1
00:00:00,700 --> 00:00:04,700
Now we should create a helper function
that we can use on pages that require

2
00:00:04,700 --> 00:00:06,100
authentication.

3
00:00:06,100 --> 00:00:10,660
This function will check for an access
token cookie that is not expired.

4
00:00:10,660 --> 00:00:14,450
We will also need to get
the user from the access token.

5
00:00:14,450 --> 00:00:19,260
Before we get the user, we first want
to check if the user is authenticated.

6
00:00:19,260 --> 00:00:20,948
Let's start building our helper files.

7
00:00:20,948 --> 00:00:23,180
In the functions.php file,

8
00:00:23,180 --> 00:00:27,923
let's check if the user is
authenticated in its own function.

9
00:00:37,247 --> 00:00:42,030
We'll start by checking if (!request(),

10
00:00:44,953 --> 00:00:52,421
->cookies->has('access_token')),

11
00:00:55,774 --> 00:01:01,543
return false; If

12
00:01:01,543 --> 00:01:07,490
we do have an access token we should
try to validate the jot by decoding it.

13
00:01:07,490 --> 00:01:10,012
We'll place this inside a try catch block.

14
00:01:22,558 --> 00:01:24,756
We start by setting the leeway.

15
00:01:33,938 --> 00:01:38,098
This will account for when there is a
clock skew of time between the signing and

16
00:01:38,098 --> 00:01:39,910
verifying servers.

17
00:01:39,910 --> 00:01:43,750
Then we can run the access token
cookie through the decode method.

18
00:01:48,980 --> 00:01:51,510
There are three properties used again.

19
00:01:51,510 --> 00:01:55,974
The jot, the secret and then the array
of approved signing algorithms.

20
00:02:04,598 --> 00:02:06,750
Get access token.

21
00:02:13,228 --> 00:02:18,810
Getenv('SECRET_KEY').

22
00:02:22,610 --> 00:02:25,462
Since we signed the token with HS 256.

23
00:02:25,462 --> 00:02:29,724
That's the only approved signing
algorithm we want in our list

24
00:02:38,741 --> 00:02:41,660
If the user is authenticated
we return true.

25
00:02:44,220 --> 00:02:47,855
If there were any exceptions thrown
from the decoding of the jot,

26
00:02:47,855 --> 00:02:49,119
then we return false.

27
00:02:52,330 --> 00:02:55,093
Now we are ready to create
the requireAuth() function.

28
00:03:06,570 --> 00:03:09,696
This function will check
the isAuthenticated() function.

29
00:03:09,696 --> 00:03:16,308
If(:isAuthenticated()).

30
00:03:21,482 --> 00:03:23,994
We redirect the user to the login page.

31
00:03:30,665 --> 00:03:35,227
Before we redirect we should set
a new cookie with the same name that

32
00:03:35,227 --> 00:03:38,011
expires in the past with an invalid jot.

33
00:03:57,997 --> 00:04:01,124
Access_token.

34
00:04:01,124 --> 00:04:02,302
Expired.

35
00:04:04,494 --> 00:04:07,095
The time before now.

36
00:04:12,097 --> 00:04:15,221
The path and the cookie domain.

37
00:04:23,571 --> 00:04:26,201
Now we pass the cookie on the redirect.

38
00:04:41,792 --> 00:04:45,751
This is common practice for
making sure that the browser does not see

39
00:04:45,751 --> 00:04:50,250
a valid jot in case it misses that
the cookie is actually expired.

40
00:04:50,250 --> 00:04:54,240
Now you can use the requireAuth()
function at the top of any file

41
00:04:54,240 --> 00:04:56,490
you want to require authentication.

42
00:04:56,490 --> 00:04:59,270
Let's start by adding
this to the add.php file.

43
00:05:01,140 --> 00:05:04,066
Make sure that you include
the bootstrap file at the top.

44
00:05:13,795 --> 00:05:18,304
And then requireAuth.