Great work, Max. However, I want to point out that express-graphql can parse request's body according to its content-type, so the body parser is unnecessary. With that gone, you can send application/graphql request using postman, and copy & paste the query/mutation directly from graphiql.
I recently discovered a REST client called "Insomnia". You can write graphQL queries like in GraphiQL, but it has all the elements like headers, authentication, etc. like Postman. I really recommend it. There is a version for linux, windows and mac OS.
Postman has added a GraphQL option inside the Body tab. So it's a bit easier to write the queries/mutations. Of course, auto completion is not supported, as Postman has no idea about our project
Great series, Max. Enjoyed your React Native and Mongo courses through Udemy, btw. Hope you will do more RN and GraphQL. Maybe even some data visualization as well:) Happy New Year!
Hey Max.... Please add this section how to upload photos and documents with nodejs and react and the reset of password if the user forget his/her password with nodejs and react
Sending message can be made with socket.io check it out.... I've done end to end message passing from server to client and client to server.... No idea in between clients..... Message passing is quite heavy to understand
Password Reset - One idea would be to create a temporary json web token that allows a user access to the password reset mutation, then you somehow send this to the email informed (I say somehow because I never did email with nodejs). Since GraphQL seems to only work with POST, you may have to think a way to create a link with that JWT to use in the request for the password reset mutation (You can create a Get route on Express that only purpose is to grab the token given as parameter and package it in a Post request). On the GraphQL side this is trivial, if the token is valid, you allow user to go ahead and reset the password, otherwise token either expired or was never valid and so throw an access denied. Uploading stuff - Not sure how this happens on GraphQL, it would be an interesting subject, but usually the way it's done with Express is to have static routes for GETing this files and then have the location stored in and passed around by GraphQL.
@@acommunistdwarf I'll be honest.... I know the process the way you explained is really nice.... I really appreciate it but I've tried several times.... But didn't work for me... That is y asked..... I m really grateful for your descriptive answer... I used jwt token created a unique one send it to client mail dn reset function but some how I managed to screw Them up😪😪😪
@@ashutoshpanda4336 yeah ... I really hope he takes on the items you mentioned because they are quite interesting and happen in tons of different applications. The suggestion is more a brainstorm in an attempt of having something to try if Max and folks on Academind don't take on the subject. I haven't watched the next videos yet, but I would assume he will tackle more the frontend side, which is fundamental for these two items you mention. As far as I can imagine, there is no off the shelf solution for this on GraphQL or Express.
Great video Max! This is actually a lot easier than trying to use Passport.js (which i JUST got finished doing) when only using json web tokens. Looks like I got some refactoring to do! :)
Hi Max! This series is really good! I'm not sure what ahead but can you show the process of deployment such an API to AWS API gateway or Google firebase functions? I think the devops part and some CI/CD for such API is very important.
Hey Max, Is there any specific reason to use `login` as Query rather than a Mutation? Many examples I have seen online used as a Mutation. Can you help me understand?
thanks Max great job, not simple by any means but you did a great job of explaining. I wonder how much research you have to do to make a 30 minute video???
Very happy to read that Khan, thank you very much! It depends on the video and on the topic to be honest, but as I prepare the entire project and not a single video it's hard to name a number here.
What about socket.io connections? do they have to be authenticated for every event they emit? Or is it ok to do this only during creation of the connection? What is the best practice to handle the token on client side? Is it save to store it in localstorage? What about the socket.io? Is it save to try to authenticate a existing token from the localstorage on creating the connection?
5 лет назад
MAx, you are awesome. Thanks for sharing the knowledge.
Hi guys, as per new ES6 syntax improvement, we can use "const user = await User.findOne({email}) " instead of ({email:email}) since both sides are the same :)
To save a little bit of the code, in JavaScript, an empty string would be false so no need to write: if (!token || token === "") { // some code }, this would be enough: if (!token) { // some code }
thanks for the tutorial it really helped however when I run it it always fails when comparing I mean it always gets isEqual to false can you help ? can anyone help ?
i like this video because i was curios how you wll do the auth with graphql :) btw !token and token ==='' is allways same because empty string is falsy :) 18:25
Hello, is there any good video or resource to make an single Auth for two different websites and activate the cors for the two front end? Any recommendation would be great. Thank you beforehand Kind regards
Hello everyone! I am getting following error when try to execute mutation createEvent inside POSTMAN: "Must provide query string." Will someone kindly help?
If someone (like me) added in 'user.js' a flag 'select: false' to 'password' (to protect the field from being selected), You then have to add '.select("+password")' to 'findOne' function. Otherwise there is an error ""Illegal arguments: string, undefined"" because 'password' field won't be selected. user.js: const userSchema = new Schema({ email: { type: String, required: true }, password: { type: String, required: true, select: false //protection } ... auth.js: login: async ({ email, password }) => { try { const user = await User.findOne({ email: email }).select("+password"); //get user and password if (!user) { throw new Error("User does not exists"); } ...
@@academind yes its good to know how to use graphql for postman as well. With apollo-server I'm getting a different graphiql. It has a section to edit headers as well. I'm not sure why apollo-server-express graphiql is different look.
Postman now supports GraphQL queries! Its awesome! Thanks for the tutoarial.
Great work, Max.
However, I want to point out that express-graphql can parse request's body according to its content-type, so the body parser is unnecessary. With that gone, you can send application/graphql request using postman, and copy & paste the query/mutation directly from graphiql.
Great tutorials!
FYI - Starting in version 7.2, Postman lets you create your POST body using syntax just like graphiql.
This Guy Rocks !! My source of nodeJs knowledge and videos are open to everyone just incredible.
Hey Max, thank you for this quick upload. What a new year gift we have. Happy to see this video on 1 Jan
Great to read that you like the video Harshal, happy new year :)
Hi, I am from Vietnam, I thank you very much for the Mongodb and Graphql series.
Thank you very much.
Hi Maximilian, excellent series. Happy 2019, keep the good work ¡.
Thank you Esam, I'll try my best to do so! Happy new year also to you :)
I recently discovered a REST client called "Insomnia". You can write graphQL queries like in GraphiQL, but it has all the elements like headers, authentication, etc. like Postman.
I really recommend it. There is a version for linux, windows and mac OS.
Agreed. There is also another app which is called "GraphQL Playground" does the same thing as you suggested.
thank you!
Now I know how I can create a backend with nodejs, graphql and mongodb. Superb work Max.
Postman has added a GraphQL option inside the Body tab. So it's a bit easier to write the queries/mutations. Of course, auto completion is not supported, as Postman has no idea about our project
Great job! These videos should be watched way more! Keep up good work!
Great series, Max. Enjoyed your React Native and Mongo courses through Udemy, btw. Hope you will do more RN and GraphQL. Maybe even some data visualization as well:) Happy New Year!
Thanks so much for your great feedback and your support here and on Udemy! We'll see what the new year brings :)
This course was so helpful, thanks!!, the explanation is fast and clear, and to the point.
So happy to read that Jesus, thank you very much!
Hey Max.... Please add this section how to upload photos and documents with nodejs and react and the reset of password if the user forget his/her password with nodejs and react
Sending message can be made with socket.io check it out.... I've done end to end message passing from server to client and client to server.... No idea in between clients..... Message passing is quite heavy to understand
Password Reset - One idea would be to create a temporary json web token that allows a user access to the password reset mutation, then you somehow send this to the email informed (I say somehow because I never did email with nodejs). Since GraphQL seems to only work with POST, you may have to think a way to create a link with that JWT to use in the request for the password reset mutation (You can create a Get route on Express that only purpose is to grab the token given as parameter and package it in a Post request). On the GraphQL side this is trivial, if the token is valid, you allow user to go ahead and reset the password, otherwise token either expired or was never valid and so throw an access denied.
Uploading stuff - Not sure how this happens on GraphQL, it would be an interesting subject, but usually the way it's done with Express is to have static routes for GETing this files and then have the location stored in and passed around by GraphQL.
@@acommunistdwarf I'll be honest.... I know the process the way you explained is really nice.... I really appreciate it but I've tried several times.... But didn't work for me... That is y asked..... I m really grateful for your descriptive answer... I used jwt token created a unique one send it to client mail dn reset function but some how I managed to screw Them up😪😪😪
@@ashutoshpanda4336 yeah ... I really hope he takes on the items you mentioned because they are quite interesting and happen in tons of different applications. The suggestion is more a brainstorm in an attempt of having something to try if Max and folks on Academind don't take on the subject.
I haven't watched the next videos yet, but I would assume he will tackle more the frontend side, which is fundamental for these two items you mention. As far as I can imagine, there is no off the shelf solution for this on GraphQL or Express.
From Germany, We have SAP, Audi, FC Bayern Munich, and we have Max- All legendry Stuff.
"Made in Germany" is the gold standard! Greetings from New York. Thanks for a wonderful series - it's very powerful and valuable.
Kurzgesagt, DW
sir your videos helps a lot ..☺🙏❤ from India
Hey Max,
Can you make more videos about user auth? In front-end with react js and apollo/graphql, how can we use this for logging in?
Great video Max! This is actually a lot easier than trying to use Passport.js (which i JUST got finished doing) when only using json web tokens. Looks like I got some refactoring to do! :)
Thank you, great to read that you like the video!
this is the coolest tutor I have ever seen. Thank for this reality skill
hOW LONG IS THE COURSE Max- Thanks. Awesome Legendry Work.
I'm still recording the videos so it's difficult to say at the moment. It will be a longer series though ;)
Thanks a lot for sharing so much knowledge with us.
Hi Max, Your tutorial is so great , I am totally stunned...........
Hi Max! This series is really good! I'm not sure what ahead but can you show the process of deployment such an API to AWS API gateway or Google firebase functions? I think the devops part and some CI/CD for such API is very important.
hey I have the problem that the req.get ("Authorization") always returns me undefined, does anyone know what it can be?
I ended up using req.headers.authorization instead
Same problem as Alejandro, and the "req.headers.authorization" fix does not work either (also undefined).
I take it back, I just add a typo in my code ::facepalm::
This has helped me so much! Thanks a lot Max :)
Hi Max, do you have a video for implementing refresh tokens with this middleware?
Hey Max, Is there any specific reason to use `login` as Query rather than a Mutation? Many examples I have seen online used as a Mutation. Can you help me understand?
Thank you so much for making things clear and understandable.
There is this extension named ModHeader for chrome. Super easy to add header.Not takes more than 2 sec to send header
Awesome tutorial, loving it !
Am grateful for the content Max.
Lots of love for you.. Thank's
thanks Max great job, not simple by any means but you did a great job of explaining. I wonder how much research you have to do to make a 30 minute video???
Very happy to read that Khan, thank you very much! It depends on the video and on the topic to be honest, but as I prepare the entire project and not a single video it's hard to name a number here.
Max thanks a lot for this amazing series! and for all other courses here and on Udemy! Is there a way we can donate even if it is a small amountt!!
Max, what are the cons of making my own auth vs using auth service?
What about socket.io connections? do they have to be authenticated for every event they emit? Or is it ok to do this only during creation of the connection? What is the best practice to handle the token on client side? Is it save to store it in localstorage? What about the socket.io? Is it save to try to authenticate a existing token from the localstorage on creating the connection?
MAx, you are awesome. Thanks for sharing the knowledge.
Thanks so much for your awesome comment Diógenes, this really means a lot to me!
Excellent series!! Could anyone tell how to make authentication to not drop every time on page reload?
Hi guys, as per new ES6 syntax improvement, we can use "const user = await User.findOne({email}) " instead of ({email:email}) since both sides are the same :)
Thank you for your best lecture videos!
Thank YOU for this awesome feedback!
Thanks Max!, Awesome as always
i understood postman + graphql but isnt there a better way using graphiql etc?
To save a little bit of the code, in JavaScript, an empty string would be false so no need to write:
if (!token || token === "") {
// some code
},
this would be enough:
if (!token) {
// some code
}
Need help, while testing in postman, I am having "Unauthenticated". And in VS code also getting error: "JsonWebTokenError: invalid signature"
You can use Insomnia instead of Postman for testing
How we can restrict data based on the role of the user? Like for Employee, return small data set and for Manager return larger data set?
hello max, can you please also make a video to do node js passport local authentication with graphQL?
Thanks for the series.
You mean the serious....
Thank u for this awesome video and I am waiting for next video
Thank YOU for your great feedback and for your support Abhishek! The next part will be released this week.
This fucking guy is a god
I got error in POSTMAN :
"errors": [
{
"message": "Must provide query string."
}
]
Kindly let me know how to solve it!
Thanks!
Nice tutorial
Just amazing, thank you.
Thank YOU for your comment!
Great serious
thanks for the tutorial it really helped however when I run it it always fails when comparing I mean it always gets isEqual to false can you help ? can anyone help ?
i like this video because i was curios how you wll do the auth with graphql :)
btw !token and token ==='' is allways same because empty string is falsy :) 18:25
Excelent!
Hello, is there any good video or resource to make an single Auth for two different websites and activate the cors for the two front end? Any recommendation would be great. Thank you beforehand
Kind regards
And the other is using Apollo Graphql
Is it possible for user to add in request field isAuth which will be equal to true and bypass protection?
Nope
Hello Sir can you help with project Node+Express+mongodb+Reactjs Login and registration form
I like your serious
:D
Big tnx!
Empty strings are falsy so checking !token already checks token === ''
Hello everyone!
I am getting following error when try to execute mutation createEvent inside POSTMAN:
"Must provide query string."
Will someone kindly help?
I have the same error. Did you ever figure it out?
Actually it gives me the error for the query too
how to fix this problem ??
const authHeader = req.get('Authorization');
^
TypeError: Cannot read property 'headers' of undefined
plz!!!
how to fix this problem ??
const authHeader = req.get('Authorization');
^
TypeError: Cannot read property 'get' of undefined
Saludos desde Chile
Hello from Germany :)
I'm getting error cannot return null for non nullable field rootquery. Login
@academind
If someone (like me) added in 'user.js' a flag 'select: false' to 'password' (to protect the field from being selected), You then have to add '.select("+password")' to 'findOne' function. Otherwise there is an error ""Illegal arguments: string, undefined"" because 'password' field won't be selected.
user.js:
const userSchema = new Schema({
email: {
type: String,
required: true
},
password: {
type: String,
required: true,
select: false //protection
}
...
auth.js:
login: async ({ email, password }) => {
try {
const user = await User.findOne({ email: email }).select("+password"); //get user and password
if (!user) {
throw new Error("User does not exists");
}
...
Why is it user.id and not user._id?
OAthu with passport.js please
like
The desktop app version of graphiql allows you to edit http headers. No need for postman. github.com/skevy/graphiql-app
That is true. I also switched to Postman to already introduce how we structure the request body - we'll need that in the next parts.
@@academind yes its good to know how to use graphql for postman as well. With apollo-server I'm getting a different graphiql. It has a section to edit headers as well. I'm not sure why apollo-server-express graphiql is different look.
Hi,
The tutorial and code is outdated. Can you please update the code.