WEBVTT

00:02.100 --> 00:07.020
So we need to keep working on this authenticate token function in handler's dash API.

00:07.710 --> 00:14.040
And what we'll do right now is get the authorization header and strip out the part that we need, which

00:14.040 --> 00:14.950
is the actual token.

00:15.570 --> 00:19.520
So what we'll do is we'll leave the where you will be getting rid of that before too long.

00:19.530 --> 00:22.770
But for right now, let's get the authorization header.

00:24.550 --> 00:26.190
And that's nothing more than getting the header.

00:26.190 --> 00:31.260
So our header don't yet and we're going to get authorization

00:33.990 --> 00:38.340
or is it at violin and make sure you spell that right or none of this will work.

00:39.110 --> 00:42.500
So first thing will do is check to see if that actually exists.

00:42.510 --> 00:49.360
So if authorization header is equal to an empty string and we don't have it, so it will return.

00:49.450 --> 00:52.710
No, we don't want to return it because we don't have one.

00:53.370 --> 00:54.180
And a new error.

00:54.990 --> 01:04.200
Errors start new and we'll return no auth or ization header received, OK?

01:06.620 --> 01:12.920
So now if we get past that, then we actually have an authorization, so let's break it up into its

01:12.920 --> 01:18.880
parts that are parts he's assigned the value of from the strings package.

01:19.970 --> 01:21.230
We're going to split.

01:22.680 --> 01:31.650
The authorization letter and we'll split it on a on a one space, which occurs between Barer and the

01:31.650 --> 01:32.440
token itself.

01:32.880 --> 01:39.150
So back in base layout, when we send that, we're sending the authorization header named authorization,

01:39.540 --> 01:42.290
and it consists of the word barer followed by a space.

01:42.300 --> 01:43.680
So we're splitting it on the space.

01:47.370 --> 01:48.720
So we need to check something.

01:48.720 --> 01:51.180
We need to check if the line of.

01:52.860 --> 01:58.350
Heter perts is not equal to two or.

02:01.570 --> 02:15.820
Tetrapods zero is not equal exactly to barer, then again, and I have a typo here, they should close

02:15.820 --> 02:19.490
here and we don't need this one here.

02:19.900 --> 02:20.410
That's better.

02:21.490 --> 02:29.170
Then again, we'll return nil and error start new and this time will say.

02:31.370 --> 02:35.600
No authorization letter received.

02:35.880 --> 02:42.290
Same thing now, just so you know, even though I'm generating these error messages right here, I'm

02:42.290 --> 02:43.280
actually not going to use them.

02:43.310 --> 02:48.080
I like to give as little information as possible to users who are trying to authenticate when something

02:48.080 --> 02:48.630
goes wrong.

02:49.100 --> 02:54.650
I don't want to give any indication as to what is missing, but I put these error messages in here and

02:54.650 --> 02:59.930
I'll make different ones as time goes on, because some people actually like to have more meaningful

02:59.930 --> 03:01.490
messages sent to the end users.

03:01.610 --> 03:05.770
But in my case, when it comes to authentication, I'm going to tell them the bare minimum.

03:06.050 --> 03:06.680
But it's up to you.

03:08.510 --> 03:12.950
So now we'll get the token token is equal to or assign the value of

03:16.220 --> 03:21.140
header parts index one, because that's where the tokens should be.

03:22.580 --> 03:29.260
Now, we'll do another check if the length of token, which is a string, is not equal to twenty six.

03:29.270 --> 03:31.940
And in our case it will always be twenty six.

03:32.390 --> 03:40.640
So if it's not equal to twenty six then we'll just return null and error or start new and we'll say

03:41.300 --> 03:45.230
authentication token wrong size.

03:47.750 --> 03:56.630
Now if we get past all of this now we will in the next lecture get the user from the tokens table.

03:58.510 --> 04:06.230
OK, so what we've done so far is to actually grab the necessary header authorization, make sure that

04:06.230 --> 04:07.310
it exists.

04:08.120 --> 04:13.250
Then we make sure that the content of the authorization header consists of the word barer, followed

04:13.250 --> 04:18.190
by a space followed by some string that is exactly twenty six characters long.

04:18.710 --> 04:23.360
And if we get past all of that, then we can try to get the user from the tokens table from the database

04:23.630 --> 04:26.150
and we'll take care of that in the next lecture.