@@stevechude3730 my videos are not for beginners. If you don't know hwo to set up Mongo locally, this video is not for you. Please consider how rude you're being to people that spend hours making videos for free.
I have said it before and I will say it again. This tutorial is so good that I got an internship. However, do not just copy and paste what he did here. Take this and build on it or build something different using the practices in this tutorial, connect a frontend to show something, or integrate other things if you need. When he said "it will make any CTO weak at their knees", he was not lying. But really understand what he's trying to teach here and I know there are issues with some packages being outdated but go and research, hell, use a different tool or whatever. That's how you get good. I will never be thankful enough to him for this tutorial, I learned a great deal of stuff. Thank you man!
yah 2 years ago but still gold. I'm not going to intern yet but through this tutorial, my skills have improved. I decide to watch the tutorial and then redo it by myself :D
It's rare to find people who provide us with as much content as you do and even less with this quality. This video was immensely rich and I could learn a lot from it. Thanks, Tom!
This is not to take anything away from Tom and his wonderful tutorials, the one thing I have began to observe is that lesser the subscriber count the better is the quality of the tutorial. Definitely not every time but generally
I love how you _almost_ stopped yourself laughing at your CTO comment right at the beginning. Thanks for putting together what will no doubt be another excellent tutorial. Keep 'em coming.
Migrating from js to typescript for express and I am really glad I found this! Wish I found it a little bit earlier. Would have saved me the stress of digging around for some things I know so far! Thanks a lot! You deserve a cofee!!
I cant believe i have access to this kinda tutorial for free....the amount of knowledge passed here is quite overwhelming.....I appreciate you so much.....your tutorial has great impact in my life...Many thanks.
Would love to see Prometheus, caddy+docker and Jest testing. Really got into typescript watching your videos. Please keep creating this lovely content!
super high quality content! I really like that you explain things like currying on the go, i mean you don't let anything unexplained on your code, thank you.
Hey man! Outstanding value in these two hours. Thanks a lot for putting in the work. Can't wait to start the other videos in that playlist. One quick feedback from my side: You're kinda rushing through the tutorial and it's sometimes hard to follow in that pace. It would be great if you could explain certain things a little bit better like the overall architecture of the application and why you are doing certain things. I think it's always great to have the big picture from the beginning on. Keep up the great work!
Thank you for the feedback. It's difficult to tell what pace the video should be because it really depends on how much experience the viewer has I think.
@@TomDoesTech Yeah I know what you mean. "Advanced" or "Beginner" is always subjective of course and a question what kind of audience you'd like to serve with your videos. More beginners or more advanced devs that might get bored out. But nonetheless, your content stays on a high quality! Thanks for your efforts, Tom.
@@TomDoesTech when i hit the healthcheck route I get an error that says "unable to connect to remote server". but the console shows app is running on the designated port
Overal great tutorial, one improvement I would suggest is putting more attention in small mistakes you make and fix during speed-up. Followed halfway through the tutorial to get my project's template to where I feel comfortable to develop it on my own. Huge thanks for for providing great starting point with a manageable folder structure and other methodologies!
Thank you for the feedback, that's really helpful! When I make those mistakes, I stop talking while I try figure it out so I need to learn to keep talking and explain the issue.
I agree, this is great tutorial, but you need to make sure to let us know when you’ve made a correction that been edited out. 🙏🏾 Otherwise excellent work👍🏾
You do awesome job Tom providing such a robust content for free! Would like to see another part with creating UI, handling all these sessions etc. on the client side, preferably with Redux Toolkit or Context API.
Thanks Adrian, I am working on the UI part. I'm going to keep the library use to a minimum because it could get confusing for anyone that doesn't know how that library works.
Very educative and thanks for taking time to make these production level videos. Also another tip on omitting the password from response... one can add select: false in the model level. This will automatically omit the password field or any other field with select: false.
Whoa didn't know that I can use postman like this. I always manually type my input whenever I test O_O. Yes, horrible! Thanks for this dude! Will be checking on your other videos.
I love your channel and the tutorials you created. They are very helpful! It would be great if you could zoom in vscode with some software for zooming videos so it is easier to understand what's going on since I usually divide my screen in two pieces. One is the video and the other one is my IDE and when I do this, the characters from your IDE are pretty small. Overall, I love the channel and I'm very happy that you are getting more subscribers every day.
Good tutorial! A little tricky coming from more refined structured API environments to Express but made the experience as native and 'easy' as possible. Thanks!
Thanks for the wonderful tutorial. Please make a video on how to securely handle refresh token and access token on the frontend with react. I need this for a job please
This is a very good and thorough explanation of how to implement TS on REST Api. Great video. I hope we will see a video on Fastify as well. Thanks Tom, for this great tutorial.
Senior dev here. Like. Senior. Anyway, I've been mucking about for a few months porting an ancient (most of you were in grammar school when line 1 was laid down) PHP project over to Node. I've got quite a good grasp on node, but as we programmers are bent to do, we strive for different, better. I've never been quite satisfied with my port of this project. I decided to scrap what I think I know, and start anew. This 2-hour video is solid gold. A great, fresh, modern approach. Well done. Great structure, great pacing. Whilst not the audience you intended for this video, I find that I am able to easily pause the video, and consider my implementation vs. yours, and adapt my system in near-realtime. Outstanding work.
I'm so glad you liked it! I think your approach is the best way to get the most out of the video. I try not to be too prescriptive in my videos. there are often better ways to do it. My goal is usually to give a suggestion and hope that the viewer pauses it and considers if they could improve on it. Thanks again for your kind words, I really appreciate it.
Hello there! First of all, I realy love your tutorial(s). I'd like to ask little bit deeper about session handling => We are making new session every time user logs in. In longer term i feel like it's lot of unnecessary data in db so my questions are => 1) Should we reuse users preivouse session, or is that bad approach? 2) Should we keep them or would it be better to have some middleware that would once in time delete or old sessions? Or delete users preivouse session every time he logs in...? 3) Can we use them for storing history of users behavior? (Add new variable to Sessions & have some middleware that would push log that variable every time some endpoint is called from that session) Thank you & hope you're doing well 🙂
If you got stuck with 403 forbidden in Postman around 3:30 in the video, set environment variables and attach the environment to the current workspace. Here's a one minute demo of me going from 403 forbidden to 200 ok by setting the environment properly: ruclips.net/video/SRX8H7OMS0c/видео.html
@@TomDoesTech Thanks I like the folder structuree in that video better, controller,service,schema all in same folder grouped by feauture! question why pick zod over yup ?
It would be top if you can make a new video, adding a new endpoint but this time using a TDD approach. This way, we could learn how an experienced developer writes code using TDD.
1:40:15 reIssueAccessToken is returning string or false, change the "return false" inside reIssueAccessToken to return "" , just a quick fix but can be fixed in many other ways
@@TomDoesTech ur welcome =) Just one little question. When you call the createUserSessionHandler you are using the same private key for the accessToken and refreshToken. Isn't that a problem? Or are you changing that later. Cant't wait to watch the next videos of that series =D
One good practice In Schema in usermodel add this field { ...something select:false } this will not return password unless we require by this method we can use less lodash to get it use .populate("password") in the end of query
@@TomDoesTech the problem is that you need to "populate" the password in the findOne method from "mongoose" or it's undefined in the comparePassword instance method. see the fix above.
Thank you so much Tom. This is excellente! What do you think about recreating this with Type-Graphql and Apollo? Seems to be a great stack for building modern graphql apps with Typescript.
If someone had problem with: 'routines: get_header_and_data: bad end line', just check if your IDE do not add extra line while saving your document. In my case, 'prettier' extension added extra spaces on the beginng of every line. After correcting that I got my token keys. BTW. Thank You TomDoesTech for your yt tutorial ts with my node server. And your video is god blessing
Hi Tom thanks for the video. Just a question on 1:35:18 why are we checking to see if there is no "_id" field in the decoded object? wouldn't it always be there if verifyJwt returns the decoded object?
Hi Tom, I have a request! Is it possible to divide the long video as playlist in future bcz completing this video in one go is not possible and thanks for making this awesome video!!
Thanks for a great lesson! Would be great to see a repo for the same but with sequelize/postgres instead of mongoose :) Do you maybe have anything already?
Hi, I watched your previous vidoe on the same, I liked this video far more than the previous, because in this session, we end user get to see and comprehend the code written, and it's not overwhelming when you explain by writing them. I was practicing it alongside, although I am getting type errors like "module mongoose has no exported member DocuemtDefinition" Can you please help me with that? Also, Is there another way to use the interface instead Omitting each field individually
Is it standard to have a Service layer ? In other mvc examples, I've usually seen all those functionalities from the service layers inside the controllers. Great tutorial btw! Will be watching the unit testing in express video next in your channel .
I don't know if it's standard or now and I don't think it's useful to think about it like that. I think the question you should be asking is: "Does this make sense for my application and does it fit with the way I like to work?"
Please is there a reason why you were storing the user's sessions in the database? Also, can I store the user's sessions in Redis instead of the database?
Hello, i have a question regarding the folder structure What's your thought on the feature oriented structure? (Where one would have a top level folder for Users, Products and each of those contain the corresponding controller, service and model etc) Wouldn't that make it much easier to manage especially when your app grows in size?
Hi Skia, thanks for the question. The answer to this is going to be a little long, so sorry for that. The module approach has become really popular, especially with Nest.js using it. I think it's a great approach but not really something I use outside of Nest.js. Firstly, it doesn't really matter what you use, just be consistent. People will choose weird hills to die on and tell you one thing is absolutely better and another, I tend to be very skeptical of opinions like that. The module approach that you mentioned in a tip of the hat to OOP where everything is organised around object definitions. OOP isn't a paradigm that I use often, or at all outside of Next.js. I like to organise my code around functions and think more about how the data flows through the system, opposed to how objects are defined. Lastly, this structure helps to illustrate how the data flows from the route handlers, through the controller and down to the DB, which I think it an important concept to think about and teach.
I'll also add that when it coming to maintaining large code bases, I rarely think about how the code is actually organised, as long as it's consistent. The other things that also help maintain large code bases are good tests, documentation, small and simple components, appropriate abstractions ect...
Beautiful Tutorial!!! LOVED IT!! Just one question... Why do you prefer to use the config file for variables instead of enviroment variables? Is that secure?
If you're having problems with the pino logger config because of the deprecated prettyPrint prop import logger from "pino"; import dayjs from "dayjs"; const log = logger({ transport: { target: "pino-pretty", options: { colorize: true }, }, base: { pid: false, }, timestamp: () => `,"time":"${dayjs().format()}"`, }); export default log; this is the config
thx man! can you tell something about yourself? i mean how long you have been programming, are you working as a programmer right now? what's your position/role if so
nanoid@4.0.0 was installed from yarn at the time of writing this comment. It didn't work, so I had to downgrade to match your repository with yarn upgrade nanoid@3.1.30
This is awesome!!! thank you for this lesson. One request, can we make it a full stack app i.e. can we build a frontend to consume this API? thank you once again.
@@TomDoesTech ok, thanks so much. Meanwhile, i'll like to point out that, both your terminal & your file EXPLORER cover more than half of the screen in this video, it would be nice if you minimize your terminal when not in use that way, the viewers can have a clear view of the code on the screen. Thank you, you are the best.
Hi Tom. great conent. I have learnt so much. Would you consider building out a React frontend for this, as it's always nice to produce something more visual to show as an end result
Is there a reason to use the routes function instead of express.Router()? Traditionally, I've seen the Router method used but wanted to know your thoughts. Great vid!
Hi thank you for great series. With this session/refresh token implementation should we care about stealing refresh token? Do you think that implementing refresh token rotation is overhead with your approach? Thanks
Firstly, I'm not a security expert, I'm just demonstrating concepts here so if you're working with a lot of user data, make sure you have someone who understands security in-depth look at your code. Yeah, you should be worried about someone stealing the refresh token because if they have that, they can get an access token and then have access to the system. I would spend my effort trying to prevent the token from being stolen before I spend time reducing the blast radius in the event it does get stolen. So, what I mean by that is make sure you figure out how your application could be vulnerable to XSS attacks and reduce those threats. As for rotating refresh tokens. The issue is that you have no way to invalidate the refresh token without changing the public and private key pair. A lot of large companies will rotate their keys, but getting this to work without impacting the user experience would be challenging.
I'm not sure if it's necessary to explicitly give type to the request and response on the route 2nd argument, because I'm sure that it's already inferred, CMIIW. Except if you need a specific property on the body or query.
Hey that was great work and the one I was looking for... But I couldn't figure out how to generate refresh token private / public keys? is it same as access token private / public key process or different?
I love your code. It is very well prepared and the structure is perfect. However, I would like to point out a few things. You are like rushing by not telling why you are doing what you are doing. As an example, I could not understand why would we need jwt to have two tokens. Why can't we use only one? Doesn't it bring more effort? Plus I see that we are not updating the refresh token. Also when you say "decoded = user", I never understand that kind of naming. I am not a great dev and I am only developing a backend app by looking at your code, so please correct me if necessary.
@@TomDoesTech I am developing an application. I wanted to follow your style but let me ask you this. I have watched your other video on refresh and access tokens. There are two things I wonder about, one is If users can mess with the access token, why can't they mess with refresh token? And how does it make it more secure? The second question is when I create the token, how can I give access to a specific device so that only one device will be registered? Thank you for your previous response
error TS5109: Option 'moduleResolution' must be set to 'NodeNext' (or left unspecified) when option 'module' is set to 'NodeNext'. got this error when trying to run npm run dev to run the app.ts file any help??
Don't know if you found a way or not, but for anyone else having this issue, you just need to update "module" to "NodeNext" and "moduleResolution" to "NodeNext" inside tsconfig.json
![NOSFERATU - Official Trailer [HD] - Only In Theaters December 25](http://i.ytimg.com/vi/nulvWqYUM8k/mqdefault.jpg)
Learn how to test the REST API with the next video on the series: ruclips.net/video/r5L1XRZaCR0/видео.html
Thank so much for your effort, your courses are awesome.. Can you please add video for Redis cache on this video or another built project. Thanks
Man I love you already!
@@francisabonyi7115 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
you are amazing dude, thanks a lot
@@stevechude3730 my videos are not for beginners. If you don't know hwo to set up Mongo locally, this video is not for you.
Please consider how rude you're being to people that spend hours making videos for free.
I have said it before and I will say it again. This tutorial is so good that I got an internship. However, do not just copy and paste what he did here. Take this and build on it or build something different using the practices in this tutorial, connect a frontend to show something, or integrate other things if you need. When he said "it will make any CTO weak at their knees", he was not lying. But really understand what he's trying to teach here and I know there are issues with some packages being outdated but go and research, hell, use a different tool or whatever. That's how you get good. I will never be thankful enough to him for this tutorial, I learned a great deal of stuff. Thank you man!
This advice will land you a job, guaranteed
yah 2 years ago but still gold. I'm not going to intern yet but through this tutorial, my skills have improved. I decide to watch the tutorial and then redo it by myself :D
Great. But how do users login as there no route for login
It's rare to find people who provide us with as much content as you do and even less with this quality. This video was immensely rich and I could learn a lot from it. Thanks, Tom!
This is not to take anything away from Tom and his wonderful tutorials, the one thing I have began to observe is that lesser the subscriber count the better is the quality of the tutorial. Definitely not every time but generally
This channel is gold for nodejs reactjs devs. Thanks so much such valuable content 🙂
Thankyou I got a job and this is what I am using to learn the TypeScript perspective of Express. Kudos!
I love how you _almost_ stopped yourself laughing at your CTO comment right at the beginning. Thanks for putting together what will no doubt be another excellent tutorial. Keep 'em coming.
I thought about that joke for way too long.
Migrating from js to typescript for express and I am really glad I found this! Wish I found it a little bit earlier. Would have saved me the stress of digging around for some things I know so far! Thanks a lot! You deserve a cofee!!
Can I say I absolutely love your tutorials, I am learning so much! Thank you :)
I cant believe i have access to this kinda tutorial for free....the amount of knowledge passed here is quite overwhelming.....I appreciate you so much.....your tutorial has great impact in my life...Many thanks.
Would love to see Prometheus, caddy+docker and Jest testing.
Really got into typescript watching your videos.
Please keep creating this lovely content!
I'm working on testing with Jets now, it will be out nest week, Prometheus should be quick so I will do that too :)
I also have a video about caddy + docker here: ruclips.net/video/2oNsjyaCIrI/видео.html
super high quality content! I really like that you explain things like currying on the go, i mean you don't let anything unexplained on your code, thank you.
These contents are way better and productive than other so call "paid courses". Thank you so much for your service
Appreciate that you redirected to this new and updated video.
Hey man! Outstanding value in these two hours. Thanks a lot for putting in the work. Can't wait to start the other videos in that playlist.
One quick feedback from my side:
You're kinda rushing through the tutorial and it's sometimes hard to follow in that pace. It would be great if you could explain certain things a little bit better like the overall architecture of the application and why you are doing certain things. I think it's always great to have the big picture from the beginning on.
Keep up the great work!
Thank you for the feedback. It's difficult to tell what pace the video should be because it really depends on how much experience the viewer has I think.
@@TomDoesTech Yeah I know what you mean. "Advanced" or "Beginner" is always subjective of course and a question what kind of audience you'd like to serve with your videos. More beginners or more advanced devs that might get bored out. But nonetheless, your content stays on a high quality! Thanks for your efforts, Tom.
Just exactly what I'm looking for and then there is you. I was meant to find you. Perfect timing. Thank you for this
I think this is the first time in my 'young' career that I've seen routes being handled like that. It's beautiful.
So glad you like it :)
@@TomDoesTech when i hit the healthcheck route I get an error that says "unable to connect to remote server". but the console shows app is running on the designated port
@@christopherugochukwu3517 are you using Mongo Atlas or something? What is the "remote server"?
Love your tutorials, I am a beginner with TypeScript, it helps a lot, thank you!
Great to hear!
Overal great tutorial, one improvement I would suggest is putting more attention in small mistakes you make and fix during speed-up. Followed halfway through the tutorial to get my project's template to where I feel comfortable to develop it on my own.
Huge thanks for for providing great starting point with a manageable folder structure and other methodologies!
Thank you for the feedback, that's really helpful! When I make those mistakes, I stop talking while I try figure it out so I need to learn to keep talking and explain the issue.
I agree, this is great tutorial, but you need to make sure to let us know when you’ve made a correction that been edited out. 🙏🏾 Otherwise excellent work👍🏾
You do awesome job Tom providing such a robust content for free! Would like to see another part with creating UI, handling all these sessions etc. on the client side, preferably with Redux Toolkit or Context API.
Thanks Adrian, I am working on the UI part. I'm going to keep the library use to a minimum because it could get confusing for anyone that doesn't know how that library works.
Very educative and thanks for taking time to make these production level videos. Also another tip on omitting the password from response... one can add select: false in the model level. This will automatically omit the password field or any other field with select: false.
Whoa didn't know that I can use postman like this. I always manually type my input whenever I test O_O. Yes, horrible! Thanks for this dude! Will be checking on your other videos.
Very nice structure in the project! I think I'll adapt this. Great stuff!
I love your channel and the tutorials you created. They are very helpful! It would be great if you could zoom in vscode with some software for zooming videos so it is easier to understand what's going on since I usually divide my screen in two pieces. One is the video and the other one is my IDE and when I do this, the characters from your IDE are pretty small. Overall, I love the channel and I'm very happy that you are getting more subscribers every day.
Good tutorial! A little tricky coming from more refined structured API environments to Express but made the experience as native and 'easy' as possible. Thanks!
Thank you for this awesome tutorial Tom!
Thanks for the wonderful tutorial. Please make a video on how to securely handle refresh token and access token on the frontend with react. I need this for a job please
man this was a master piece !
This is a very good and thorough explanation of how to implement TS on REST Api. Great video. I hope we will see a video on Fastify as well. Thanks Tom, for this great tutorial.
Senior dev here. Like. Senior. Anyway, I've been mucking about for a few months porting an ancient (most of you were in grammar school when line 1 was laid down) PHP project over to Node. I've got quite a good grasp on node, but as we programmers are bent to do, we strive for different, better. I've never been quite satisfied with my port of this project. I decided to scrap what I think I know, and start anew. This 2-hour video is solid gold. A great, fresh, modern approach. Well done. Great structure, great pacing. Whilst not the audience you intended for this video, I find that I am able to easily pause the video, and consider my implementation vs. yours, and adapt my system in near-realtime. Outstanding work.
I'm so glad you liked it! I think your approach is the best way to get the most out of the video. I try not to be too prescriptive in my videos. there are often better ways to do it. My goal is usually to give a suggestion and hope that the viewer pauses it and considers if they could improve on it. Thanks again for your kind words, I really appreciate it.
Thank you so much, love how clean your code looks
I love your tutorials!
I would like to see more about testing the API. Thanks
Me as well
Thank you for creating this
just one tip, use status on your tutorials ;)
forget to use 201 to create a new user, create sessions, etc
Yup, good call!
Dude you are doing God's work. Highly appriciated
Hello there! First of all, I realy love your tutorial(s).
I'd like to ask little bit deeper about session handling =>
We are making new session every time user logs in. In longer term i feel like it's lot of unnecessary data in db so my questions are =>
1) Should we reuse users preivouse session, or is that bad approach?
2) Should we keep them or would it be better to have some middleware that would once in time delete or old sessions? Or delete users preivouse session every time he logs in...?
3) Can we use them for storing history of users behavior? (Add new variable to Sessions & have some middleware that would push log that variable every time some endpoint is called from that session)
Thank you & hope you're doing well 🙂
TOM IS MVP
Great tutorial! Thanks so much.
Great video! More Express, TS, Prisma content pls!
Great video! loved to see a video on Apollo GraphQL
You are great! Please make a video with full testing and React with TS. Well, Docker too! jaja
Thanks! I am working on the testing video now :)
Thanks bro. Really nice tutorial.
If you got stuck with 403 forbidden in Postman around 3:30 in the video, set environment variables and attach the environment to the current workspace. Here's a one minute demo of me going from 403 forbidden to 200 ok by setting the environment properly: ruclips.net/video/SRX8H7OMS0c/видео.html
You have a very soothing voice
Oh wow, thank you
Great video, i really enjoy your series.
You made my day♥
Very nice. Hopefully I’ll do this tutorial in the weekend whilst practising Neovim at the same time!
Never heard of Neovim, I'm going to download it and have a play around with it.
let me know if you have any questions :)
Amazing content! keep em coming :)
thanks for this awesome content
Thank you very much for this, amazing tutorial ❤
Thank you Tom!!! Great lesson! Please make next lesson about deploying docker container on linux server!!!
Excellent tutorial, thanks a lot
Glad it was helpful!
Thank you for this tutorial, it's amazing c:!.
Awsome videos! suggestion for next video - Build a REST API with Node.js, Express, TypeScript, Prisma & Postgres.
I did something very similar to this but I used Fastify instead of Express.
@@TomDoesTech Awesone,, could you share the link pls
@@sreekumarmenon ruclips.net/video/LMoMHP44-xM/видео.html
@@TomDoesTech Thanks I like the folder structuree in that video better, controller,service,schema all in same folder grouped by feauture! question why pick zod over yup ?
@@sreekumarmenon Zod has better TS support than Yup
It would be top if you can make a new video, adding a new endpoint but this time using a TDD approach. This way, we could learn how an experienced developer writes code using TDD.
Great video tom !! Can you please make a video on how to use typeorm with this server to interact with a sql database..
Thanks, who's Tim?
@@TomDoesTech ohh sorry i mispelled tom as tim 😅
1:40:15 reIssueAccessToken is returning string or false, change the "return false" inside reIssueAccessToken to return "" , just a quick fix but can be fixed in many other ways
Great tutorial. Thanks.
Just want to send a big Thank to you, Tom. I have learned a lot from this series.
Man I love ur coding style =D
Thank you so much :)
@@TomDoesTech ur welcome =) Just one little question. When you call the createUserSessionHandler you are using the same private key for the accessToken and refreshToken. Isn't that a problem? Or are you changing that later. Cant't wait to watch the next videos of that series =D
Got what I needed !!!
thank you so much ❤️
"Make any CTO weak at the knees" 😆
One good practice
In Schema in usermodel add this field
{
...something
select:false
}
this will not return password unless we require by this method we can use less lodash
to get it use .populate("password") in the end of query
That's awesome! Thanks for the tip.
awesome. @TomDoesTech you should pin that comment. Thank you for the great tutorial
@@mattari97 It doesn't work, or at least I can see it causing issues. If you do select false, it won't show up in the validation function.
@@TomDoesTech export async function validatePassword({ email, password }: { email: string; password: string }) {
const user = await UserModel.findOne({ email }).populate("password");
if (!user) return false;
const isValid = await user.comparePassword(password);
if (!isValid) return false;
return user.depopulate("password");
}
@@TomDoesTech the problem is that you need to "populate" the password in the findOne method from "mongoose" or it's undefined in the comparePassword instance method. see the fix above.
Nice tutorial ! Suggestion for next video : Building a REST with prisma and mysql
Thank you so much for the video.
Thank You😇
Thank you so much Tom. This is excellente! What do you think about recreating this with Type-Graphql and Apollo? Seems to be a great stack for building modern graphql apps with Typescript.
Yeah, I really like TypeGraphQL and have used it a fair bit so I think I will make a tutorial on it.
If someone had problem with: 'routines: get_header_and_data: bad end line', just check if your IDE do not add extra line while saving your document. In my case, 'prettier' extension added extra spaces on the beginng of every line. After correcting that I got my token keys.
BTW. Thank You TomDoesTech for your yt tutorial ts with my node server. And your video is god blessing
Hi Tom thanks for the video. Just a question on 1:35:18 why are we checking to see if there is no "_id" field in the decoded object? wouldn't it always be there if verifyJwt returns the decoded object?
Hi Tom,
I have a request! Is it possible to divide the long video as playlist in future bcz completing this video in one go is not possible
and thanks for making this awesome video!!
Sorry but longer videos do much better. I've done a few videos where they are in parts and they do significantly worse
Thanks for a great lesson! Would be great to see a repo for the same but with sequelize/postgres instead of mongoose :) Do you maybe have anything already?
Great tutorial. Bu I have questions.
- Can you tell me how to upload files with this tutorial?
- Can we validate the file with zod?
Thank you
Hi, I watched your previous vidoe on the same, I liked this video far more than the previous, because in this session, we end user get to see and comprehend the code written, and it's not overwhelming when you explain by writing them.
I was practicing it alongside, although I am getting type errors like "module mongoose has no exported member DocuemtDefinition"
Can you please help me with that?
Also, Is there another way to use the interface instead Omitting each field individually
Liked! Subscribed! Just wondering why you use Zod instead of Joi?
Zod has better TS support and I'm more familiar with it
Thank you,
lots of mongoose type is outdated.
Is it standard to have a Service layer ? In other mvc examples, I've usually seen all those functionalities from the service layers inside the controllers. Great tutorial btw! Will be watching the unit testing in express video next in your channel .
I don't know if it's standard or now and I don't think it's useful to think about it like that. I think the question you should be asking is: "Does this make sense for my application and does it fit with the way I like to work?"
@@TomDoesTech thanks !
Please is there a reason why you were storing the user's sessions in the database? Also, can I store the user's sessions in Redis instead of the database?
It's stored in the DB so we can check that it's still valid when we go to issue a refresh token.
Storing it in Redis would is a good idea.
Hello, i have a question regarding the folder structure
What's your thought on the feature oriented structure?
(Where one would have a top level folder for Users, Products and each of those contain the corresponding controller, service and model etc)
Wouldn't that make it much easier to manage especially when your app grows in size?
I'm interested in the answer for this question as well, thanks for asking.
Hi Skia, thanks for the question. The answer to this is going to be a little long, so sorry for that.
The module approach has become really popular, especially with Nest.js using it. I think it's a great approach but not really something I use outside of Nest.js.
Firstly, it doesn't really matter what you use, just be consistent. People will choose weird hills to die on and tell you one thing is absolutely better and another, I tend to be very skeptical of opinions like that.
The module approach that you mentioned in a tip of the hat to OOP where everything is organised around object definitions. OOP isn't a paradigm that I use often, or at all outside of Next.js. I like to organise my code around functions and think more about how the data flows through the system, opposed to how objects are defined.
Lastly, this structure helps to illustrate how the data flows from the route handlers, through the controller and down to the DB, which I think it an important concept to think about and teach.
I'll also add that when it coming to maintaining large code bases, I rarely think about how the code is actually organised, as long as it's consistent. The other things that also help maintain large code bases are good tests, documentation, small and simple components, appropriate abstractions ect...
Beautiful Tutorial!!! LOVED IT!! Just one question... Why do you prefer to use the config file for variables instead of enviroment variables? Is that secure?
These 2 things aren't mutely exclusive. The con fig file has defaults which can be overwritten by env vars
Amazing video, but why don't use eslint?
If you're having problems with the pino logger config because of the deprecated prettyPrint prop
import logger from "pino";
import dayjs from "dayjs";
const log = logger({
transport: {
target: "pino-pretty",
options: { colorize: true },
},
base: {
pid: false,
},
timestamp: () => `,"time":"${dayjs().format()}"`,
});
export default log;
this is the config
THANKS BUDDY for this solution
thx man!
can you tell something about yourself? i mean how long you have been programming, are you working as a programmer right now? what's your position/role if so
I've been coding professionally for about 9 years or so. I working as full stack developer now
Your content is so amazing, please can make feature for roles and permission. thanks
nanoid@4.0.0 was installed from yarn at the time of writing this comment. It didn't work, so I had to downgrade to match your repository with yarn upgrade nanoid@3.1.30
This is awesome!!! thank you for this lesson. One request, can we make it a full stack app i.e. can we build a frontend to consume this API? thank you once again.
There is a UI part in this series if you want to check that out
@@TomDoesTech ok, thanks so much. Meanwhile, i'll like to point out that, both your terminal & your file EXPLORER cover more than half of the screen in this video, it would be nice if you minimize your terminal when not in use that way, the viewers can have a clear view of the code on the screen. Thank you, you are the best.
Hi Tom. great conent. I have learnt so much. Would you consider building out a React frontend for this, as it's always nice to produce something more visual to show as an end result
I did that video ruclips.net/video/oSz23pPBpFY/видео.html&ab_channel=TomDoesTech
Is there a reason to use the routes function instead of express.Router()? Traditionally, I've seen the Router method used but wanted to know your thoughts. Great vid!
It's just the way I'm used to doing it. I've used the express.Router() in another video
next should be test with jest and google auth please
I can't wait for that as well
The testing video is in progress. I do have a video on Google OAuth already but it's not fantastic, so I could do another one.
Amazing codding standard
Hi thank you for great series.
With this session/refresh token implementation should we care about stealing refresh token?
Do you think that implementing refresh token rotation is overhead with your approach?
Thanks
Firstly, I'm not a security expert, I'm just demonstrating concepts here so if you're working with a lot of user data, make sure you have someone who understands security in-depth look at your code.
Yeah, you should be worried about someone stealing the refresh token because if they have that, they can get an access token and then have access to the system.
I would spend my effort trying to prevent the token from being stolen before I spend time reducing the blast radius in the event it does get stolen. So, what I mean by that is make sure you figure out how your application could be vulnerable to XSS attacks and reduce those threats.
As for rotating refresh tokens. The issue is that you have no way to invalidate the refresh token without changing the public and private key pair. A lot of large companies will rotate their keys, but getting this to work without impacting the user experience would be challenging.
hey can make tutorial on api testing on postman ?
Great video! Would it be more secure to sending tokens via cookie?
I usually use cookies, if you watch the UI part of this series you'll see I use cookies
I'm not sure if it's necessary to explicitly give type to the request and response on the route 2nd argument, because I'm sure that it's already inferred, CMIIW. Except if you need a specific property on the body or query.
Hey that was great work and the one I was looking for... But I couldn't figure out how to generate refresh token private / public keys? is it same as access token private / public key process or different?
You can use the same or different keys, up to you. Probably better to use different keys but it's not that big of a deal
I love your code. It is very well prepared and the structure is perfect. However, I would like to point out a few things. You are like rushing by not telling why you are doing what you are doing.
As an example, I could not understand why would we need jwt to have two tokens. Why can't we use only one? Doesn't it bring more effort? Plus I see that we are not updating the refresh token.
Also when you say "decoded = user", I never understand that kind of naming.
I am not a great dev and I am only developing a backend app by looking at your code, so please correct me if necessary.
This tutorial is not meant for absolute beginners. If you want to understand the concepts behind refresh tokens, I have a video on that.
@@TomDoesTech I am developing an application. I wanted to follow your style but let me ask you this.
I have watched your other video on refresh and access tokens. There are two things I wonder about, one is If users can mess with the access token, why can't they mess with refresh token? And how does it make it more secure?
The second question is when I create the token, how can I give access to a specific device so that only one device will be registered?
Thank you for your previous response
i donno how its work on your video but i need to change evry query on product controller from productId to _id : productId ; great video thanks you!
_id is an id put onto the object by MongoDB. productId is something we put on there. You should be able to query by either
Why do u use a config instead of .env?
error TS5109: Option 'moduleResolution' must be set to 'NodeNext' (or left unspecified) when option 'module' is set to 'NodeNext'.
got this error when trying to run npm run dev to run the app.ts file
any help??
what did you try?
Don't know if you found a way or not, but for anyone else having this issue, you just need to update "module" to "NodeNext" and "moduleResolution" to "NodeNext" inside tsconfig.json
yes i found a way... thank you@@mladendubovac