- 00:00:00 welcome back as explained in the last
- 00:00:03 lecture one problem we currently have an
- 00:00:05 assign a process here is that I can
- 00:00:07 enter invalid email addresses like this
- 00:00:10 one and that certainly isn't the
- 00:00:12 behavior I want so I need to change this
- 00:00:15 and one thing to were one way to change
- 00:00:18 this is to add validation now you could
- 00:00:22 of course write your own logic but
- 00:00:23 that's pretty complex and unnecessary
- 00:00:26 like as for many things in your express
- 00:00:29 applications there are third-party
- 00:00:31 packages you dump into your project to
- 00:00:33 add functionality you need in the case
- 00:00:35 of validation
- 00:00:36 I recommend Express validator and this
- 00:00:40 is deal github repository off the
- 00:00:42 Creator or off this package and there
- 00:00:45 too you find a link on how to install
- 00:00:47 this as well as some usage examples and
- 00:00:49 well in the documentation for this
- 00:00:52 package so over in a project I will
- 00:00:55 install it with the save flag though to
- 00:00:58 also place a entry new package to chase
- 00:01:01 and file and then my first step is to
- 00:01:04 set it up here in my app J's file so I
- 00:01:07 will name is a validator and require it
- 00:01:10 Express validator and you need to start
- 00:01:14 this validator after your body parts are
- 00:01:19 here is done this order is important so
- 00:01:23 validator should be executed here
- 00:01:25 because the validator will on its own
- 00:01:27 parse the body and retrieve the
- 00:01:29 parameters you want to validate from the
- 00:01:32 submitted request body therefore this
- 00:01:34 has to be done after the body is parsed
- 00:01:37 of course otherwise you can't validate
- 00:01:38 it so with that being set up the next
- 00:01:42 step is to add the validation in the
- 00:01:45 route however here we're using passport
- 00:01:49 to handle all the requests and create a
- 00:01:52 user so the right place to continue is
- 00:01:54 passport a s now in this file here I
- 00:01:58 want to validate inside this callback
- 00:02:02 I'm getting the request pass to the
- 00:02:04 callback since I set this to true and
- 00:02:07 therefore I can access all the
- 00:02:09 parameters off the callback so before
- 00:02:12 checking if the email address already
- 00:02:14 the database and doing all that I will
- 00:02:16 simply validate the past parameters so I
- 00:02:19 will do this by running request check
- 00:02:23 body a function added by this validator
- 00:02:26 and I want to check the email field and
- 00:02:29 I want to send back T message invalid
- 00:02:34 email if validation fails so this is
- 00:02:36 specified as a second parameter here and
- 00:02:39 then I chain the validators I want to
- 00:02:41 use in my case is email is one of the
- 00:02:45 validators as well as before even
- 00:02:48 checking the email if it is not empty
- 00:02:51 because I wanted to be passed and then i
- 00:02:54 duplicate us to also validate the
- 00:02:57 password and check if or say invalid
- 00:03:00 password if this fails and I check if it
- 00:03:03 is not empty and I also replace its
- 00:03:06 email here with is length and then I
- 00:03:09 pass an object where I specified a
- 00:03:11 minimum length to be four characters and
- 00:03:14 with that I have validation in place but
- 00:03:17 I'm currently not handling any errors so
- 00:03:19 this would check it and it would
- 00:03:21 recognize that maybe the email is wrong
- 00:03:23 but it wouldn't do anything in order to
- 00:03:26 do anything I will add a new variable
- 00:03:28 called errors where I will check if any
- 00:03:32 validation errors appeared I can do it
- 00:03:34 like this validation errors is a
- 00:03:36 function added by this package and using
- 00:03:39 the arrows thrown by my validators I
- 00:03:41 registered here on my request
- 00:03:43 so with these errors extracted I can
- 00:03:47 check if I have any with the function
- 00:03:49 here and if I do have errors I want to
- 00:03:52 create an array of messages which I want
- 00:03:54 to pass back to the view so I will then
- 00:03:57 loop through my arrows with this for
- 00:04:00 each function here and for each error I
- 00:04:04 find I will simply push it on my
- 00:04:08 messages array here however I will not
- 00:04:11 push the complete error but only the
- 00:04:14 message now dot message here is of
- 00:04:16 course a field this validator package
- 00:04:18 adds for each error so each error there
- 00:04:21 basically has a parent field describing
- 00:04:23 which parameter through the error
- 00:04:25 and the message field as well as a
- 00:04:28 number field but this message feature is
- 00:04:30 the important food for us and with that
- 00:04:32 I can in this case then return done now
- 00:04:36 because while we didn't get an error in
- 00:04:39 the case of a technical error or
- 00:04:41 anything like that
- 00:04:42 but it was also not successful so false
- 00:04:44 and I want to flash an error message
- 00:04:47 now I'm not returning message here like
- 00:04:50 before as this argument but instead I
- 00:04:55 will add the arrows myself by calling
- 00:04:59 request flash and then assigning it to
- 00:05:03 the error field there which I'm already
- 00:05:06 extracting the view and then assigning
- 00:05:10 my messages with that I'm sending my
- 00:05:14 bundled messages to review with this
- 00:05:16 flash milah we're here and interview I'm
- 00:05:19 looping through all the message I'm
- 00:05:21 displaying them here so this should work
- 00:05:23 I'll restart my server revisit this page
- 00:05:31 and I'll try to enter an invalid email
- 00:05:33 address missing credentials so I enter
- 00:05:37 both now I get invalid email I enter
- 00:05:40 both and a password which is too short I
- 00:05:42 get invalid email or invalid password
- 00:05:45 and now only the password and now a
- 00:05:48 valid email address which has already
- 00:05:50 been taken emails already news so the
- 00:05:54 complete validation here is working in
- 00:05:56 the way I want and I make sure that only
- 00:05:59 well valid values can be passed to the
- 00:06:02 database with that the signup process
- 00:06:05 looks pretty pretty good and it's time
- 00:06:09 to continue with the next part which is
- 00:06:11 about signing in the user and then also
- 00:06:14 protecting the routes see you there bye