WEBVTT 00:01.800 --> 00:02.940 So let's give this a try. 00:03.240 --> 00:07.400 Let's open our terminal and just run, make stir. 00:07.780 --> 00:10.020 I should start at the front end and the back end. 00:10.980 --> 00:11.830 And there it goes. 00:12.270 --> 00:16.020 Now let's go over to our Web browser and see how many things we got right. 00:16.040 --> 00:23.330 So I'll go to localhost four thousand and I will try logging in. 00:23.940 --> 00:27.000 So when I look at my database right now. 00:27.800 --> 00:33.410 I have one entry in the Tokens table that was created at twenty twenty one oh seven twenty three, sixteen 00:33.410 --> 00:40.340 fifty three, so that's log, you only use valid credentials, for example, dot com with the password, 00:40.340 --> 00:42.280 password and log in. 00:43.340 --> 00:48.690 And now if we go back to our database and refresh this, the date has changed. 00:48.740 --> 00:50.200 So now it's seven. 00:50.210 --> 00:50.930 Twenty six. 00:50.930 --> 00:52.010 Fourteen, forty three. 00:52.040 --> 00:52.440 Perfect. 00:52.610 --> 00:55.270 OK, so we have a token in the database. 00:56.030 --> 00:58.310 Now let's open our JavaScript console. 01:02.340 --> 01:08.460 Right here, and I'll make it a bit wider now, let's try going to the virtual terminal page and that 01:08.460 --> 01:13.670 should call the check auth function and that should hit the back end and say, hey, here's my token. 01:13.680 --> 01:14.460 Am I valid? 01:16.880 --> 01:22.190 And it gave me a not logged in and took me back to the virtual terminal, so clearly we got something 01:22.190 --> 01:22.610 wrong. 01:23.180 --> 01:24.560 Let's see what that might be. 01:24.590 --> 01:32.690 Let's go over to her console and see if we have anything longer unknown column t hash in the where clause. 01:32.810 --> 01:35.510 That's why I put that message in my tokens. 01:35.510 --> 01:37.020 Don't go the log. 01:37.640 --> 01:42.560 We didn't actually call it hash in the database. 01:42.580 --> 01:45.130 It's actually called token underscore hash. 01:45.140 --> 01:52.150 So let's fix the token, underscore hash and we'll restart everything. 01:53.120 --> 01:54.620 So may stop 01:57.980 --> 01:58.400 start. 02:01.980 --> 02:08.880 It's running again, so let's go back to our Web browser, go to the homepage, we're still logged in. 02:09.000 --> 02:13.260 Let's clear the JavaScript console and now let's try going to the virtual terminal page. 02:14.890 --> 02:17.080 And it says, log in, perfect. 02:17.320 --> 02:28.420 Now let's go back to the home page and log out and try typing Virtual Dush terminal right in the in 02:28.420 --> 02:29.800 the browser's address bar. 02:29.920 --> 02:31.870 And that should take us back to the login screen. 02:31.900 --> 02:32.530 And it does. 02:33.190 --> 02:40.480 Now, just as a little note here or an aside, if you want to use this method, this form of authentication, 02:40.990 --> 02:43.090 you can do it and there's nothing wrong with it whatsoever. 02:44.050 --> 02:50.940 Let's go back to our I.T. and let's look at base layout going HTML. 02:51.580 --> 02:57.400 What you would have to do if you really wanted to make this your one form of authenticating people is 02:57.430 --> 02:59.980 you wouldn't want checkoff to be where it is right now. 03:00.010 --> 03:05.620 At the bottom of this this particular file, you would move it up into the header, say, right up here 03:05.620 --> 03:06.640 just after the title. 03:06.820 --> 03:08.680 OK, you would put it here. 03:08.680 --> 03:12.670 So it's in the head and on your terminal page here. 03:13.330 --> 03:19.050 Instead of calling check off at the bottom of the page, you would again put it right up here in a new 03:19.060 --> 03:25.810 block that you would define that appears after where your function would be right here. 03:25.810 --> 03:34.840 So I would put a script tag like this script, and I'm going to get rid of this script and I would put 03:34.840 --> 03:37.440 the check off function. 03:39.910 --> 03:47.560 Then after that, I would put something like this block in head or whatever you want to call it and 03:47.560 --> 03:48.140 hand it data. 03:48.400 --> 03:48.840 OK. 03:50.660 --> 03:57.890 And then end it so in terminal page, when that's rendered, we would already have the check auth function 03:57.890 --> 04:02.270 right here in the hat and a terminal page, I would put my check up here. 04:02.540 --> 04:06.010 I would define in head and put my call to check off. 04:06.020 --> 04:11.420 And the reason being the way the browsers work right now, at least, is that as a page is being rendered, 04:11.810 --> 04:16.240 as soon as it finds that script tag in the head, everything comes to a screeching halt. 04:16.250 --> 04:18.820 It executes that JavaScript and then it moves on. 04:19.010 --> 04:21.310 And that's the way browsers work right now, at least. 04:22.460 --> 04:29.090 So if we put our check up in the head, the user is not going to see that page until that JavaScript 04:29.090 --> 04:29.780 is executed. 04:29.780 --> 04:35.660 And if that fails, authentication, if the token we send either doesn't exist or is expired or is invalid, 04:35.840 --> 04:39.210 then they get redirected to the login page before they see anything else. 04:39.260 --> 04:40.430 So that is one approach. 04:40.460 --> 04:45.530 Now, I'm not going to do that because in the coming lectures, I'm going to implement another form 04:45.530 --> 04:50.060 of of checking for authentication that's handled server side with sessions. 04:50.780 --> 04:53.390 So we have this working right now. 04:53.390 --> 04:59.680 We have a means of sending a token to the back end to seeing if it's valid and that works really well. 04:59.690 --> 05:05.510 But before we go too much further, we should probably write some middleware that allows us to authenticate 05:05.510 --> 05:07.560 users in a much more meaningful fashion. 05:07.730 --> 05:13.070 And the logic is going to be more or less the same, but it's going to make it much more usable for 05:13.070 --> 05:18.050 us if we extract everything to middleware and do our authentication based upon the route that is being 05:18.050 --> 05:18.680 accessed. 05:18.710 --> 05:20.870 So we'll get started on that in the next lecture.