1 00:00:00,270 --> 00:00:02,960 I've already taught you the basics of creating middleware. 2 00:00:02,960 --> 00:00:05,370 So I'll go pretty quickly in this video. 3 00:00:05,370 --> 00:00:09,870 Remember, we created an index.js file in the middleware directory. 4 00:00:09,870 --> 00:00:12,991 I'll add a new function called requiresLogin here. 5 00:00:20,987 --> 00:00:25,663 I'll use a conditional statement to check for a session and 6 00:00:25,663 --> 00:00:28,330 a userId on that session. 7 00:00:28,330 --> 00:00:31,810 And if they're both there, then the user is logged in. 8 00:00:31,810 --> 00:00:34,650 I'll exit the function by calling the next piece of middleware. 9 00:00:35,720 --> 00:00:40,694 If they aren't logged in, we'll create an error that lets 10 00:00:40,694 --> 00:00:45,573 the user know that they must be logged in to view this page. 11 00:00:48,094 --> 00:00:52,300 We'll provide a 401 status, meaning unauthorized, and 12 00:00:52,300 --> 00:00:56,188 we will return this to the error handling middleware. 13 00:00:56,188 --> 00:00:57,880 And finally. 14 00:01:00,160 --> 00:01:01,835 I'll export this function. 15 00:01:07,540 --> 00:01:08,670 I'll make sure to save it. 16 00:01:10,080 --> 00:01:12,960 And now we can add this middleware to any of our routes. 17 00:01:12,960 --> 00:01:16,130 Let me show you how this new piece of middleware makes it easy to password 18 00:01:16,130 --> 00:01:18,870 protect any route in your application. 19 00:01:18,870 --> 00:01:22,270 Just for fun, I'll password protect the about page. 20 00:01:22,270 --> 00:01:26,170 If I go to the index.js file in the Routes directory, 21 00:01:26,170 --> 00:01:30,210 I only need to add Mid.requiresLogin to the about route. 22 00:01:32,740 --> 00:01:36,570 This will call this piece of middleware any time someone visits that 23 00:01:36,570 --> 00:01:37,270 particular route. 24 00:01:38,740 --> 00:01:43,270 Remember in the last video we already required the middleware file. 25 00:01:43,270 --> 00:01:47,380 So the new requiresLogin method is immediately available to us. 26 00:01:47,380 --> 00:01:48,460 Let me check this out. 27 00:01:48,460 --> 00:01:51,540 I'll save this file and open my browser and 28 00:01:51,540 --> 00:01:56,300 make sure I'm logged out and then I'll click on the About link. 29 00:01:56,300 --> 00:01:57,910 Hey, access denied. 30 00:01:57,910 --> 00:01:59,290 That's what we're after. 31 00:01:59,290 --> 00:02:02,010 I'll login and see what happens. 32 00:02:03,020 --> 00:02:05,220 There is the page, I have access. 33 00:02:05,220 --> 00:02:09,120 Okay, that's pretty silly, anyone should be able to see the About page. 34 00:02:09,120 --> 00:02:12,500 Let's go back to our route, and delete that code. 35 00:02:14,820 --> 00:02:17,216 Instead let's add this to the profile route. 36 00:02:21,620 --> 00:02:24,210 Check out this bit of code here. 37 00:02:24,210 --> 00:02:27,430 It's basically the same as our new piece of middleware, 38 00:02:27,430 --> 00:02:31,280 no user ID on the session object means you're not authorized. 39 00:02:31,280 --> 00:02:32,670 However we don't need it. 40 00:02:32,670 --> 00:02:39,810 We can delete it and replace it with our new middleware function. 41 00:02:39,810 --> 00:02:43,600 Thanks to this little bit of middleware programming it's really easy to lock down 42 00:02:43,600 --> 00:02:46,190 any routes that require authentication. 43 00:02:46,190 --> 00:02:50,850 Simply add the requires login function to that route and it's password protected. 44 00:02:50,850 --> 00:02:52,100 Let me show you in the web browser. 45 00:02:53,490 --> 00:02:57,000 If I log out my profile's off limits. 46 00:02:57,000 --> 00:03:00,010 I log in and there's my profile. 47 00:03:01,080 --> 00:03:03,680 This middleware makes the code for our route simpler and 48 00:03:03,680 --> 00:03:08,180 moves functionality that's shared between routes into a separate file and function. 49 00:03:08,180 --> 00:03:09,540 This is really useful and 50 00:03:09,540 --> 00:03:14,020 a great example of don't repeat yourself or DRY programming. 51 00:03:14,020 --> 00:03:18,140 Now we're almost done with this course but before we finish let me show you a simple 52 00:03:18,140 --> 00:03:22,020 way to add a production ready method for storing session data. 53 00:03:22,020 --> 00:03:25,210 It's a method that won't bring your site down when thousands of users 54 00:03:25,210 --> 00:03:26,590 log in simultaneously.