1
00:00:01,120 --> 00:00:05,560
All right, before we go any further, let's take care of this one to do item, we want to take the

2
00:00:05,560 --> 00:00:07,180
user back to the login screen.

3
00:00:07,180 --> 00:00:11,410
If things didn't work the way we expected or if the username and password don't match what's in our

4
00:00:11,410 --> 00:00:15,160
database, whatever the case may be, if the form is not valid, we're going back.

5
00:00:15,730 --> 00:00:16,740
So how do we do that?

6
00:00:16,750 --> 00:00:17,430
Really simple.

7
00:00:17,440 --> 00:00:23,470
We've done it before, rendered a template, the response writer, our pointer to our request, the

8
00:00:23,470 --> 00:00:32,650
name of the template, which in our case is login page dot temple and a reference to a model's template

9
00:00:32,650 --> 00:00:32,980
data.

10
00:00:32,980 --> 00:00:36,580
And all we have to populate is our form with our form information.

11
00:00:37,300 --> 00:00:40,760
Now back in our login page, of course, we want to be able to test this.

12
00:00:40,760 --> 00:00:47,440
So we'll put new validated in here right now and back in our handlers after we've rendered that we want

13
00:00:47,440 --> 00:00:47,970
to return.

14
00:00:47,980 --> 00:00:50,760
We don't want to process any further in the application.

15
00:00:51,370 --> 00:00:55,510
So if we've done this properly and I think we have, we should be able to stop our application.

16
00:00:55,510 --> 00:00:57,580
If it's running, start the application.

17
00:00:59,980 --> 00:01:07,130
Go back to our Web browser, reload this page and try to submitting nothing, and it says this field.

18
00:01:07,150 --> 00:01:08,520
That's exactly what we wanted.

19
00:01:08,830 --> 00:01:11,220
So you notice here this actually should be an email.

20
00:01:11,230 --> 00:01:18,820
So there's one more check we should put in here, which is form DOT is email and the field is email.

21
00:01:19,280 --> 00:01:20,330
We may also do that.

22
00:01:21,370 --> 00:01:22,180
Let's stop.

23
00:01:22,180 --> 00:01:23,330
That started again.

24
00:01:24,020 --> 00:01:25,120
Make sure that works.

25
00:01:25,330 --> 00:01:25,840
It will.

26
00:01:26,020 --> 00:01:30,940
But I like to validate things and we'll put in something that's not an email and we'll put a password

27
00:01:30,940 --> 00:01:31,480
in this time.

28
00:01:32,170 --> 00:01:33,330
Invalid email address.

29
00:01:33,340 --> 00:01:33,940
Perfect.

30
00:01:33,950 --> 00:01:34,370
OK.

31
00:01:34,390 --> 00:01:36,070
And of course, it's trying to save my password.

32
00:01:36,070 --> 00:01:37,480
I have to disable that at some point.

33
00:01:38,170 --> 00:01:39,740
Anyway, that seems to be working.

34
00:01:39,940 --> 00:01:40,510
All right.

35
00:01:40,870 --> 00:01:44,710
So validations taking care of what's our next step?

36
00:01:45,130 --> 00:01:50,950
Well, our next step is after we've successfully logged this user in, we've stored this user ID in

37
00:01:50,950 --> 00:01:51,490
the session.

38
00:01:51,880 --> 00:01:57,580
And what we want to do now is to write some middleware and possibly a helper function to determine whether

39
00:01:57,580 --> 00:01:59,600
or not someone is logged in.

40
00:01:59,920 --> 00:02:04,540
So let's go over to our Help Helpers file to start with, which is I'll just find it this way.

41
00:02:04,540 --> 00:02:05,560
Helper's ago.

42
00:02:05,590 --> 00:02:06,070
There it is.

43
00:02:06,550 --> 00:02:10,480
And I'm going to create a new function, which I'm going to call is authenticated

44
00:02:14,050 --> 00:02:16,090
and it's going to take what.

45
00:02:16,100 --> 00:02:17,590
Well pretty straightforward.

46
00:02:18,730 --> 00:02:23,260
It's going to take the request which is a pointer to an HDP request

47
00:02:25,930 --> 00:02:27,610
and it's going to return a boolean.

48
00:02:28,240 --> 00:02:28,630
True.

49
00:02:28,630 --> 00:02:37,060
If someone is authenticated, false if they are not and it's going to be as simple as this exists equals

50
00:02:38,410 --> 00:02:41,020
app dot session dot exists.

51
00:02:41,920 --> 00:02:51,160
And then it needs the context and context which is passed as a parameter, this function and that I'm

52
00:02:51,160 --> 00:02:53,530
looking for a particular entry in that.

53
00:02:53,530 --> 00:02:56,020
And that entry is user underscore ID.

54
00:03:00,160 --> 00:03:05,120
So I somehow deleted that closing parentheses and then I just returned exists.

55
00:03:08,370 --> 00:03:08,980
And that's it.

56
00:03:09,000 --> 00:03:13,710
So there's a function in my helper that I can always call from anywhere, I have access to the helpers

57
00:03:14,160 --> 00:03:15,600
to see if someone is authenticated.

58
00:03:15,990 --> 00:03:17,570
Now let's open our middleware.

59
00:03:17,670 --> 00:03:21,240
So let's find our middleware right here and let's write some new middleware.

60
00:03:23,240 --> 00:03:30,590
Now, I call this middleware off just as simple as that, and like all middleware, it'll take up the

61
00:03:30,590 --> 00:03:39,530
parameter of next, which is htp dot handler type and it will return and htp htp dot handler as well.

62
00:03:40,970 --> 00:03:47,990
Now, one thing that's different about this middleware and say this one or this one is that here I actually

63
00:03:47,990 --> 00:03:54,290
need to have access to the request because in this middleware I'm going to call that helper function

64
00:03:54,290 --> 00:04:01,970
is authenticated that we just created and it requires a pointer to the request as a parameter.

65
00:04:02,300 --> 00:04:06,320
And we can get that and we can get that by doing something a little bit differently in this middleware.

66
00:04:06,660 --> 00:04:07,800
We're going to have a return.

67
00:04:07,820 --> 00:04:10,380
So this is going to return an active handler.

68
00:04:10,820 --> 00:04:12,830
So what how am I going to get that handler?

69
00:04:12,830 --> 00:04:21,710
By calling the handler funk and having as its parameter an anonymous function which will be of named

70
00:04:21,710 --> 00:04:28,610
funk because it's just that anonymous function and it will take as parameters w SCDP DOT response writer

71
00:04:30,230 --> 00:04:33,380
and R, which is a pointer to HTP request.

72
00:04:33,380 --> 00:04:34,400
And that's what I wanted.

73
00:04:34,730 --> 00:04:41,930
And I can do that because I'm returning something that has access to the the response operator, response

74
00:04:41,930 --> 00:04:44,990
operator and the request from the HDB handler func.

75
00:04:45,290 --> 00:04:53,660
So I've now done this and inside of that the body of this function is where I can actually call helper's

76
00:04:53,660 --> 00:05:02,240
is authenticated, if not Helper's dot is authenticated and pass it that request a pointer to the HP

77
00:05:02,240 --> 00:05:02,840
request.

78
00:05:03,650 --> 00:05:07,310
Then if they're not authenticated, what I want them, what do I want to do.

79
00:05:07,520 --> 00:05:17,420
Well I need to put an error message in their session dot put and I'm going to put in the session from

80
00:05:17,420 --> 00:05:22,880
our context because the session needs that and I'll put an error.

81
00:05:24,880 --> 00:05:32,980
And I'll put in the message log in first, and then after that, I'll do a redirect, SCDP redirect.

82
00:05:35,810 --> 00:05:42,830
W are, and I'm going to redirect them to the login screen user login Ishido status, see other.

83
00:05:46,100 --> 00:05:47,900
And at that point, I will return.

84
00:05:47,930 --> 00:05:54,770
I don't want anything else to happen, so this middleware is something I can apply to routes that I

85
00:05:54,770 --> 00:05:55,670
want to protect.

86
00:05:55,880 --> 00:05:57,390
Now, of course, I can't stop there.

87
00:05:57,620 --> 00:06:05,660
I need to actually do the next DOT serve HTP and put it in the w our like we do with all good middleware.

88
00:06:06,140 --> 00:06:11,480
So what this is doing, this is this is exactly the same logic as the no surf or as the session load,

89
00:06:11,720 --> 00:06:16,220
but it's our own custom middleware that actually has access to the request.

90
00:06:16,400 --> 00:06:24,080
So we can call helper's dot is authenticated and if this doesn't fail then we just pass onto the next

91
00:06:24,080 --> 00:06:28,620
middleware if any, and the request lifecycle continues on its merry way.

92
00:06:29,180 --> 00:06:35,060
So this is going to be incredibly useful because we can use this middleware to protect roots in our

93
00:06:35,060 --> 00:06:41,210
roots file to ensure that only people who are logged in actually have access to the roots that we want

94
00:06:41,210 --> 00:06:41,780
to protect.

95
00:06:42,260 --> 00:06:47,530
So we've got this built and we will take care of implementing it in the next lecture.