Activa JavaScript para disfrutar de los vídeos de la Mediateca.
Back end vs Front end - Vídeo 14 - Contenido educativo
Ajuste de pantallaEl ajuste de pantalla se aprecia al ver el vídeo en pantalla completa. Elige la presentación que más te guste:
Utilización de Middleware - jwt.verify() - query.findById() - next()
Well, in the last video we stayed in the lockout, we created the token,
00:00:00
we converted it to a cookie, we sent it to the front, then we verified with the lockout
00:00:12
that the token was left at zero. The previous video was a bit about the creation of this
00:00:21
touch now what we are going to do is if we have created a touch in which it is for security
00:00:29
because we are going to use it we are going to see the way to use it is worth then
00:00:37
we are going to make a new route that for example is that and it is because with this that there is always
00:00:46
a user who logs in, who registers and such, the profile is always there, not the user's profile,
00:00:59
so here we are going to make a new route router point in this case we are going to put the protocol
00:01:05
get and we are going to call it profile we have said profile ok here we are going to execute a function
00:01:12
the same as in the previous routes, it is worth and then that function we are going to do it within
00:01:27
out controller as we have been doing so far now well what I want to do here
00:01:37
is also to create a middleware, it is worth that this is a function that we put before the function is executed
00:01:42
that we want within the app and within the server is not a function that is fulfilled
00:02:00
or not, if it is not fulfilled, the function that we have in controller will never be executed, it is worth that
00:02:08
generally it will access a database or read a file or a json or whatever is worth
00:02:16
then that intermediate function is what is called a middleware is worth then
00:02:23
to do this we are going to use the midware folder, so there we are going to create a file,
00:02:30
we are going to see what we are going to call it, for example, you already know that the name is that you can give it
00:02:43
as you want, I am going to call it validate touch point js is worth always js which is what
00:02:50
we are working with not ok well then here I am going to create a function that we are going to call
00:03:01
for example we are going to put how we are going to export verification for example it is worth verifying
00:03:12
que va a recibir un rey un res como siempre vale pero ahora además va a recibir un parámetro nuevo
00:03:20
que es next vale next lo único que hace es que vaya a la siguiente función es decir vamos a
00:03:32
to put this here we are going to put
00:03:43
here I am missing
00:03:48
we are going to put here
00:03:51
with only a point
00:03:54
a point
00:03:59
that does not visualize this ok then we have a function inside our
00:04:03
file that will be in my network will have to execute this
00:04:09
function before executing one that we are also going to create now, which is the one that would be
00:04:13
inside the server, then the one that would be inside the server would be inside the controller,
00:04:22
then inside the controller we are going to create a function that is sport with
00:04:28
profile this is going to have a network as always a network is worth this is going to have
00:04:36
the arrow function in which we are going to say for example
00:04:50
that is, the point
00:04:57
that we visualize here anything is worth just to do the test we are going to put a message that
00:05:00
is going to be because profile is worth for example something like that then we have our constant function
00:05:12
in our arrow function the profile is worth that it is on the route that we want to execute
00:05:25
profile ok when we call this route ok now I'm not going to put the middleware one
00:05:32
I'm going to leave it like that because here I would also need to import profile ok ok then what I have
00:05:41
also done in app js is to add the white line is worth then I have changed it is to those
00:05:53
points to access them is worth then if we take we come to our
00:06:02
client here we are going to not request we are going to put local house
00:06:11
4000 and profile is worth with the one that because we have put that then it will return the profile to me, it
00:06:24
okay, it tells me 200, that is, it is doing everything well, it is doing everything well, okay, now we continue
00:06:37
with our middleware, which is valid, validate, touch in js, okay, we have it done here, the only thing
00:06:45
I want is for me to visualize the body network here, okay, then in the routes now I am going to put
00:06:53
here that function then this function is inside validate token then the first thing
00:07:01
I have to do as we have been doing always is the import
00:07:10
validation we have called validation verification verification
00:07:19
ok I already have it here and then here I am going to pass verification ok ok we press the shift to the
00:07:30
efe so that I put everything right ok then in verification we have it to view
00:07:44
by console the rey body and then it goes to the next to the next function that would be
00:07:53
worth the one that would be profile it would be the one that is already running within the controller that is
00:08:00
inside the api server or the backend ok then if we go here I give it to be it gives me the profile again
00:08:08
esto me lo da en blanco porque no tenemos no hemos enviado ningún dato
00:08:17
vale por eso me lo da en blanco si cogemos y nos logramos
00:08:24
pom pom vamos a poner por ejemplo este es lo
00:08:31
how login vale tenemos a carmen que lo teníamos creado villablanca dando se
00:08:36
ok now we have it activated if we click on the request well for now it doesn't give me anything
00:08:42
ok then we are going to put it here to see it well instead of the rec body that
00:08:51
because we are not taking anything we are going to put a
00:09:00
y pues un mensaje función verificación vale y entonces aquí ahora si le damos al sen vale
00:09:04
ya si me pone la función verificación vale esto sólo es para ver que nos está que primero estamos
00:09:30
entrando en función verificación y luego estamos entrando en el portal vale vale por ahora está
00:09:35
everything is fine, well then now what I am going to try is first to generate a cookie, okay, we have
00:09:42
left that when we do a login, it is worth it, it creates this cookie for us, so I need to take this
00:09:55
value that is the touch to then verify we remember from the previous video that this touch carries
00:10:04
the load the load value is valid it carries the user id and then we can extract it from here
00:10:12
but we need within the function of validate we need to take this information that
00:10:25
we have in heads or we have it in cookies, it is worth taking that information and
00:10:35
comparing or extracting in some way or verifying through our secret field
00:10:42
ok of the one we have saved in config ok here remember that we saved the password the secret word
00:10:54
the secret touch to be able to encrypt that token ok and sign it digitally then a little
00:11:07
the idea is this we have to extract this to then compare it and see if that idea exists in the
00:11:17
database then the first thing I have to do is try to extract this ok let's see how
00:11:22
we can do it ok then this I'm going to delete this I'm going to put it down here well then
00:11:28
we can put a console dot log and we can put network ok it is the request is what
00:11:37
reaches us from the front to the back end and we are going to try to work with the head ok then with
00:11:49
the head it will return us different information then we are going to try to take the head is ok
00:12:00
then this would be where we are here red dot head is ok and to see this if it shows us something
00:12:06
in principle it does not seem that it is giving us any error which is very good then
00:12:16
we go back to the profile I give it to the senf and it returns the heads and one of these
00:12:24
returns me a json with some keys and some values one of them is this one of cookie okay
00:12:31
entonces esto va por buen camino si cogemos y aquí ponemos punto cookie a ver que nos devuelve esto
00:12:39
esto en principio entiendo que me va a dar a no me funciona bien vale crea que tenía que extraer esa
00:12:50
variable pero si lo puedo poner así me funciona bien vale esto me devuelve esta cadena que pone
00:12:58
touch me the same and it puts me all this information is worth it is not the touch because it already puts me the touch
00:13:04
the same good we could work with the strings separate to the same good but of course we also have
00:13:13
this cookie entry is worth this entry when I do a login it also has that information
00:13:21
ok then and I already have it in key value format then somehow to see if we can
00:13:29
access these cookies then we come to validate and I say good because what I want is instead
00:13:37
of having to see let's see if I can access cookies to cookies ok then with only cookies ok we come
00:13:43
and it tells me that it is undefined, okay when we know that the cookie is created but it does not
00:13:53
recognize it to me this is because we need to install we need to work with the cookie
00:14:05
parser, that is, if you remember when we tried to put the first json, we had to load the
00:14:11
json file in app ok we told him to use the express point json that came with the express ok
00:14:21
then here we have to do something similar to recognize that format of the cookies there
00:14:34
que hay que instalar un módulo de de note que se llama vamos a parar esto que se llama en el pmi
00:14:39
y este se llama el cookie punto para ser vale cookie y perdón punto cookie guión medio parce
00:14:56
here we install it, it is now we are going to import it as always import we are going to put it
00:15:06
we are going to put it to be better from
00:15:19
ok and we are going to tell the express app to use that format, it is worth then
00:15:32
and now we are going to try it once we have put this then we are going to launch
00:15:50
our express we already have it here we are going to log in he has created a cookie with the touch we go to the
00:16:02
profile I give it to sense and then now I already have the token field and the key touch and the value with
00:16:16
the touch exclusively with this, it is no longer working well, okay, but now what I want
00:16:26
is to extract that value then instead of putting with only what I am going to say is good because I have
00:16:32
a constant touch that is going to be the same as the network point is worth and there I am going to save that value we are going to
00:16:41
see it then this as here this one I put a console point the touch
00:17:00
is worth we are going to test it I press the indefinite sense here it tells me indefinite because we are going to see
00:17:12
constant touch that I have written very badly
00:17:27
now we are going to give it a format ok let's see now if I go to the center it tells me it is not defined touch it is not defined
00:17:36
this is not defined this is in plural then it is in plural this is
00:17:54
now if we have it ok I already have it saved in touch the touch the three groups of
00:18:14
cifras y letras vale que una tiene la carga el valor de carga otro tiene el tipo y el algoritmo
00:18:21
que hemos usado el otro la otra parte de la firma digital vale acordaros de todo eso vale pero ya
00:18:33
tengo todo esto lo cual está muy bien vale y sigo jugando con mi función verificación entonces en
00:18:40
instead of putting a console that I already use to verify only that I am saving there is a data what
00:18:47
I am going to say is good in the case that there is no touch is worth that touch in this void then
00:18:53
what is that going to mean that that user that verification that I am doing that has been
00:19:02
registered is worth and how it has been logged or it has been registered it has been registered that cookie has been created
00:19:07
if not, it is not worth it is a user who is trying to access a link that
00:19:14
cannot because it is not logged then here we are going to return a retun
00:19:21
3 status point 400 for example we are going to put a point json and I am going to pass it
00:19:31
that the user is going to be
00:19:50
ok ok
00:20:01
and if we don't continue ok then we're going to try it now we're going to write
00:20:05
a good one for the client we had the lockout ok we are going to launch the lockout
00:20:12
and I am going to remove this user who has good now he does not have a cookie but now
00:20:23
it will be cleaned if I try to log in now or see the profile enter a profile without being
00:20:34
logged here it is going to return us the state 400 is worth
00:20:41
here I have done something wrong I understand now if the user is not logged it is worth what he was looking for
00:20:52
user is not logged, okay, if now we log in as Carmen, okay, we go back to our profile and
00:21:07
since now that cache does exist, okay, we have created a cache and a cache, sorry, a cookie with
00:21:21
that touch when we come to profile if I give it absentee so I get the profile because it has already
00:21:29
passed that middleware has verified that within touch if there is a there is a data there is a touch
00:21:38
ok then it allows me to continue ok ok now if I have a touch there I already have that touch
00:21:46
what I have to do is verify that the value load that goes
00:21:55
inside the token, which is the ID, exists within my database, because if not, that
00:22:02
token I can make a cookie, generate a token that is more or less similar to that and deceive
00:22:11
this app and this backend. So we have to verify that it exists within the database.
00:22:16
then for that jason web talking has a function that is very verify is worth the verification
00:22:23
is worth then what I have to do is import import jw from jason web ok first I have to
00:22:32
do this ok then if it touches it exists here we are going to create ourselves or we are going to use that
00:22:50
function that I am telling you I am going to verify ok ok and this one has three entry parameters
00:23:01
one is the touch that we already have we just got it and I have it saved in the
00:23:15
variable touch is worth another is the secret key or if we have used remember with the jw t we could
00:23:18
use the pair of keys the pair of keys is worth the public and private in this case in our case it
00:23:27
is only a key that we had in fixed point js and then a function some options that is a
00:23:37
verification function that passes me a complete that is going to return me a true or a false valid then
00:23:49
we are going to take a true or because it is an error or a complete ok then we are going to start with this
00:23:56
first parameter the touch ready touch second parameter the secret key that we have to
00:24:06
import ok and this is touch touch secret ok I already have it here then we are going to pass it
00:24:15
ok third parameter that function then this function function you are going to receive a
00:24:27
track and you are going to forgive a reg not an error ok it is going to give me an error or it is going to give me a
00:24:45
worth a decoding is worth in error because it would be if an error has occurred at the time of decoding
00:24:55
this this touch that we have taken out of the cookies is worth if some type of error occurs
00:25:11
but I already tell you that jw t is a structure then it has not if you invent a token
00:25:18
because it will fail ok then an error will occur and this will save it to me here
00:25:28
and if it manages to decode it the same as on the page of jw point and or when we copied the
00:25:33
token and we put it there it is worth then it will return the document it will return a document
00:25:43
here it will return the value load the pilot is worth that we are going to see it now well what
00:25:53
I am going to do here is an arrow function then this function I am going to remove it from here
00:26:01
and here I am going to put my arrow function, okay, then it is here,
00:26:08
then what we have said if this arrow function if it returns me an error then yes
00:26:19
error that is what I am going to do return there I cut it ok there it would stop and return a
00:26:32
state 400 for example the return as always we send to the throne a status status 400
00:26:39
ok we send a json in which we are going to put a message and we are going to tell him that something like
00:26:51
the touch is invalid, something like that, okay, and if the touch is fine, then we are going to
00:27:03
start doing some test with this, then we are going to and we are going to print to see that it returns us
00:27:17
to see what information there is inside the code is worth for you to see it is worth then a little
00:27:32
recapping a little what we are doing is worth and this next would no longer be out here because
00:27:46
to be here, this would be the next one because it is there because I am putting everything
00:27:54
within the arrow function, which is the one that will decide if the touch is correct or not, it is correct
00:28:03
if it is correct then you are also going to print it by console, you are going to go to the
00:28:10
function that we have within the control is worth then I come here I launch it and
00:28:17
to see that I have failed here
00:28:29
we are not going to find we are going to see because this is sure that I have forgotten when you are telling me this about the
00:28:36
file that you do not find it or is that I have forgotten the js that indeed the config.js
00:28:44
ok we are ok we are here sense and then look how we were logged yes it returns me
00:28:53
the pilot and in the value load yes it returns me this identifier and then it returns me these
00:29:04
two values that accompanied in the value load that right now I do not use them at all I only
00:29:12
me hace falta este identificador vale entonces a ver ahora cómo sacamos este identificador de
00:29:18
aquí si cogemos y hacemos un log out vale ya no hay ya no hay cookie debería ser entonces me va
00:29:27
a decir el usuario no está logueado vale el jota son que le hemos enviado lo cual no se está
00:29:36
working well ok ready we are going to log in again we already have it and there we have to
00:29:43
see how we get this one is only the identifier ok then we are going to keep playing a
00:29:51
bit ok we have seen that it is returning it to me within the pilot ok if I put here
00:30:01
by loathe decoded point by loathe ok let's see what happens here then if I give it to the
00:30:09
center ok now it only takes me out this json with this value key ok and I am approaching the
00:30:22
goal which is to stay only with this idea then to stay only with that idea let's see if
00:30:29
I put here .id, I give it to the send and here I have it, okay, this would have different ways of doing it, I can do it like this, I can do it, tell it, okay, well, create a constant that is called, for example, identifier, or as you want, okay,
00:30:37
the same as here and here I can put the names that you want, it is worth the code error, these are
00:31:00
the ones that are usually put but you can use the ones that you want, it is worth then constant
00:31:07
identifier this is equal to and this is a variable then here we are going to put the keys that
00:31:16
I always forget and here I am going to put the decode dot pilot dot and d
00:31:26
because I am going to extract the identifier so here now we put the point and comma
00:31:37
if here now I put the console.log
00:31:46
identifier ok this in principle is going to do exactly the same then
00:31:53
let's see
00:31:59
and he tells me that it is undefined let's see why
00:32:03
constant identifier ok the error is this we are going to see it is I am going to put the console again
00:32:10
what I had before ok I am going to comment on it is to comment ok we have this here if we give the
00:33:05
I get the id. What happens? What am I doing wrong with these two lines at the bottom?
00:33:12
Okay, I put constant and I want to bring the identifier variable, okay, but that variable
00:33:21
does not exist. I can't put identifier, I'll have to put id, okay, which is the field, the key,
00:33:27
que sí que está dentro del país lo hace si yo ahora aquí visualizó y de pues esto sí me va
00:33:35
a funcionar pero vale ahí lo tenéis pues esto lo puedo hacer de estas formas ahora yo lo que
00:33:45
quiero es vale esta es mi función de verificación estaba a verificar el qué hay en una cookie con
00:33:53
an identifier, okay, but the rest of the functions that I have inside, because in this case the profile one
00:34:03
also has to have access to that identifier, okay, then we can use the reg itself,
00:34:12
okay, the request, the information that the data collection that the front sends us
00:34:20
the front allows us to create keys to us and add a value to them, it is worth then that here
00:34:28
what I can do is once I have extracted that idea I can say network point and I believe I invent a
00:34:40
key is worth the one that you want, for example, since I had put the identifier before,
00:34:51
pues venga identificador esto va a ser igual a y de vale entonces ahora si nos fijamos en
00:34:56
controles todos tenemos acceso a red vale y todos es lo mismo entonces lo que le estoy diciendo es
00:35:09
bueno pues sí sí todos tenemos acceso a red que si yo creo una variable que se llama identificador
00:35:17
a key that is called identifier within the network and there I assign it is that touch is worth we can
00:35:23
from anywhere verify that touch is what we are going to do this this function we would already
00:35:33
finish it here and we now go to the controller and in the controller instead of putting the
00:35:42
profile, we are going to start working with it, which is the first thing I am going to do, then
00:35:49
see if it is an identifier that we have saved within the network, it is found within our
00:35:58
database or not, it is worth remembering that to launch a consultation against the database I need
00:36:07
mongoose is worth everything that is with against the database I need it to be mongoose
00:36:15
then we are going to and we are going to create a
00:36:23
a consultation that would be with jose that is the one that we import from the model that the model and the
00:36:31
the scheme, remember that we did it with mongoose and then we can launch the
00:36:42
consultations with you, and in fact when we did the login we had spy one, okay, and well, we have
00:36:48
done this with query but here you have the user point web is where we draw that consultation here I
00:36:58
I'm going to do it directly, this would be here, not here, and here I use a point,
00:37:04
okay, what do we want to do, find a user for their air, then fine by air,
00:37:15
there you take it, okay, and what is the idea that we have saved in network point and sorry and
00:37:24
identificador identificador que para eso la hemos creado vale entonces esto me va a devolver un
00:37:32
usuario si lo encuentra o no vale pues aquí le voy a meter un constante usuario es igual a user
00:37:43
fine by aire y como es una consulta a base de datos esto lo vamos a hacer asíncrono así que
00:37:57
here I am going to put the weight and as the wave you have to remember that it always accompanies the
00:38:03
zinc, it is worth if the user if it is empty, which is what it means that I have not found this
00:38:10
identifier that this identifier does not exist in our database with what is not registered in the
00:38:23
base of data now we are going to send a res status a retun res status we are going to put the 400
00:38:29
json
00:38:45
keys and here we put an unregistered user for example
00:38:48
ok for example user unregistered ok and
00:38:58
well if the user has found it then now what I'm going to do is
00:39:09
directly print it to me and that's it then we're going to send it to the network that sends it to us from json
00:39:13
and in the json I am going to say that it puts me usual ok and then here you see that this variable
00:39:21
that we have created identified that has the idea I am using it in the controller to pass it on
00:39:33
to the database to the search is worth to the query of the database is worth in principle if not
00:39:41
this if everything is fine because it is already then we go first this is the out so nothing we go out
00:39:48
ok here I give it to send ok the user is not logged we log in ok now we already have a cache
00:39:59
and when I come here it is ok and it already returns me all the values all the key value document
00:40:08
that belong to the identifier that we have taken in the middle where it is worth then a
00:40:18
video web a middle where it is used for that it is worth to be able to do verifications it is worth the
00:40:24
next the next all that you are going to see always in the middle where it is worth especially when they are
00:40:34
de verificación vale bueno qué es lo que faltaría hacer ahora que estamos trabajando contra contra
00:40:40
una base de datos vale entonces aquí lo suyo es usar el try el cat bueno la web ya lo hemos
00:40:50
usado entonces esto ya os lo dejo como ejercicio para vosotros y en el siguiente vídeo ya os enseño
00:40:58
as it would be worth then that yes that for you to follow a pattern remember when we have
00:41:06
done that with register it was it seems to me to create token access it is worth creating token access it is
00:41:13
in lib jwt this function was here then put another one here that is called token verification
00:41:24
o algo así vale y que nos vaya a devolver
00:41:32
que nos vaya a devolver pues la información vale lo que estamos haciendo no poner aquí
00:41:38
esta consulta y todo esto vale bueno pues pues hasta aquí un saludo hasta luego
00:41:44
- Idioma/s:
- Idioma/s subtítulos:
- Autor/es:
- Mario S.
- Subido por:
- Mario S.
- Licencia:
- Dominio público
- Visualizaciones:
- 27
- Fecha:
- 14 de julio de 2024 - 23:07
- Visibilidad:
- Público
- Centro:
- IES VILLABLANCA
- Duración:
- 00′ 12″
- Relación de aspecto:
- 1.78:1
- Resolución:
- 1920x1080 píxeles
- Tamaño:
- 100.08 MBytes
