WEBVTT

00:01.030 --> 00:09.420
So this time around, what we want to do is to modify our roots, go file to allow for protected roots

00:09.430 --> 00:12.140
and as I suggested, we'll be doing that using middleware.

00:12.190 --> 00:17.380
So before we write the middleware, let's just go to the bottom of this file just before return monks,

00:17.920 --> 00:19.950
and we'll put some more code in here.

00:19.960 --> 00:25.330
And what I'm going to use is Muxtape Root, which is available to us from the cheap package.

00:26.200 --> 00:32.650
And this allows us to create a new mux and apply middleware to it and actually to group certain kinds

00:32.650 --> 00:35.300
of roots logically into one location.

00:35.410 --> 00:43.450
So I'm going to decide that any route that begins with API admin is going to be protected by our middleware.

00:43.460 --> 00:44.640
We're going to write momentarily.

00:45.250 --> 00:50.680
And the way we do that is simply by putting a phone call in here func and handing it the router, which

00:50.680 --> 00:51.580
I'll call Maxygen.

00:52.150 --> 00:56.320
And it's a type dot router right there.

00:57.250 --> 01:02.230
And everything inside this closure, this anonymous function will be grouped together.

01:02.470 --> 01:07.810
So I can actually put a call to use middleware right in here, and it will only apply to the roots that

01:07.810 --> 01:09.750
are included in this muxtape root.

01:10.240 --> 01:11.240
So let's go right to middleware.

01:11.350 --> 01:12.910
So over to my API folder.

01:13.240 --> 01:19.360
I'll create a new file inside of there, which I'll call Middleware Dutko.

01:21.350 --> 01:23.150
And of course, that's in package making.

01:26.830 --> 01:31.060
So we'll write one bit of middleware in here, which I'll call off, and it's very, very simple and

01:31.060 --> 01:36.220
actually it uses almost exactly the same logic as we did the last time we tried to authenticate a token

01:37.030 --> 01:37.920
so of function.

01:37.930 --> 01:42.190
And I'm going to give it the receiver of up to application because I'll be using some things that are

01:42.190 --> 01:47.950
available from that receiver, not to call it off, because this is middleware that has one parameter,

01:48.730 --> 01:58.380
which is almost always called next, and it's a type HTTP dog handler and it returns and HTP dog handler.

02:00.190 --> 02:08.710
Now, inside of that I'll actually return and htp dog handler Folke and make sure you get handler func

02:08.710 --> 02:09.940
and not handle func.

02:10.480 --> 02:11.380
So handler func.

02:12.880 --> 02:22.000
And that takes a function with two parameters, our response writer and a pointer to a request, our

02:22.330 --> 02:24.340
star HDB request.

02:28.640 --> 02:32.030
And all I'm going to do in here is call app dot authenticate.

02:32.480 --> 02:34.690
So I don't care about the user in this case.

02:34.700 --> 02:36.580
I just want to make sure I'm not getting an error.

02:37.730 --> 02:44.350
And that's a sign the value of after authenticate token and all that requires is a request and we check

02:44.360 --> 02:44.810
for an error.

02:45.260 --> 02:52.220
If error is not equal to nil, then I'll call after invalid credentials because I don't like giving

02:52.220 --> 02:53.930
too much information back to the user.

02:53.960 --> 02:57.160
All I want to tell them is you can't do this and I'll return.

02:58.220 --> 03:00.280
Otherwise we just keep going.

03:00.290 --> 03:07.010
We pass our next door, serve HTP with our response operator and a request.

03:08.090 --> 03:15.340
Now that we have this written, I can go back to Roots, a dash API, go and use that middleware don't

03:15.350 --> 03:19.120
use and I'm going to use app dot off.

03:20.570 --> 03:26.910
Now I can add as many routes as I want inside this, this anonymous function that's called from Muxtape

03:26.990 --> 03:29.390
route and they'll all be protected.

03:29.750 --> 03:32.450
So we'll get started on using this in the next lecture.