🤑 Join the Treehouse affiliate program and earn 25% commission!

Join our Live Career-Building Workshop: Launch Your Tech-Adjacent Career! ⭐ Register here!

🌟 Dreaming of a bright future? 🎓 Ask about the Treehouse Scholarship program! 🚀

Curious which AI tools Treehouse developers love? ⚙️ Check them out!

🫡 Treehouse for Military offers discounts to Veterans, service members and their families!

Preview

Start a free Courses trial
to watch this video

Sign up for Treehouse

Introducing the Practice

4:53 with Travis Alstrand

This video introduces our middleware challenge.

Teacher's Notes
Questions?
Video Transcript
Downloads
Workspaces

Resources

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

[MUSIC] 0:00

Hello, everyone. 0:09

Travis here with another practice session. 0:10

Today we'll delve into the world of middleware and ExpressJS. 0:13

Middleware are simply functions that get run in between the user sending 0:17

a request and the server sending back a response. 0:21

They have access to the request and response objects, meaning we can 0:24

modify them to fit our needs, and they can either end the request response cycle or 0:28

call the next middleware function in the stack. 0:33

In this exercise, we'll create a middleware function to 0:36

replicate user authentication to allow access to protected routes. 0:39

Let's get started. 0:44

Go ahead and download the project files and 0:45

open them in your preferred text editor. 0:48

Let's take a look at package.json first. 0:50

We currently have two dependencies in this project, express and nodemon. 0:54

I've included nodemon so that we don't have to stop and restart our express 0:59

server every time we make a change, we'll just need to refresh the browser. 1:03

Let's install these dependencies. 1:07

Open up your terminal. 1:09

If you're using VS Code, you can go to Terminal, 1:11

New Terminal, or you can click this toggle button up here, or 1:14

my preferred way of using the keyboard shortcut CTRL+'. 1:17

If you're using a different terminal, be sure you're at the root of this directory. 1:21

Now let's run npm i. 1:25

I short for install and this will install all of our dependencies needed to run 1:27

this project, let's start the server by running npm start. 1:32

I'm going to close the terminal for more space but I'd recommend leaving 1:36

yours open to see if any errors happen while you're working on this exercise. 1:40

Let's look at the data.json file. 1:45

This will replicate our database. 1:48

Inside is an object with a property named users. 1:50

Users value is an array of objects with names and emails. 1:54

Please feel free to add your own name and 1:58

email to the array to test with and save the file. 2:01

All right, let's check out app.js. 2:04

We can see I've already got a basic server set up and it's running on port 3000. 2:07

Here we have four routes. 2:10

The home, or root route, has our homepage header that will render in the browser. 2:13

There are also settings, secret, and forbidden routes. 2:18

Our goal is to allow anyone to access the homepage. 2:22

But only allow users who are in our data.json file access to the settings and 2:26

secret roots. 2:31

If they try to access them without authorization, 2:33

we need to redirect them to the forbidden route. 2:36

Let's see these in the browser. 2:39

Head to localhost 3000, and you should see our home page. 2:41

Now I'll request the settings page. 2:46

We can see here that our username is currently undefined. 2:48

Saving the user's name will be a part of the challenge. 2:52

Now I'll request the secret page, and 2:56

finally our forbidden route. 3:00

This is what we'll redirect users to if they are not a user in our mock database. 3:04

All right, let's go back to the code and open authuser.js. 3:10

This is where our challenge will start. 3:13

We'll first need to import our users array from data.json. 3:17

I've provided comments and hints here to help you along the way. 3:21

Please keep in mind this is not a typical or recommended approach for 3:24

user authentication in the real world. 3:28

This is just a simple way we can mimic it for our middleware practices sake. 3:30

Once you're ready to start testing your work, 3:35

we'll need to complete a few steps in app.js. 3:38

You'll need to import your new function and 3:41

place it as the first middleware in our settings and secret routes. 3:43

To send our username for authentication, 3:46

we'll need to append a URL query parameter when requesting these routes. 3:49

Line 8 has an example of this for you to reference. 3:54

Directly after our route name, we add a question mark to start our query string 3:57

and pass additional data to the server. 4:01

We're giving the parameter a name or key of username and a value of Brian. 4:03

This is where you can type your own name that you added to data.JSON. 4:07

Let's see a preview of how it should work once the exercise has been completed. 4:12

From the homepage, I'll request the secret page with no query parameter. 4:17

You can see we're immediately redirected to the forbidden page. 4:22

I'll try again, but with a username that does not exist in our mock database. 4:25

Now we're getting the message I provided to let them know they sent an incorrect 4:31

username. 4:35

Finally, I'll go to the settings page with the correct username. 4:35

It has rendered the page for us, and my username has been added to the heading. 4:39

Nice, okay, I think you've got everything you need to succeed so 4:43

good luck and have fun. 4:48

In the next video I'll show you my solution. 4:50

You need to sign up for Treehouse in order to download course files.

Sign up

You need to sign up for Treehouse in order to set up Workspace

Sign up