1
00:00:00,780 --> 00:00:06,210
So this time around, we want to experiment with and write our first bit of middleware and the first

2
00:00:06,210 --> 00:00:08,360
middleware we write is going to be completely useless.

3
00:00:08,880 --> 00:00:13,350
The entire purpose of it is just to show you how middleware works and how you might go about writing

4
00:00:13,350 --> 00:00:13,470
it.

5
00:00:14,010 --> 00:00:21,240
So what I want to do is this is my roots file and I want to write some middleware that says every time

6
00:00:21,240 --> 00:00:25,540
somebody hits a page, just write something to the console.

7
00:00:25,560 --> 00:00:28,910
So in other words, format, print, line and some kind of message.

8
00:00:29,460 --> 00:00:35,400
So to make that happen, the very first thing I have to do is create a new file, create a new go file

9
00:00:35,400 --> 00:00:38,490
in command web called middleware.

10
00:00:38,970 --> 00:00:39,270
Go.

11
00:00:39,750 --> 00:00:40,170
All right.

12
00:00:41,100 --> 00:00:44,790
In the middleware I go, I'm going to create a function and I'm going to create a function that's going

13
00:00:44,790 --> 00:00:47,760
to look a little bit odd to you at first, but I'll explain it to you.

14
00:00:47,770 --> 00:00:53,450
So, first of all, let's give it a name func right to console.

15
00:00:55,160 --> 00:00:55,980
That's my function.

16
00:00:56,550 --> 00:01:01,830
And it's going to take one parameter and I'm going to call that parameter next, which is pretty common

17
00:01:01,830 --> 00:01:03,960
to name the parameter in middleware next.

18
00:01:03,960 --> 00:01:14,490
When you're writing middleware, it's of type HTP Tandler and it returns and htp dot oops, HDB handler

19
00:01:14,490 --> 00:01:14,930
as well.

20
00:01:17,070 --> 00:01:20,810
And inside of that I'm going to write a return function.

21
00:01:20,820 --> 00:01:26,700
I'm going to return a type of htp dot handler func.

22
00:01:27,600 --> 00:01:33,750
Inside of that I'm going to have an anonymous function func and it's going to take as most things to

23
00:01:33,760 --> 00:01:42,720
deal with handlers due to arguments w htp dot response writer and our star request, which you've seen

24
00:01:42,720 --> 00:01:48,150
many times by this point, and that is going to inside of that return function.

25
00:01:48,180 --> 00:01:50,550
Here's what we're actually returning a better put a capital H there.

26
00:01:52,080 --> 00:01:54,320
What we're going to return is something that's really simple.

27
00:01:54,330 --> 00:02:02,820
We're going to say print to the console format, dot print line, hit the page, OK?

28
00:02:03,420 --> 00:02:08,880
And then we need to at the end of this, we need to move onto the next and the next might be another

29
00:02:08,880 --> 00:02:13,530
bit of middleware or it might be the part in our file where we actually return our mux.

30
00:02:13,740 --> 00:02:21,450
So we'll just say next dot serve http w our response writer and the pointer to the request.

31
00:02:21,720 --> 00:02:28,800
So now I've written this little bit of this little bit of code that's just a bit of middleware and it's

32
00:02:28,800 --> 00:02:33,840
a function, it has a name, it takes an argument which is a handler, it returns a handler.

33
00:02:33,840 --> 00:02:41,940
And inside of that I have the return function which consists of an anonymous function cast to a handler

34
00:02:41,940 --> 00:02:46,950
func, and that that will actually allow us to serve our middleware.

35
00:02:47,130 --> 00:02:48,710
OK, so how do I use this?

36
00:02:48,720 --> 00:02:50,160
Well, the same way I used other middleware.

37
00:02:50,170 --> 00:02:56,370
I'll go back to my roots folder and I will say, are my roots file and say Muxtape use?

38
00:02:56,370 --> 00:02:58,520
And I called it right to console.

39
00:02:58,800 --> 00:02:59,280
That's it.

40
00:02:59,790 --> 00:03:01,130
That's all I should have to do.

41
00:03:01,440 --> 00:03:09,600
So if I start my application by going to my terminal window and writing Go Run Command Web Stargirl,

42
00:03:09,630 --> 00:03:15,540
I'm now compiling three files in my web folder, Main Middleware and Roots and run that.

43
00:03:17,480 --> 00:03:23,330
Good, so it's running and then I go over to my Web browser and I just reload this page a few times,

44
00:03:24,490 --> 00:03:28,700
so I've reloaded it three times and I come back and there wrote the middleware three times.

45
00:03:29,000 --> 00:03:30,890
That's how you write basic middleware.

46
00:03:30,890 --> 00:03:36,920
And most middleware, actually, all middleware will have a very similar format to what you're seeing

47
00:03:36,920 --> 00:03:37,550
right here now.

48
00:03:37,560 --> 00:03:41,450
There'll be other instances where you don't have to have this anonymous function and you just return

49
00:03:41,450 --> 00:03:43,980
on HTP Handler and we'll be seeing that in just a moment.

50
00:03:44,240 --> 00:03:52,220
Actually, right now, before too much longer, we're going to start building a useful application.

51
00:03:52,300 --> 00:03:53,920
Right now, our application is nothing.

52
00:03:53,930 --> 00:03:55,900
It's just showing us how things work.

53
00:03:55,910 --> 00:03:58,850
We have one about page which really has no information.

54
00:03:58,850 --> 00:04:00,830
We have one home page that has no information.

55
00:04:01,100 --> 00:04:04,190
We're actually going to build an application and I'll be talking about that.

56
00:04:05,520 --> 00:04:06,410
Not the next section.

57
00:04:06,410 --> 00:04:11,030
The section after that, probably we're going to build an application that we'll actually have forms

58
00:04:11,030 --> 00:04:12,320
on the page, for example.

59
00:04:12,710 --> 00:04:19,070
And you may recall a while ago, I said in that default data, let's find that render function right

60
00:04:19,070 --> 00:04:21,180
here actually is not there.

61
00:04:21,180 --> 00:04:24,750
And we put it into where is it, template data.

62
00:04:25,400 --> 00:04:31,230
Remember when we made this model for template data, I said we're going to be using C SRF tokens.

63
00:04:31,520 --> 00:04:37,070
Well, now is the perfect time to actually look at how we can populate that.

64
00:04:37,190 --> 00:04:39,200
We're going to do the whole thing, but we'll get started.

65
00:04:40,490 --> 00:04:47,180
That CSR CSR token stands for cross site request forgery token.

66
00:04:47,300 --> 00:04:52,220
And it's nothing more that when you build a Web page, you have a hidden with a form on it.

67
00:04:52,430 --> 00:04:58,580
You have a hidden field in that form, which is a long string of random numbers, and they change every

68
00:04:58,580 --> 00:05:00,730
single time somebody goes to a page.

69
00:05:01,310 --> 00:05:06,890
Well, that seems to me like a really suitable place for middleware instead of as we've done here in

70
00:05:06,890 --> 00:05:10,370
this right to console, just format, print line, hit the page.

71
00:05:10,520 --> 00:05:11,760
We could generate that token.

72
00:05:12,020 --> 00:05:17,050
Well, it turns out there's a really good package which already exists that does precisely that.

73
00:05:17,450 --> 00:05:19,730
Let's go to Google and find Googling.

74
00:05:19,730 --> 00:05:22,420
No search because it's called no surf.

75
00:05:22,460 --> 00:05:23,390
I put any on there.

76
00:05:24,890 --> 00:05:25,640
Let's get rid of that.

77
00:05:28,980 --> 00:05:30,310
Here it is, GitHub.

78
00:05:30,510 --> 00:05:34,360
So this is a vulnerability, but that gives me the name of it, that's all I really want.

79
00:05:34,380 --> 00:05:37,260
So let's copy that paste into here.

80
00:05:37,830 --> 00:05:42,610
And this is a nice little package that actually generates this for us.

81
00:05:42,630 --> 00:05:45,450
It's an easy package for go that helps you prevent CSF.

82
00:05:46,020 --> 00:05:48,550
So how do we actually use this?

83
00:05:48,570 --> 00:05:49,610
It's pretty straightforward.

84
00:05:49,620 --> 00:05:51,630
Let's find our install package.

85
00:05:53,290 --> 00:05:58,520
We shouldn't bother giving it to me, but I can figure it out or copy that part of the URL.

86
00:05:59,230 --> 00:06:07,250
Go back to my terminal or my I.D. Stop the application and clear the screen.

87
00:06:07,540 --> 00:06:09,220
Go get that.

88
00:06:10,450 --> 00:06:12,140
So it's gone and gotten it for us.

89
00:06:12,400 --> 00:06:15,730
Let's make sure it's in our goman because I like to verify those sort of things.

90
00:06:15,730 --> 00:06:16,480
Go on.

91
00:06:19,330 --> 00:06:20,620
There it is, it's installed.

92
00:06:20,830 --> 00:06:24,380
Well, we can actually use this without too much difficulty at all.

93
00:06:26,350 --> 00:06:30,580
So back in my middleware, well, first of all, my roots, let's get rid of this one.

94
00:06:30,580 --> 00:06:33,010
We're not actually going to do anything with because it's useless.

95
00:06:33,610 --> 00:06:35,450
Delete that back in here.

96
00:06:35,470 --> 00:06:36,910
I'll delete this because I'm not using it.

97
00:06:36,910 --> 00:06:38,320
Actually, only that there is a reference.

98
00:06:38,320 --> 00:06:40,060
It's not hurting anything because it's never called.

99
00:06:40,480 --> 00:06:51,260
I need to create a new bit of middleware func no serve next htp dot handler and it returns and htp dot

100
00:06:51,280 --> 00:06:54,100
handler as all middleware must.

101
00:06:54,370 --> 00:06:59,890
And what I'm going to do here is create a new variable, CSIR, F Tandler.

102
00:07:01,060 --> 00:07:06,280
I can call it whatever I want, but that's a meaningful name equals no sirf dot.

103
00:07:07,690 --> 00:07:15,430
Knew, and then I put in my next variable, so I'm taking this handler, which is an argument to I think

104
00:07:15,430 --> 00:07:16,320
I misspelled that.

105
00:07:16,570 --> 00:07:17,750
No, sir.

106
00:07:18,040 --> 00:07:18,520
There we are.

107
00:07:20,670 --> 00:07:24,890
And I'm taking the argument that this an HP handler passed to this Nosseir function, I'm using that

108
00:07:24,890 --> 00:07:28,270
as an argument to know Cerf knew, which will actually create a handler for us.

109
00:07:28,670 --> 00:07:31,520
And then I need to set some values for this.

110
00:07:31,640 --> 00:07:33,500
See SRF Handler.

111
00:07:35,040 --> 00:07:43,620
We need to set the base cookie because it uses cookies to make sure that the token it generates is available

112
00:07:43,770 --> 00:07:45,210
on a per page basis.

113
00:07:45,390 --> 00:07:52,470
So inside of that, we have the argument htp cookie, we're creating a new cookie and that's going to

114
00:07:52,470 --> 00:07:59,930
be HTP only, let's you say true for that path, cookie path.

115
00:07:59,940 --> 00:08:02,060
I want this to apply to the entire site.

116
00:08:02,070 --> 00:08:06,710
So Slash is the way that you refer to the entire site for a cookie secure?

117
00:08:06,720 --> 00:08:11,130
I'm going to say false because we're not running on HTP right now, but in production will actually

118
00:08:11,130 --> 00:08:14,570
change that to true and same site.

119
00:08:14,580 --> 00:08:20,710
The fourth parameter, we'll just use the in standard for that, which is same site, lax mode.

120
00:08:21,360 --> 00:08:21,750
All right.

121
00:08:21,780 --> 00:08:25,320
That's just enough information to create our No.

122
00:08:25,320 --> 00:08:26,620
SIRF token.

123
00:08:26,640 --> 00:08:27,550
That's all that we need.

124
00:08:27,600 --> 00:08:29,070
So we've installed the package.

125
00:08:29,070 --> 00:08:34,320
No SIRF now we've created new middleware for no surf and we need of course to use it.

126
00:08:34,320 --> 00:08:35,760
We have one error here somewhere.

127
00:08:35,770 --> 00:08:36,780
What is that error.

128
00:08:36,870 --> 00:08:37,170
Oh yeah.

129
00:08:37,170 --> 00:08:38,070
I got to return something.

130
00:08:38,220 --> 00:08:45,390
I better return CSIR handler there because if I don't return something we're never going to get past

131
00:08:45,390 --> 00:08:46,170
this bit of middleware.

132
00:08:46,980 --> 00:08:55,080
Let's go back to our Roots folder and now so we want to use my best use and I called it nurser.

133
00:08:56,650 --> 00:08:57,080
That's it.

134
00:08:57,640 --> 00:09:02,350
So now this should still compile, let's compile it, go run, command, web, go.

135
00:09:03,520 --> 00:09:05,320
It does perfect.

136
00:09:06,340 --> 00:09:08,350
And I should be able to reload the pages here.

137
00:09:10,410 --> 00:09:12,490
No problem at all, it does exactly what I want.

138
00:09:12,510 --> 00:09:16,410
So we've now put in a bit of middleware, which we're going to use a little bit later in the course

139
00:09:16,530 --> 00:09:20,400
when we start process are building forms and processing form posts.

140
00:09:20,700 --> 00:09:23,540
But that's really all you need to worry about for making middleware.

141
00:09:23,730 --> 00:09:28,260
And as time goes on, we'll be adding to this and we might even be using some more external packages.

142
00:09:28,680 --> 00:09:31,140
But this gives us a good start.

143
00:09:31,710 --> 00:09:32,010
All right.

144
00:09:32,020 --> 00:09:36,900
We need to move on next to sessions, which will also require us to use some middleware.

145
00:09:37,230 --> 00:09:38,580
That's enough for this time around.