Authentication in Node.js - #4 Registration

Поделиться
HTML-код
  • Опубликовано: 13 дек 2024

Комментарии • 33

  • @williamticky181
    @williamticky181 4 года назад +2

    Damn... My head almost exploded because I tryed to understand how the heck a middleware (express-session) can set a header (Set-Cookies) in a router (register) while that middleware has been defined BEFORE our router.
    After 45 mins of digging into express-session source code, I found it(express-session) uses a library called "on-header" which create listenners which are executed when a response is about to write headers; a kind of interceptor (for angular people).
    In fact, the only way to succeed in it withouth using the previous method, would have been to use a middleware after the definition of our routes, and it will force us to call the nextFunction in every route/router.
    Well, that's a BIT tricky...

  • @raul-isaacmendez-vasquez8775
    @raul-isaacmendez-vasquez8775 Год назад

    Alex you are a great developer. Congrats!

  • @joaquindiaz3396
    @joaquindiaz3396 4 года назад +1

    your hairstyle is like a closed curly bracket ❤️

  • @codenx2
    @codenx2 4 года назад

    You have the best content in the whole youtube. Please don't stop producing it. I am still waiting for you to continue the GraphQL course. I will be happy see you at udemy. too.

    • @CodeRealm
      @CodeRealm  4 года назад +5

      Thanks a lot, I appreciate that. Currently going through tumultuous times in my personal life (yet again), but this channel is a long-term investment, and I'll never stop producing content one way or another. Always happy to share new things I learn.

  • @Abhishekkumar-vf8qe
    @Abhishekkumar-vf8qe 4 года назад

    very useful topic and great explanation

  • @laki2608
    @laki2608 4 года назад +1

    Thank you for the amazing content, the best course I have ever seen...

  • @hry2203
    @hry2203 5 лет назад +4

    I wonder from where and how you got so much knowledge ....

    • @CodeRealm
      @CodeRealm  5 лет назад +8

      Working in the industry for a few years. I'm not even at the level of a library maintainer or a core engineer. Just an amateur

  • @srikantht890
    @srikantht890 4 года назад

    will in-memory session store using connect mongo work across multiple backend instances ?

  • @zerefdev
    @zerefdev 3 года назад

    I want to point out that you have to use the data returned from the validateAsync function instead of req.body

  • @johncerpa3782
    @johncerpa3782 4 года назад

    Thank you for making these videos !!

  • @maykbrito
    @maykbrito 5 лет назад +1

    tks

  • @javapro8954
    @javapro8954 5 лет назад +5

    Pro level content, as always.
    Thanks a lot brother for sharing your knowledge.
    wish u used react as frontend..

  • @aziaev
    @aziaev 4 года назад

    So great! So easy! Perfect tutorial! Thanks!

  • @elkiaora
    @elkiaora 4 года назад

    Do we really need guest (isLoggedIn) middleware? Is it a good practice or just for demonstration purpose?

    • @CodeRealm
      @CodeRealm  4 года назад

      Conceptually, a user may only register if they are a guest. That is, if they are already logged in (based on the cookie or token that was sent in the request to /register), that means they have already registered in the past, so they don't need to (and should not be able to, for data integrity) sign up again.

  • @Simongislen
    @Simongislen 5 лет назад

    Happy to see that you're making new content! How would you handle "logout of all sessions" for a specific user? Seems like this is a missing feature of connect-redis/express-session.

    • @Simongislen
      @Simongislen 5 лет назад

      Haven't tried it yet, but a plan of attack that I have is to store every sessionId on login in a database and relate this to the userId. If the user requests a "logout of all devices", we could look up the session ids and delete them from redis. We could clean up old database entries using a cron. Would appreciate your input if you have the time! Good luck on your upcoming videos. Looking forward to them.

    • @CodeRealm
      @CodeRealm  5 лет назад +1

      Laravel actually has something like that Auth::logoutOtherDevices($password); except it requires the user's password. Effectively, they store user's password hash in the remember me cookie, so when the hash in the users table changes, and the users makes a request with a stale cookie, that session gets invalidated. But, that's only if they checked the remember me checkbox; I believe Laravel also stores the password hash on the session object, so the same logic still applies. Jeffrey Way has a neat demo on this laracasts.com/series/whats-new-in-laravel-5-6/episodes/7
      In Node.js though, first thing that came to mind, I'd have a table called sessions and store user_id and session_id (in Redis) on it. Every time they login (i.e. create a new session), I store that record. When they decide to log out all other devices, I find all sessions by user_id and purge them from Redis using session_id as the key. IMO you need a "lookup table" in your DB because you can't afford to loop through sessions in Redis, unserialize them one by one, and match each against user_id; that's too expensive.

    • @Simongislen
      @Simongislen 5 лет назад

      Code Realm Sounds reasonable. I'll look into the laravel solution as well. Thanks a ton!

    • @CodeRealm
      @CodeRealm  5 лет назад

      @@Simongislen You beat me by 5 mins, I didn't see your comment. But you figured it out yourself, great job!
      A cron job would work; in Laravel, they have "request lottery" where each request has a small chance to trigger a background task to clean up expired records from the DB. But in the case of logout, you could clear out the entries from the sessions table right after you purge the keys from Redis (you won't need them anymore I think).

  • @hafeezolaniyi5030
    @hafeezolaniyi5030 3 года назад

    hi, your works are awesome. i follow your tutorial word for word and create amazing things. Although in this tutorial i have a problem. In the auth file/ const login, when ever i type in the line req.session!.userId = userId it gives the error "Property 'userId' does not exist on type 'Session & Partial'.". i have tried and tried. Pls provide a fix or a lesson on how to fix it

  • @Lowlim90
    @Lowlim90 5 лет назад

    validateAsync doesn't work for me. "validation_1.registerSchema.validateAsync is not a function"

    • @CodeRealm
      @CodeRealm  5 лет назад

      You'd need to have the latest Joi library v16.x.x or above via @hapi/joi. See the docs hapi.dev/family/joi/?v=16.1.8#anyvalidateasyncvalue-options

  • @adityamajeti8377
    @adityamajeti8377 5 лет назад

    Bro need example for oauth2.0 could you please make a vit

  • @AbdelhameedG
    @AbdelhameedG 4 года назад

    Thanks for the great content man!, I really hope you can slow down a little bit (I want to follow along with you without having to stop the video every couple minutes :D, and maybe spend a little bit more time explaining the theory behind whatever you are doing (Stephen Grider style :D))

  • @julianmay9566
    @julianmay9566 5 лет назад

    Awesome, Thanks.

  • @kinglamido
    @kinglamido 5 лет назад

    the realm of code

  • @talgatsaribayev821
    @talgatsaribayev821 4 года назад

    Use prettier please

  • @aziaev
    @aziaev 4 года назад

    We lost you!