@@stevechude3730 my videos are not for beginners. If you don't know hwo to set up Mongo locally, this video is not for you. Please consider how rude you're being to people that spend hours making videos for free.
I have said it before and I will say it again. This tutorial is so good that I got an internship. However, do not just copy and paste what he did here. Take this and build on it or build something different using the practices in this tutorial, connect a frontend to show something, or integrate other things if you need. When he said "it will make any CTO weak at their knees", he was not lying. But really understand what he's trying to teach here and I know there are issues with some packages being outdated but go and research, hell, use a different tool or whatever. That's how you get good. I will never be thankful enough to him for this tutorial, I learned a great deal of stuff. Thank you man!
yah 2 years ago but still gold. I'm not going to intern yet but through this tutorial, my skills have improved. I decide to watch the tutorial and then redo it by myself :D
It's rare to find people who provide us with as much content as you do and even less with this quality. This video was immensely rich and I could learn a lot from it. Thanks, Tom!
This is not to take anything away from Tom and his wonderful tutorials, the one thing I have began to observe is that lesser the subscriber count the better is the quality of the tutorial. Definitely not every time but generally
I cant believe i have access to this kinda tutorial for free....the amount of knowledge passed here is quite overwhelming.....I appreciate you so much.....your tutorial has great impact in my life...Many thanks.
@@TomDoesTech when i hit the healthcheck route I get an error that says "unable to connect to remote server". but the console shows app is running on the designated port
I love how you _almost_ stopped yourself laughing at your CTO comment right at the beginning. Thanks for putting together what will no doubt be another excellent tutorial. Keep 'em coming.
Migrating from js to typescript for express and I am really glad I found this! Wish I found it a little bit earlier. Would have saved me the stress of digging around for some things I know so far! Thanks a lot! You deserve a cofee!!
super high quality content! I really like that you explain things like currying on the go, i mean you don't let anything unexplained on your code, thank you.
Overal great tutorial, one improvement I would suggest is putting more attention in small mistakes you make and fix during speed-up. Followed halfway through the tutorial to get my project's template to where I feel comfortable to develop it on my own. Huge thanks for for providing great starting point with a manageable folder structure and other methodologies!
Thank you for the feedback, that's really helpful! When I make those mistakes, I stop talking while I try figure it out so I need to learn to keep talking and explain the issue.
I agree, this is great tutorial, but you need to make sure to let us know when you’ve made a correction that been edited out. 🙏🏾 Otherwise excellent work👍🏾
Would love to see Prometheus, caddy+docker and Jest testing. Really got into typescript watching your videos. Please keep creating this lovely content!
Whoa didn't know that I can use postman like this. I always manually type my input whenever I test O_O. Yes, horrible! Thanks for this dude! Will be checking on your other videos.
Hey man! Outstanding value in these two hours. Thanks a lot for putting in the work. Can't wait to start the other videos in that playlist. One quick feedback from my side: You're kinda rushing through the tutorial and it's sometimes hard to follow in that pace. It would be great if you could explain certain things a little bit better like the overall architecture of the application and why you are doing certain things. I think it's always great to have the big picture from the beginning on. Keep up the great work!
Thank you for the feedback. It's difficult to tell what pace the video should be because it really depends on how much experience the viewer has I think.
@@TomDoesTech Yeah I know what you mean. "Advanced" or "Beginner" is always subjective of course and a question what kind of audience you'd like to serve with your videos. More beginners or more advanced devs that might get bored out. But nonetheless, your content stays on a high quality! Thanks for your efforts, Tom.
Senior dev here. Like. Senior. Anyway, I've been mucking about for a few months porting an ancient (most of you were in grammar school when line 1 was laid down) PHP project over to Node. I've got quite a good grasp on node, but as we programmers are bent to do, we strive for different, better. I've never been quite satisfied with my port of this project. I decided to scrap what I think I know, and start anew. This 2-hour video is solid gold. A great, fresh, modern approach. Well done. Great structure, great pacing. Whilst not the audience you intended for this video, I find that I am able to easily pause the video, and consider my implementation vs. yours, and adapt my system in near-realtime. Outstanding work.
I'm so glad you liked it! I think your approach is the best way to get the most out of the video. I try not to be too prescriptive in my videos. there are often better ways to do it. My goal is usually to give a suggestion and hope that the viewer pauses it and considers if they could improve on it. Thanks again for your kind words, I really appreciate it.
Very educative and thanks for taking time to make these production level videos. Also another tip on omitting the password from response... one can add select: false in the model level. This will automatically omit the password field or any other field with select: false.
You do awesome job Tom providing such a robust content for free! Would like to see another part with creating UI, handling all these sessions etc. on the client side, preferably with Redux Toolkit or Context API.
Thanks Adrian, I am working on the UI part. I'm going to keep the library use to a minimum because it could get confusing for anyone that doesn't know how that library works.
If you're having problems with the pino logger config because of the deprecated prettyPrint prop import logger from "pino"; import dayjs from "dayjs"; const log = logger({ transport: { target: "pino-pretty", options: { colorize: true }, }, base: { pid: false, }, timestamp: () => `,"time":"${dayjs().format()}"`, }); export default log; this is the config
Also, I hate that pino-pretty removes the date from the timestamp, so do something like: translateTime: "SYS:mm-dd-yyyy hh:mm:ss.l TT" in the "options" object if you want the date left in your timestamp. Also, in the solution by Matiast9477, you're basically telling Pino to use pino-pretty as a module, it's a different library, so you need to install pino-pretty into your project to make full use of it.
I love your channel and the tutorials you created. They are very helpful! It would be great if you could zoom in vscode with some software for zooming videos so it is easier to understand what's going on since I usually divide my screen in two pieces. One is the video and the other one is my IDE and when I do this, the characters from your IDE are pretty small. Overall, I love the channel and I'm very happy that you are getting more subscribers every day.
Thanks for the wonderful tutorial. Please make a video on how to securely handle refresh token and access token on the frontend with react. I need this for a job please
Good tutorial! A little tricky coming from more refined structured API environments to Express but made the experience as native and 'easy' as possible. Thanks!
One good practice In Schema in usermodel add this field { ...something select:false } this will not return password unless we require by this method we can use less lodash to get it use .populate("password") in the end of query
@@TomDoesTech the problem is that you need to "populate" the password in the findOne method from "mongoose" or it's undefined in the comparePassword instance method. see the fix above.
1:40:15 reIssueAccessToken is returning string or false, change the "return false" inside reIssueAccessToken to return "" , just a quick fix but can be fixed in many other ways
If you got stuck with 403 forbidden in Postman around 3:30 in the video, set environment variables and attach the environment to the current workspace. Here's a one minute demo of me going from 403 forbidden to 200 ok by setting the environment properly: ruclips.net/video/SRX8H7OMS0c/видео.html
This is a very good and thorough explanation of how to implement TS on REST Api. Great video. I hope we will see a video on Fastify as well. Thanks Tom, for this great tutorial.
It would be top if you can make a new video, adding a new endpoint but this time using a TDD approach. This way, we could learn how an experienced developer writes code using TDD.
Hello there! First of all, I realy love your tutorial(s). I'd like to ask little bit deeper about session handling => We are making new session every time user logs in. In longer term i feel like it's lot of unnecessary data in db so my questions are => 1) Should we reuse users preivouse session, or is that bad approach? 2) Should we keep them or would it be better to have some middleware that would once in time delete or old sessions? Or delete users preivouse session every time he logs in...? 3) Can we use them for storing history of users behavior? (Add new variable to Sessions & have some middleware that would push log that variable every time some endpoint is called from that session) Thank you & hope you're doing well 🙂
@@TomDoesTech Thanks I like the folder structuree in that video better, controller,service,schema all in same folder grouped by feauture! question why pick zod over yup ?
Hello, i have a question regarding the folder structure What's your thought on the feature oriented structure? (Where one would have a top level folder for Users, Products and each of those contain the corresponding controller, service and model etc) Wouldn't that make it much easier to manage especially when your app grows in size?
Hi Skia, thanks for the question. The answer to this is going to be a little long, so sorry for that. The module approach has become really popular, especially with Nest.js using it. I think it's a great approach but not really something I use outside of Nest.js. Firstly, it doesn't really matter what you use, just be consistent. People will choose weird hills to die on and tell you one thing is absolutely better and another, I tend to be very skeptical of opinions like that. The module approach that you mentioned in a tip of the hat to OOP where everything is organised around object definitions. OOP isn't a paradigm that I use often, or at all outside of Next.js. I like to organise my code around functions and think more about how the data flows through the system, opposed to how objects are defined. Lastly, this structure helps to illustrate how the data flows from the route handlers, through the controller and down to the DB, which I think it an important concept to think about and teach.
I'll also add that when it coming to maintaining large code bases, I rarely think about how the code is actually organised, as long as it's consistent. The other things that also help maintain large code bases are good tests, documentation, small and simple components, appropriate abstractions ect...
@@TomDoesTech ur welcome =) Just one little question. When you call the createUserSessionHandler you are using the same private key for the accessToken and refreshToken. Isn't that a problem? Or are you changing that later. Cant't wait to watch the next videos of that series =D
Hi Tom thanks for the video. Just a question on 1:35:18 why are we checking to see if there is no "_id" field in the decoded object? wouldn't it always be there if verifyJwt returns the decoded object?
Beautiful Tutorial!!! LOVED IT!! Just one question... Why do you prefer to use the config file for variables instead of enviroment variables? Is that secure?
Thank you so much Tom. This is excellente! What do you think about recreating this with Type-Graphql and Apollo? Seems to be a great stack for building modern graphql apps with Typescript.
Hi thank you for great series. With this session/refresh token implementation should we care about stealing refresh token? Do you think that implementing refresh token rotation is overhead with your approach? Thanks
Firstly, I'm not a security expert, I'm just demonstrating concepts here so if you're working with a lot of user data, make sure you have someone who understands security in-depth look at your code. Yeah, you should be worried about someone stealing the refresh token because if they have that, they can get an access token and then have access to the system. I would spend my effort trying to prevent the token from being stolen before I spend time reducing the blast radius in the event it does get stolen. So, what I mean by that is make sure you figure out how your application could be vulnerable to XSS attacks and reduce those threats. As for rotating refresh tokens. The issue is that you have no way to invalidate the refresh token without changing the public and private key pair. A lot of large companies will rotate their keys, but getting this to work without impacting the user experience would be challenging.
Is there a reason to use the routes function instead of express.Router()? Traditionally, I've seen the Router method used but wanted to know your thoughts. Great vid!
If someone had problem with: 'routines: get_header_and_data: bad end line', just check if your IDE do not add extra line while saving your document. In my case, 'prettier' extension added extra spaces on the beginng of every line. After correcting that I got my token keys. BTW. Thank You TomDoesTech for your yt tutorial ts with my node server. And your video is god blessing
Hi Tom, I have a request! Is it possible to divide the long video as playlist in future bcz completing this video in one go is not possible and thanks for making this awesome video!!
Is it standard to have a Service layer ? In other mvc examples, I've usually seen all those functionalities from the service layers inside the controllers. Great tutorial btw! Will be watching the unit testing in express video next in your channel .
I don't know if it's standard or now and I don't think it's useful to think about it like that. I think the question you should be asking is: "Does this make sense for my application and does it fit with the way I like to work?"
Hi, I watched your previous vidoe on the same, I liked this video far more than the previous, because in this session, we end user get to see and comprehend the code written, and it's not overwhelming when you explain by writing them. I was practicing it alongside, although I am getting type errors like "module mongoose has no exported member DocuemtDefinition" Can you please help me with that? Also, Is there another way to use the interface instead Omitting each field individually
thx man! can you tell something about yourself? i mean how long you have been programming, are you working as a programmer right now? what's your position/role if so
Can anyone please explain what is the meaning of "req: Request" in the user.controller.ts file? Or maybe point me to the doc of the API. I'm new to Typescript and never saw someone modify the Express Request type.
Hey that was great work and the one I was looking for... But I couldn't figure out how to generate refresh token private / public keys? is it same as access token private / public key process or different?
Thanks for a great lesson! Would be great to see a repo for the same but with sequelize/postgres instead of mongoose :) Do you maybe have anything already?
export async function createProductHandler( req: Request, res: Response) {} Where can i read more about this filtering the request? I would like to understand more about this?
I'm not sure if it's necessary to explicitly give type to the request and response on the route 2nd argument, because I'm sure that it's already inferred, CMIIW. Except if you need a specific property on the body or query.
Hey Tom, great tutorial. At 1:32:19 after updating the session to valid: false; shouldn't the get request to fetch all sessions return a 403 unauthorized error, as we just invalidated the current session to be false, and there is a requireUser Middleware on that route, and deserializeUser fetches the accessToken(which is supposed to be invalid now?)
@@TomDoesTech But I doesn't in the video. We are still able to get Sessions. I assume that when we consume the API on the frontend, there'll be a method of invalidating the accessToken to circumvent it.
Please is there a reason why you were storing the user's sessions in the database? Also, can I store the user's sessions in Redis instead of the database?
Anyone who wants to debug this program can add this script to their package.json: "dev:debug": "ts-node-dev --respawn --transpile-only --inspect=9229 src/app.ts" Run with `yarn dev:debug` And in your project's root dir add ./.vscode/launch.json and add the following configuration: { "configurations": [ { "name": "Attach to dev:debug (w/ restart)", "port": 9229, "request": "attach", "skipFiles": [ "/**", "node_modules/**" ], "type": "node", "cwd": "${workspaceFolder}", "restart": true } ] } Launch it from the dropdown on the debug panel. Should restart the debug hook when the server restarts on changes.
What are we supposed to set as accessTokenPrivateKey, accessTokenPublicKey, refreshTokenPrivateKey and refreshTokenPublicKey in the config/default.ts? I keep getting an error saying Configuration property "mykey" is not defined
"prettyPrint" gives me an error that it does not exist, also if anyone has error for 'moduleResoluion' before adding tsconfig.json you should create that file and put this in compilerOptions: "module": "NodeNext", "moduleResolution": "NodeNext"...
Hey Tom, I keep getting this error when I run the Create Session Request from Postman despite using this resource you linked in a comment below for generating keys. I've already tried generating different key sizes Error: secretOrPrivateKey must be an asymmetric key when using RS256
I realized my mistake. I needed to push my public and private keys all the way to the left margin of the code editor. No indents allowed (Not even formatting Indentations). Also you need to generate RSA Keys of 2048 bit size . GOODLUCK
This is awesome!!! thank you for this lesson. One request, can we make it a full stack app i.e. can we build a frontend to consume this API? thank you once again.
@@TomDoesTech ok, thanks so much. Meanwhile, i'll like to point out that, both your terminal & your file EXPLORER cover more than half of the screen in this video, it would be nice if you minimize your terminal when not in use that way, the viewers can have a clear view of the code on the screen. Thank you, you are the best.
nanoid@4.0.0 was installed from yarn at the time of writing this comment. It didn't work, so I had to downgrade to match your repository with yarn upgrade nanoid@3.1.30
Thank you a lot, TomDoes. Please check this (in session.controller): const session = await createSession(user._id, req.get('user-agent') || ''). The first param of createSession is a string type, but here _id is an autoID (I think it is). And nanoid added but not used.
you can convert the code. return omit(user.toJSON(), "password") into return omit(user.toObject(), "password") in user.service.ts. I applied this solution and error gone
![Megan Thee Stallion - Roc Steady (feat. Flo Milli) [Official Video]](http://i.ytimg.com/vi/HozPPyqW0dY/mqdefault.jpg)
Learn how to test the REST API with the next video on the series: ruclips.net/video/r5L1XRZaCR0/видео.html
Thank so much for your effort, your courses are awesome.. Can you please add video for Redis cache on this video or another built project. Thanks
Man I love you already!
@@francisabonyi7115 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
you are amazing dude, thanks a lot
@@stevechude3730 my videos are not for beginners. If you don't know hwo to set up Mongo locally, this video is not for you.
Please consider how rude you're being to people that spend hours making videos for free.
I have said it before and I will say it again. This tutorial is so good that I got an internship. However, do not just copy and paste what he did here. Take this and build on it or build something different using the practices in this tutorial, connect a frontend to show something, or integrate other things if you need. When he said "it will make any CTO weak at their knees", he was not lying. But really understand what he's trying to teach here and I know there are issues with some packages being outdated but go and research, hell, use a different tool or whatever. That's how you get good. I will never be thankful enough to him for this tutorial, I learned a great deal of stuff. Thank you man!
This advice will land you a job, guaranteed
yah 2 years ago but still gold. I'm not going to intern yet but through this tutorial, my skills have improved. I decide to watch the tutorial and then redo it by myself :D
Great. But how do users login as there no route for login
It's rare to find people who provide us with as much content as you do and even less with this quality. This video was immensely rich and I could learn a lot from it. Thanks, Tom!
This is not to take anything away from Tom and his wonderful tutorials, the one thing I have began to observe is that lesser the subscriber count the better is the quality of the tutorial. Definitely not every time but generally
This channel is gold for nodejs reactjs devs. Thanks so much such valuable content 🙂
Thankyou I got a job and this is what I am using to learn the TypeScript perspective of Express. Kudos!
I cant believe i have access to this kinda tutorial for free....the amount of knowledge passed here is quite overwhelming.....I appreciate you so much.....your tutorial has great impact in my life...Many thanks.
I think this is the first time in my 'young' career that I've seen routes being handled like that. It's beautiful.
So glad you like it :)
@@TomDoesTech when i hit the healthcheck route I get an error that says "unable to connect to remote server". but the console shows app is running on the designated port
@@christopherugochukwu3517 are you using Mongo Atlas or something? What is the "remote server"?
These contents are way better and productive than other so call "paid courses". Thank you so much for your service
I love how you _almost_ stopped yourself laughing at your CTO comment right at the beginning. Thanks for putting together what will no doubt be another excellent tutorial. Keep 'em coming.
I thought about that joke for way too long.
Migrating from js to typescript for express and I am really glad I found this! Wish I found it a little bit earlier. Would have saved me the stress of digging around for some things I know so far! Thanks a lot! You deserve a cofee!!
super high quality content! I really like that you explain things like currying on the go, i mean you don't let anything unexplained on your code, thank you.
Just exactly what I'm looking for and then there is you. I was meant to find you. Perfect timing. Thank you for this
Appreciate that you redirected to this new and updated video.
Overal great tutorial, one improvement I would suggest is putting more attention in small mistakes you make and fix during speed-up. Followed halfway through the tutorial to get my project's template to where I feel comfortable to develop it on my own.
Huge thanks for for providing great starting point with a manageable folder structure and other methodologies!
Thank you for the feedback, that's really helpful! When I make those mistakes, I stop talking while I try figure it out so I need to learn to keep talking and explain the issue.
I agree, this is great tutorial, but you need to make sure to let us know when you’ve made a correction that been edited out. 🙏🏾 Otherwise excellent work👍🏾
Can I say I absolutely love your tutorials, I am learning so much! Thank you :)
Would love to see Prometheus, caddy+docker and Jest testing.
Really got into typescript watching your videos.
Please keep creating this lovely content!
I'm working on testing with Jets now, it will be out nest week, Prometheus should be quick so I will do that too :)
I also have a video about caddy + docker here: ruclips.net/video/2oNsjyaCIrI/видео.html
Whoa didn't know that I can use postman like this. I always manually type my input whenever I test O_O. Yes, horrible! Thanks for this dude! Will be checking on your other videos.
Hey man! Outstanding value in these two hours. Thanks a lot for putting in the work. Can't wait to start the other videos in that playlist.
One quick feedback from my side:
You're kinda rushing through the tutorial and it's sometimes hard to follow in that pace. It would be great if you could explain certain things a little bit better like the overall architecture of the application and why you are doing certain things. I think it's always great to have the big picture from the beginning on.
Keep up the great work!
Thank you for the feedback. It's difficult to tell what pace the video should be because it really depends on how much experience the viewer has I think.
@@TomDoesTech Yeah I know what you mean. "Advanced" or "Beginner" is always subjective of course and a question what kind of audience you'd like to serve with your videos. More beginners or more advanced devs that might get bored out. But nonetheless, your content stays on a high quality! Thanks for your efforts, Tom.
Senior dev here. Like. Senior. Anyway, I've been mucking about for a few months porting an ancient (most of you were in grammar school when line 1 was laid down) PHP project over to Node. I've got quite a good grasp on node, but as we programmers are bent to do, we strive for different, better. I've never been quite satisfied with my port of this project. I decided to scrap what I think I know, and start anew. This 2-hour video is solid gold. A great, fresh, modern approach. Well done. Great structure, great pacing. Whilst not the audience you intended for this video, I find that I am able to easily pause the video, and consider my implementation vs. yours, and adapt my system in near-realtime. Outstanding work.
I'm so glad you liked it! I think your approach is the best way to get the most out of the video. I try not to be too prescriptive in my videos. there are often better ways to do it. My goal is usually to give a suggestion and hope that the viewer pauses it and considers if they could improve on it. Thanks again for your kind words, I really appreciate it.
Love your tutorials, I am a beginner with TypeScript, it helps a lot, thank you!
Great to hear!
Very educative and thanks for taking time to make these production level videos. Also another tip on omitting the password from response... one can add select: false in the model level. This will automatically omit the password field or any other field with select: false.
You do awesome job Tom providing such a robust content for free! Would like to see another part with creating UI, handling all these sessions etc. on the client side, preferably with Redux Toolkit or Context API.
Thanks Adrian, I am working on the UI part. I'm going to keep the library use to a minimum because it could get confusing for anyone that doesn't know how that library works.
just one tip, use status on your tutorials ;)
forget to use 201 to create a new user, create sessions, etc
Yup, good call!
If you're having problems with the pino logger config because of the deprecated prettyPrint prop
import logger from "pino";
import dayjs from "dayjs";
const log = logger({
transport: {
target: "pino-pretty",
options: { colorize: true },
},
base: {
pid: false,
},
timestamp: () => `,"time":"${dayjs().format()}"`,
});
export default log;
this is the config
THANKS BUDDY for this solution
Also, I hate that pino-pretty removes the date from the timestamp, so do something like:
translateTime: "SYS:mm-dd-yyyy hh:mm:ss.l TT"
in the "options" object if you want the date left in your timestamp. Also, in the solution by Matiast9477, you're basically telling Pino to use pino-pretty as a module, it's a different library, so you need to install pino-pretty into your project to make full use of it.
Very nice structure in the project! I think I'll adapt this. Great stuff!
Dude you are doing God's work. Highly appriciated
I love your channel and the tutorials you created. They are very helpful! It would be great if you could zoom in vscode with some software for zooming videos so it is easier to understand what's going on since I usually divide my screen in two pieces. One is the video and the other one is my IDE and when I do this, the characters from your IDE are pretty small. Overall, I love the channel and I'm very happy that you are getting more subscribers every day.
Thanks for the wonderful tutorial. Please make a video on how to securely handle refresh token and access token on the frontend with react. I need this for a job please
I would like to see more about testing the API. Thanks
Me as well
Good tutorial! A little tricky coming from more refined structured API environments to Express but made the experience as native and 'easy' as possible. Thanks!
Great video! More Express, TS, Prisma content pls!
Thank you for this awesome tutorial Tom!
One good practice
In Schema in usermodel add this field
{
...something
select:false
}
this will not return password unless we require by this method we can use less lodash
to get it use .populate("password") in the end of query
That's awesome! Thanks for the tip.
awesome. @TomDoesTech you should pin that comment. Thank you for the great tutorial
@@mattari97 It doesn't work, or at least I can see it causing issues. If you do select false, it won't show up in the validation function.
@@TomDoesTech export async function validatePassword({ email, password }: { email: string; password: string }) {
const user = await UserModel.findOne({ email }).populate("password");
if (!user) return false;
const isValid = await user.comparePassword(password);
if (!isValid) return false;
return user.depopulate("password");
}
@@TomDoesTech the problem is that you need to "populate" the password in the findOne method from "mongoose" or it's undefined in the comparePassword instance method. see the fix above.
1:40:15 reIssueAccessToken is returning string or false, change the "return false" inside reIssueAccessToken to return "" , just a quick fix but can be fixed in many other ways
If you got stuck with 403 forbidden in Postman around 3:30 in the video, set environment variables and attach the environment to the current workspace. Here's a one minute demo of me going from 403 forbidden to 200 ok by setting the environment properly: ruclips.net/video/SRX8H7OMS0c/видео.html
This is a very good and thorough explanation of how to implement TS on REST Api. Great video. I hope we will see a video on Fastify as well. Thanks Tom, for this great tutorial.
It would be top if you can make a new video, adding a new endpoint but this time using a TDD approach. This way, we could learn how an experienced developer writes code using TDD.
Hello there! First of all, I realy love your tutorial(s).
I'd like to ask little bit deeper about session handling =>
We are making new session every time user logs in. In longer term i feel like it's lot of unnecessary data in db so my questions are =>
1) Should we reuse users preivouse session, or is that bad approach?
2) Should we keep them or would it be better to have some middleware that would once in time delete or old sessions? Or delete users preivouse session every time he logs in...?
3) Can we use them for storing history of users behavior? (Add new variable to Sessions & have some middleware that would push log that variable every time some endpoint is called from that session)
Thank you & hope you're doing well 🙂
You are great! Please make a video with full testing and React with TS. Well, Docker too! jaja
Thanks! I am working on the testing video now :)
Thank you so much, love how clean your code looks
man this was a master piece !
Very nice. Hopefully I’ll do this tutorial in the weekend whilst practising Neovim at the same time!
Never heard of Neovim, I'm going to download it and have a play around with it.
let me know if you have any questions :)
Awsome videos! suggestion for next video - Build a REST API with Node.js, Express, TypeScript, Prisma & Postgres.
I did something very similar to this but I used Fastify instead of Express.
@@TomDoesTech Awesone,, could you share the link pls
@@sreekumarmenon ruclips.net/video/LMoMHP44-xM/видео.html
@@TomDoesTech Thanks I like the folder structuree in that video better, controller,service,schema all in same folder grouped by feauture! question why pick zod over yup ?
@@sreekumarmenon Zod has better TS support than Yup
I love your tutorials!
Hello, i have a question regarding the folder structure
What's your thought on the feature oriented structure?
(Where one would have a top level folder for Users, Products and each of those contain the corresponding controller, service and model etc)
Wouldn't that make it much easier to manage especially when your app grows in size?
I'm interested in the answer for this question as well, thanks for asking.
Hi Skia, thanks for the question. The answer to this is going to be a little long, so sorry for that.
The module approach has become really popular, especially with Nest.js using it. I think it's a great approach but not really something I use outside of Nest.js.
Firstly, it doesn't really matter what you use, just be consistent. People will choose weird hills to die on and tell you one thing is absolutely better and another, I tend to be very skeptical of opinions like that.
The module approach that you mentioned in a tip of the hat to OOP where everything is organised around object definitions. OOP isn't a paradigm that I use often, or at all outside of Next.js. I like to organise my code around functions and think more about how the data flows through the system, opposed to how objects are defined.
Lastly, this structure helps to illustrate how the data flows from the route handlers, through the controller and down to the DB, which I think it an important concept to think about and teach.
I'll also add that when it coming to maintaining large code bases, I rarely think about how the code is actually organised, as long as it's consistent. The other things that also help maintain large code bases are good tests, documentation, small and simple components, appropriate abstractions ect...
Thank you for creating this
Man I love ur coding style =D
Thank you so much :)
@@TomDoesTech ur welcome =) Just one little question. When you call the createUserSessionHandler you are using the same private key for the accessToken and refreshToken. Isn't that a problem? Or are you changing that later. Cant't wait to watch the next videos of that series =D
You have a very soothing voice
Oh wow, thank you
Great tutorial! Thanks so much.
Thank you Tom!!! Great lesson! Please make next lesson about deploying docker container on linux server!!!
Thanks bro. Really nice tutorial.
Hi Tom thanks for the video. Just a question on 1:35:18 why are we checking to see if there is no "_id" field in the decoded object? wouldn't it always be there if verifyJwt returns the decoded object?
Thank you for this tutorial, it's amazing c:!.
Amazing content! keep em coming :)
Beautiful Tutorial!!! LOVED IT!! Just one question... Why do you prefer to use the config file for variables instead of enviroment variables? Is that secure?
These 2 things aren't mutely exclusive. The con fig file has defaults which can be overwritten by env vars
Great video! loved to see a video on Apollo GraphQL
Nice tutorial ! Suggestion for next video : Building a REST with prisma and mysql
"Make any CTO weak at the knees" 😆
Thank you so much Tom. This is excellente! What do you think about recreating this with Type-Graphql and Apollo? Seems to be a great stack for building modern graphql apps with Typescript.
Yeah, I really like TypeGraphQL and have used it a fair bit so I think I will make a tutorial on it.
Great video tom !! Can you please make a video on how to use typeorm with this server to interact with a sql database..
Thanks, who's Tim?
@@TomDoesTech ohh sorry i mispelled tom as tim 😅
TOM IS MVP
Hi thank you for great series.
With this session/refresh token implementation should we care about stealing refresh token?
Do you think that implementing refresh token rotation is overhead with your approach?
Thanks
Firstly, I'm not a security expert, I'm just demonstrating concepts here so if you're working with a lot of user data, make sure you have someone who understands security in-depth look at your code.
Yeah, you should be worried about someone stealing the refresh token because if they have that, they can get an access token and then have access to the system.
I would spend my effort trying to prevent the token from being stolen before I spend time reducing the blast radius in the event it does get stolen. So, what I mean by that is make sure you figure out how your application could be vulnerable to XSS attacks and reduce those threats.
As for rotating refresh tokens. The issue is that you have no way to invalidate the refresh token without changing the public and private key pair. A lot of large companies will rotate their keys, but getting this to work without impacting the user experience would be challenging.
Great video, i really enjoy your series.
Is there a reason to use the routes function instead of express.Router()? Traditionally, I've seen the Router method used but wanted to know your thoughts. Great vid!
It's just the way I'm used to doing it. I've used the express.Router() in another video
Great tutorial. Bu I have questions.
- Can you tell me how to upload files with this tutorial?
- Can we validate the file with zod?
Thank you
Thank you very much for this, amazing tutorial ❤
If someone had problem with: 'routines: get_header_and_data: bad end line', just check if your IDE do not add extra line while saving your document. In my case, 'prettier' extension added extra spaces on the beginng of every line. After correcting that I got my token keys.
BTW. Thank You TomDoesTech for your yt tutorial ts with my node server. And your video is god blessing
Liked! Subscribed! Just wondering why you use Zod instead of Joi?
Zod has better TS support and I'm more familiar with it
Hi Tom,
I have a request! Is it possible to divide the long video as playlist in future bcz completing this video in one go is not possible
and thanks for making this awesome video!!
Sorry but longer videos do much better. I've done a few videos where they are in parts and they do significantly worse
Is it standard to have a Service layer ? In other mvc examples, I've usually seen all those functionalities from the service layers inside the controllers. Great tutorial btw! Will be watching the unit testing in express video next in your channel .
I don't know if it's standard or now and I don't think it's useful to think about it like that. I think the question you should be asking is: "Does this make sense for my application and does it fit with the way I like to work?"
@@TomDoesTech thanks !
You made my day♥
Excellent tutorial, thanks a lot
Glad it was helpful!
thanks for this awesome content
Hi, I watched your previous vidoe on the same, I liked this video far more than the previous, because in this session, we end user get to see and comprehend the code written, and it's not overwhelming when you explain by writing them.
I was practicing it alongside, although I am getting type errors like "module mongoose has no exported member DocuemtDefinition"
Can you please help me with that?
Also, Is there another way to use the interface instead Omitting each field individually
thx man!
can you tell something about yourself? i mean how long you have been programming, are you working as a programmer right now? what's your position/role if so
I've been coding professionally for about 9 years or so. I working as full stack developer now
Amazing video, but why don't use eslint?
[ @1:20:39 of your video] Hi Tom, what's the difference in storing your user object in res.locals.user and req.user?
Can anyone please explain what is the meaning of "req: Request" in the user.controller.ts file? Or maybe point me to the doc of the API. I'm new to Typescript and never saw someone modify the Express Request type.
It means you're telling express what you expect in the request body
@@TomDoesTech Oh okay. I get it. Thankyou for the response from Indonesia!
Hey that was great work and the one I was looking for... But I couldn't figure out how to generate refresh token private / public keys? is it same as access token private / public key process or different?
You can use the same or different keys, up to you. Probably better to use different keys but it's not that big of a deal
Thanks for a great lesson! Would be great to see a repo for the same but with sequelize/postgres instead of mongoose :) Do you maybe have anything already?
export async function createProductHandler(
req: Request,
res: Response)
{}
Where can i read more about this filtering the request? I would like to understand more about this?
I'm not sure if it's necessary to explicitly give type to the request and response on the route 2nd argument, because I'm sure that it's already inferred, CMIIW. Except if you need a specific property on the body or query.
Can't prettify timestamp with pino-pretty . Please share some resources for newer version
you can use pino-pretty
If anyone else gets the *PinoWarning: prettyprint is deprecated* error use this code instead of the logger
```
const transport = pino.transport({
target:'pino-pretty',
options: { colorize: true}
})
const log = pino({
base: {
pid: false
},
timestamp: () => `,"time":"${dayjs().format()}"`
}, transport );
export default log
```
Thanks man. Saved me some minutes.
thanks man
Hey Tom, great tutorial. At 1:32:19 after updating the session to valid: false; shouldn't the get request to fetch all sessions return a 403 unauthorized error, as we just invalidated the current session to be false, and there is a requireUser Middleware on that route, and deserializeUser fetches the accessToken(which is supposed to be invalid now?)
yeah
@@TomDoesTech But I doesn't in the video. We are still able to get Sessions. I assume that when we consume the API on the frontend, there'll be a method of invalidating the accessToken to circumvent it.
Please is there a reason why you were storing the user's sessions in the database? Also, can I store the user's sessions in Redis instead of the database?
It's stored in the DB so we can check that it's still valid when we go to issue a refresh token.
Storing it in Redis would is a good idea.
Anyone who wants to debug this program can add this script to their package.json:
"dev:debug": "ts-node-dev --respawn --transpile-only --inspect=9229 src/app.ts"
Run with `yarn dev:debug`
And in your project's root dir add ./.vscode/launch.json and add the following configuration:
{
"configurations": [
{
"name": "Attach to dev:debug (w/ restart)",
"port": 9229,
"request": "attach",
"skipFiles": [
"/**",
"node_modules/**"
],
"type": "node",
"cwd": "${workspaceFolder}",
"restart": true
}
]
}
Launch it from the dropdown on the debug panel. Should restart the debug hook when the server restarts on changes.
May I know what is the purpose of the deserializeUser function? What is it trying to do/achieve? Why do we need it?
It converts a JWT into a user object and attaches it to the request object so it's usable for the rest of the request
Question. Instead of config file, why you dis not used .env?
I put secrets in a .env file, otherwise it's convenient to have defaults hard-coded
@@TomDoesTech aaa. I understand. Thank you for the video. Learning something new.
Thank you so much for the video.
Great video! Would it be more secure to sending tokens via cookie?
I usually use cookies, if you watch the UI part of this series you'll see I use cookies
thank you so much ❤️
Got what I needed !!!
What are we supposed to set as accessTokenPrivateKey, accessTokenPublicKey, refreshTokenPrivateKey and refreshTokenPublicKey in the config/default.ts? I keep getting an error saying Configuration property "mykey" is not defined
"prettyPrint" gives me an error that it does not exist, also if anyone has error for 'moduleResoluion' before adding tsconfig.json you should create that file and put this in compilerOptions: "module": "NodeNext", "moduleResolution": "NodeNext"...
Hey Tom, I keep getting this error when I run the Create Session Request from Postman despite using this resource you linked in a comment below for generating keys. I've already tried generating different key sizes
Error: secretOrPrivateKey must be an asymmetric key when using RS256
I realized my mistake. I needed to push my public and private keys all the way to the left margin of the code editor. No indents allowed (Not even formatting Indentations). Also you need to generate RSA Keys of 2048 bit size . GOODLUCK
Me too@@jessejulian9069, I have this problem too and still stacking with this issue.
This is awesome!!! thank you for this lesson. One request, can we make it a full stack app i.e. can we build a frontend to consume this API? thank you once again.
There is a UI part in this series if you want to check that out
@@TomDoesTech ok, thanks so much. Meanwhile, i'll like to point out that, both your terminal & your file EXPLORER cover more than half of the screen in this video, it would be nice if you minimize your terminal when not in use that way, the viewers can have a clear view of the code on the screen. Thank you, you are the best.
nanoid@4.0.0 was installed from yarn at the time of writing this comment. It didn't work, so I had to downgrade to match your repository with yarn upgrade nanoid@3.1.30
Thank you a lot, TomDoes. Please check this (in session.controller): const session = await createSession(user._id, req.get('user-agent') || ''). The first param of createSession is a string type, but here _id is an autoID (I think it is). And nanoid added but not used.
you can convert the code. return omit(user.toJSON(), "password") into return omit(user.toObject(), "password") in user.service.ts. I applied this solution and error gone
@@beratdinckan5585 But can you get the tokens at postman?
hello I in 40:07 minute I face this error: Module '"mongoose"' has no exported member 'DocumentDefinition'.ts(2305)
any help pls?
Hi Raouf, I created a video showing how to fix this issue: ruclips.net/video/5-1KuU-21uI/видео.html