Coursnap

title
Learn The MERN Stack - JWT Authentication

description
In this video, we will secure our API by adding JWT authentication 💻 Code: https://github.com/bradtraversy/mern-tutorial 👇 Full React 2022 Course With $12.99 promo: https://www.udemy.com/course/react-front-to-back-2022/?couponCode=REACTF2BFEB2022 👇 Website & Courses: https://traversymedia.com 💖 Show Support Patreon: https://www.patreon.com/traversymedia PayPal: https://paypal.me/traversymedia 👇 Follow Me On Social Media: Twitter: https://twitter.com/traversymedia Instagram: https://www.instagram.com/traversymedia Linkedin: https://www.linkedin.com/in/bradtraversy Timestamps: 0:00 - Intro & Current Code 1:45 - What is JWT? 3:10 - User Model 6:00 - Add User to Goal Model 7:21 - User Routes & Controller Functions 14:38 - Register User 18:58 - Hash Password 22:07 - Authenticate User 25:40 - Generate JWT 29:54 - Auth Middleware 37:34 - Protecting Routes & getMe() 41:25 - Protect Goal Routes 43:10 - Get Only Users Goals 44:00 - Setting a User Goal 47:00 -Update a User Goal 49:30 - Delete User Goal

detail
{'title': 'Learn The MERN Stack - JWT Authentication', 'heatmap': [{'end': 1702.691, 'start': 1668.978, 'weight': 0.812}, {'end': 2330.722, 'start': 2234.752, 'weight': 0.724}], 'summary': 'Learn the mern stack - jwt authentication video covers adding jwt authentication to a rest api, creating user model and registration in mongoose, user registration and authentication processes, jwt token generation, user authentication, decoding, and middleware implementation, along with api crud with user authentication for complete functionality.', 'chapters': [{'end': 172.537, 'segs': [{'end': 53.119, 'src': 'embed', 'start': 7.523, 'weight': 0, 'content': [{'end': 15.426, 'text': "Hey, what's going on, guys? In this video, we're going to add authentication to a REST API using JSON Web Tokens.", 'start': 7.523, 'duration': 7.903}, {'end': 25.089, 'text': 'Now, this is actually part two of a Merge Stack series, but I do just want to quickly explain the current code that we have,', 'start': 15.586, 'duration': 9.503}, {'end': 28.951, 'text': "just in case you didn't watch the first video where we created the REST API.", 'start': 25.089, 'duration': 3.862}, {'end': 32.232, 'text': 'So basically we have a CRUD API.', 'start': 29.671, 'duration': 2.561}, {'end': 41.056, 'text': 'We can create, read, update and delete goals so we can make a get request to our, you know, API slash goals and we can fetch them right now.', 'start': 32.272, 'duration': 8.784}, {'end': 41.956, 'text': "I don't have any.", 'start': 41.076, 'duration': 0.88}, {'end': 46.018, 'text': 'I actually deleted all of them, but we can also make a post request to add a goal.', 'start': 42.036, 'duration': 3.982}, {'end': 51.038, 'text': 'We can make a put request to update and we can make a delete request to delete a goal.', 'start': 46.377, 'duration': 4.661}, {'end': 53.119, 'text': "So that's the extent of the functionality.", 'start': 51.078, 'duration': 2.041}], 'summary': 'Adding jwt authentication to a crud api for managing goals, including create, read, update, and delete operations.', 'duration': 45.596, 'max_score': 7.523, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw7523.jpg'}, {'end': 153.528, 'src': 'embed', 'start': 125.771, 'weight': 2, 'content': [{'end': 129.213, 'text': "But there's actually three different parts and you can see they've color coded them.", 'start': 125.771, 'duration': 3.442}, {'end': 137.338, 'text': 'And the first part is the header, which includes the algorithm and the token type, which is Jason Web token is the type.', 'start': 129.893, 'duration': 7.445}, {'end': 142.122, 'text': 'And then it includes some data in Jason in the Jason format.', 'start': 137.859, 'duration': 4.263}, {'end': 145.564, 'text': 'And you can have whatever you want in your in your token.', 'start': 142.542, 'duration': 3.022}, {'end': 147.425, 'text': "In our case, we're going to have the user ID.", 'start': 145.604, 'duration': 1.821}, {'end': 153.528, 'text': 'So it also has an issued at, which is the timestamp that the token was issued at.', 'start': 148.426, 'duration': 5.102}], 'summary': 'The token includes algorithm, token type, and user id; timestamp is also included.', 'duration': 27.757, 'max_score': 125.771, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw125771.jpg'}], 'start': 7.523, 'title': 'Adding authentication to rest api with jwt', 'summary': 'Covers adding authentication to a rest api using json web tokens, explaining the current crud api functionality, the folder structure, and the basics of json web tokens, including its three parts and their significance.', 'chapters': [{'end': 172.537, 'start': 7.523, 'title': 'Adding authentication to rest api with jwt', 'summary': 'Covers adding authentication to a rest api using json web tokens, explaining the current crud api functionality, the folder structure, and the basics of json web tokens, including its three parts and their significance.', 'duration': 165.014, 'highlights': ['The chapter covers adding authentication to a REST API using JSON Web Tokens. Authentication is being added to a REST API using JSON Web Tokens, ensuring secure access to endpoints.', 'The current CRUD API functionality includes creating, reading, updating, and deleting goals. The existing API allows creating, reading, updating, and deleting goals, providing a comprehensive set of functionalities.', 'The basics of JSON Web Tokens are explained, including its three parts and their significance. The basics of JSON Web Tokens are outlined, covering the three parts of a JWT and their respective roles in ensuring secure transmission and verification of data.']}], 'duration': 165.014, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw7523.jpg', 'highlights': ['The current CRUD API functionality includes creating, reading, updating, and deleting goals. The existing API allows creating, reading, updating, and deleting goals, providing a comprehensive set of functionalities.', 'The chapter covers adding authentication to a REST API using JSON Web Tokens. Authentication is being added to a REST API using JSON Web Tokens, ensuring secure access to endpoints.', 'The basics of JSON Web Tokens are explained, including its three parts and their significance. The basics of JSON Web Tokens are outlined, covering the three parts of a JWT and their respective roles in ensuring secure transmission and verification of data.']}, {'end': 979.182, 'segs': [{'end': 261.232, 'src': 'embed', 'start': 226.188, 'weight': 0, 'content': [{'end': 231.331, 'text': "And then let's create a user schema, basically the fields that we want a user to have.", 'start': 226.188, 'duration': 5.143}, {'end': 234.513, 'text': 'So we set this to mongoose.schema.', 'start': 231.912, 'duration': 2.601}, {'end': 239.096, 'text': 'We want to pass in an object here and then add our fields.', 'start': 234.533, 'duration': 4.563}, {'end': 242.178, 'text': "So as far as the fields go, we're going to have a name.", 'start': 239.736, 'duration': 2.442}, {'end': 249.903, 'text': "and we're going to give that a type of string and we do want this to be required.", 'start': 243.699, 'duration': 6.204}, {'end': 261.232, 'text': "so we're going to say required, and we can do true and then add a message here like please add a name, okay, so that's the name,", 'start': 249.903, 'duration': 11.329}], 'summary': 'Create a user schema with a required name field.', 'duration': 35.044, 'max_score': 226.188, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw226188.jpg'}, {'end': 374.236, 'src': 'embed', 'start': 326.151, 'weight': 1, 'content': [{'end': 336.314, 'text': 'So after this, after the schema, we can put in a set of curly braces and we can just say timestamp or timestamps and set that to true.', 'start': 326.151, 'duration': 10.163}, {'end': 341.495, 'text': 'And that will automatically give us a created at and updated at field.', 'start': 336.854, 'duration': 4.641}, {'end': 342.515, 'text': 'All right.', 'start': 342.195, 'duration': 0.32}, {'end': 344.275, 'text': 'So now we just need to export.', 'start': 342.575, 'duration': 1.7}, {'end': 347.596, 'text': "So we'll say module exports our mongoose model.", 'start': 344.295, 'duration': 3.301}, {'end': 361.518, 'text': 'and the model name is going to be user and then the schema is the user schema that we just created, so we can go ahead and close that up.', 'start': 349.882, 'duration': 11.636}, {'end': 368.292, 'text': "now i'm going to open up the goal model, because With every goal we have to know which user created that goal.", 'start': 361.518, 'duration': 6.774}, {'end': 371.994, 'text': 'OK, every goal is going to be associated with a specific user.', 'start': 368.312, 'duration': 3.682}, {'end': 374.236, 'text': "So we're actually going to add a field here.", 'start': 372.415, 'duration': 1.821}], 'summary': 'Creating mongoose model with user schema and timestamps.', 'duration': 48.085, 'max_score': 326.151, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw326151.jpg'}, {'end': 505.537, 'src': 'embed', 'start': 476.421, 'weight': 3, 'content': [{'end': 482.422, 'text': "So now let's start adding our routes and we're only going to have we're going to have three actually three routes.", 'start': 476.421, 'duration': 6.001}, {'end': 485.583, 'text': 'One is going to be to register or create a user.', 'start': 482.563, 'duration': 3.02}, {'end': 491.405, 'text': "One is going to be to log in and one is going to be to get the the user's information.", 'start': 486.003, 'duration': 5.402}, {'end': 497.29, 'text': 'So first of all, we need to bring an express just like we did in the goal routes.', 'start': 492.385, 'duration': 4.905}, {'end': 505.537, 'text': "So we want to require express and then we're going to create our router.", 'start': 497.73, 'duration': 7.807}], 'summary': 'Developing three routes: register, log in, and get user information.', 'duration': 29.116, 'max_score': 476.421, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw476421.jpg'}], 'start': 173.132, 'title': 'User model and registration in mongoose', 'summary': 'Covers creating a user model with fields like name, email, and password in mongoose, setting up user registration, authentication, schema with timestamp fields, user association with goals, user routes for registration, and login.', 'chapters': [{'end': 307.645, 'start': 173.132, 'title': 'Creating user model in mongoose', 'summary': 'Discusses creating a user model in mongoose, including defining fields like name, email, and password with specific requirements such as being required and unique.', 'duration': 134.513, 'highlights': ['The chapter discusses creating a user model in Mongoose, including defining fields like name, email, and password with specific requirements such as being required and unique.', 'The user model includes fields for name, email, and password, with each field having specific requirements such as being required and unique.', 'The user model schema is created using Mongoose and includes fields for name, email, and password, with each field having specific requirements such as being required and unique.']}, {'end': 979.182, 'start': 307.645, 'title': 'Setting up user registration and authentication', 'summary': 'Discusses setting up user registration and authentication, including creating user schema with timestamp fields, adding user association with goals, creating user routes for registration, login, and user data, and installing dependencies for password encryption and json web tokens.', 'duration': 671.537, 'highlights': ['Creating user schema with timestamp fields The chapter demonstrates how to set up a user schema with timestamp fields for created at and updated at, automatically generated upon creation of a new resource.', 'Adding user association with goals The chapter explains the process of adding a user association with goals by creating a reference field for user model, allowing a user to be associated with a goal.', 'Creating user routes for registration, login, and user data The chapter covers the creation of user routes for registration, login, and user data, where three routes are set up to handle user registration, login, and retrieval of user data.', 'Installing dependencies for password encryption and json web tokens The chapter includes the installation of bcrypt js for password encryption and json web token for managing user authentication through tokens.']}], 'duration': 806.05, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw173132.jpg', 'highlights': ['The chapter covers creating a user model in Mongoose with fields like name, email, and password, each having specific requirements such as being required and unique.', 'Demonstrates setting up a user schema with timestamp fields for created at and updated at, automatically generated upon creation of a new resource.', 'Explains the process of adding a user association with goals by creating a reference field for the user model, allowing a user to be associated with a goal.', 'Covers the creation of user routes for registration, login, and user data, including the installation of bcrypt js for password encryption and json web token for managing user authentication through tokens.']}, {'end': 1533.934, 'segs': [{'end': 1008.553, 'src': 'embed', 'start': 979.182, 'weight': 0, 'content': [{'end': 985.165, 'text': "good, so let's see now we're going to start to work in the register.", 'start': 979.182, 'duration': 5.983}, {'end': 995.622, 'text': "now, when we send a request to to this, this endpoint, api users post requests read to register a user, we're going to have some body data.", 'start': 985.165, 'duration': 10.457}, {'end': 997.344, 'text': "so i'm going to destructure that.", 'start': 995.622, 'duration': 1.722}, {'end': 1001.688, 'text': "it's going to be name, email and password.", 'start': 997.344, 'duration': 4.344}, {'end': 1008.553, 'text': "we're going to get that from request.body and then i'm just going to do a little bit of validation here.", 'start': 1001.688, 'duration': 6.865}], 'summary': 'Working on registering a user with name, email, and password data.', 'duration': 29.371, 'max_score': 979.182, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw979182.jpg'}, {'end': 1109.128, 'src': 'embed', 'start': 1071.792, 'weight': 1, 'content': [{'end': 1076.693, 'text': 'Next thing is to check to see if the user exists.', 'start': 1071.792, 'duration': 4.901}, {'end': 1081.755, 'text': "So let's say check if user exists.", 'start': 1077.814, 'duration': 3.941}, {'end': 1086.337, 'text': "So we're going to first create a variable called user.", 'start': 1082.916, 'duration': 3.421}, {'end': 1099.121, 'text': "exists and we're going to wait and then use the user model and there's a method called find one and we want to find the user by the email that's passed in.", 'start': 1087.572, 'duration': 11.549}, {'end': 1109.128, 'text': 'so if that includes something, say if, if user exists,', 'start': 1099.121, 'duration': 10.007}], 'summary': "Checking user existence using the 'find one' method by email.", 'duration': 37.336, 'max_score': 1071.792, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw1071792.jpg'}, {'end': 1362.127, 'src': 'embed', 'start': 1334.83, 'weight': 3, 'content': [{'end': 1346.518, 'text': "so basically you know, matching the, the email and password, and then after that we'll do the token generation and we'll respond from,", 'start': 1334.83, 'duration': 11.688}, {'end': 1351.902, 'text': 'because i want the token to be sent, whether the user registers or logs in.', 'start': 1346.518, 'duration': 5.384}, {'end': 1356.485, 'text': "but let's just do the login functionality first, which is going to be really simple.", 'start': 1351.902, 'duration': 4.583}, {'end': 1362.127, 'text': "we're just going to get the email and password that's sent in the body.", 'start': 1356.485, 'duration': 5.642}], 'summary': 'Developing login functionality with email and password matching and token generation.', 'duration': 27.297, 'max_score': 1334.83, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw1334830.jpg'}], 'start': 979.182, 'title': 'User registration and authentication processes', 'summary': 'Covers user registration, validation, and login processes, encompassing required fields, validation errors, user existence checks, error handling, password hashing, user creation, authentication, status codes, and data responses.', 'chapters': [{'end': 1109.128, 'start': 979.182, 'title': 'User registration and validation', 'summary': 'Focuses on user registration and validation, including checking for required fields, handling validation errors, and verifying if a user already exists in the system.', 'duration': 129.946, 'highlights': ['The chapter focuses on user registration and validation, including checking for required fields, handling validation errors, and verifying if a user already exists in the system.', "The endpoint 'api users post requests' is used to register a user, requiring name, email, and password as body data, with validation for missing fields triggering a 400 bad request status and an error message.", "The process involves checking for the existence of a user by using the 'find one' method of the user model and searching for a user by the provided email."]}, {'end': 1533.934, 'start': 1109.128, 'title': 'User registration and login process', 'summary': 'Details the process of registering and logging in a user, including error handling, password hashing, user creation, and authentication, with insights on status codes and data responses.', 'duration': 424.806, 'highlights': ['The process of registering a user, including error handling, password hashing, user creation, and status code and data responses. Error handling for existing users, password hashing using bcrypt, user creation, and appropriate status code and data responses.', 'The process of logging in a user, including email and password matching, authentication, and status code and data responses. Matching email and password, using bcrypt to compare passwords, and providing appropriate status code and data responses.']}], 'duration': 554.752, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw979182.jpg', 'highlights': ['The chapter focuses on user registration and validation, including checking for required fields, handling validation errors, and verifying if a user already exists in the system.', "The process involves checking for the existence of a user by using the 'find one' method of the user model and searching for a user by the provided email.", 'The process of registering a user, including error handling, password hashing, user creation, and status code and data responses.', 'The process of logging in a user, including email and password matching, authentication, and status code and data responses.']}, {'end': 2061.081, 'segs': [{'end': 1562.703, 'src': 'embed', 'start': 1533.955, 'weight': 5, 'content': [{'end': 1539.101, 'text': "So I'm able to match my user, my email and password against the database.", 'start': 1533.955, 'duration': 5.146}, {'end': 1542.826, 'text': 'So now we want to get into our JSON Web token.', 'start': 1540.042, 'duration': 2.784}, {'end': 1546.236, 'text': "and basically we're going to.", 'start': 1544.375, 'duration': 1.861}, {'end': 1554.199, 'text': "we're going to have to sign the token and we're going to send that back in both register and login.", 'start': 1546.236, 'duration': 7.963}, {'end': 1562.703, 'text': "so we do have to have a secret and we're going to put that into our dot env because it needs to be signed with a specific secret.", 'start': 1554.199, 'duration': 8.504}], 'summary': 'Matching user credentials against the database and implementing json web token for register and login with a specific secret.', 'duration': 28.748, 'max_score': 1533.955, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw1533955.jpg'}, {'end': 1646.262, 'src': 'embed', 'start': 1613.182, 'weight': 3, 'content': [{'end': 1615.982, 'text': "We're going to use JWT, which we brought in up at the top.", 'start': 1613.182, 'duration': 2.8}, {'end': 1618.823, 'text': 'This is using the JSON web token function.', 'start': 1616.022, 'duration': 2.801}, {'end': 1629.448, 'text': "uh, package, and we're using a method called sign sign and that's going to take in a couple things.", 'start': 1619.7, 'duration': 9.748}, {'end': 1637.915, 'text': 'first is going to be the payload, the data that we actually want to put in there, which is going to be the id that is passed into this function.', 'start': 1629.448, 'duration': 8.467}, {'end': 1639.656, 'text': 'second is going to be the secret.', 'start': 1637.915, 'duration': 1.741}, {'end': 1646.262, 'text': 'so process dot, env, dot and then jwt, underscore secret.', 'start': 1639.656, 'duration': 6.606}], 'summary': 'Using jwt package to sign and encode data, including payload and secret.', 'duration': 33.08, 'max_score': 1613.182, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw1613182.jpg'}, {'end': 1695.005, 'src': 'embed', 'start': 1668.978, 'weight': 1, 'content': [{'end': 1673.22, 'text': "So now we can just simply go back up to, let's go to register first.", 'start': 1668.978, 'duration': 4.242}, {'end': 1682.643, 'text': "And along with the user data that we pass back, I'm also going to pass back a token, which is we're going to call our generate token.", 'start': 1674.301, 'duration': 8.342}, {'end': 1686.983, 'text': "And then we're going to pass in user dot underscore ID.", 'start': 1683.263, 'duration': 3.72}, {'end': 1695.005, 'text': "OK, so the user that we register, remember, we get the user back and we're just passing the ID into the generate token function.", 'start': 1687.003, 'duration': 8.002}], 'summary': 'The system will pass a token along with user data during registration.', 'duration': 26.027, 'max_score': 1668.978, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw1668978.jpg'}, {'end': 1702.691, 'src': 'heatmap', 'start': 1668.978, 'weight': 0.812, 'content': [{'end': 1673.22, 'text': "So now we can just simply go back up to, let's go to register first.", 'start': 1668.978, 'duration': 4.242}, {'end': 1682.643, 'text': "And along with the user data that we pass back, I'm also going to pass back a token, which is we're going to call our generate token.", 'start': 1674.301, 'duration': 8.342}, {'end': 1686.983, 'text': "And then we're going to pass in user dot underscore ID.", 'start': 1683.263, 'duration': 3.72}, {'end': 1695.005, 'text': "OK, so the user that we register, remember, we get the user back and we're just passing the ID into the generate token function.", 'start': 1687.003, 'duration': 8.002}, {'end': 1699.606, 'text': "And then it's going to get put into the actual token.", 'start': 1695.645, 'duration': 3.961}, {'end': 1702.691, 'text': "So we'll do the same thing for login.", 'start': 1701.01, 'duration': 1.681}], 'summary': 'Pass token along with user data during registration and login.', 'duration': 33.713, 'max_score': 1668.978, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw1668978.jpg'}, {'end': 1755.615, 'src': 'embed', 'start': 1720.623, 'weight': 0, 'content': [{'end': 1724.005, 'text': "And now you'll see in addition to my user data, I have a token.", 'start': 1720.623, 'duration': 3.382}, {'end': 1730.105, 'text': 'And if I take that token and copy it, And then I go to JWT.io.', 'start': 1724.785, 'duration': 5.32}, {'end': 1733.468, 'text': "You can actually put that in here and it'll show you what it is.", 'start': 1730.145, 'duration': 3.323}, {'end': 1734.83, 'text': 'So pass that in.', 'start': 1733.589, 'duration': 1.241}, {'end': 1741.777, 'text': "And now you can see in the payload I have an ID and that's my user's ID.", 'start': 1735.631, 'duration': 6.146}, {'end': 1746.362, 'text': 'I also have an issued at and an expiration, which is 30 days from now.', 'start': 1742.398, 'duration': 3.964}, {'end': 1755.615, 'text': 'All right, so this user ID we should be able to get when we send a specific route, we send that token.', 'start': 1747.15, 'duration': 8.465}], 'summary': 'User data includes token and payload with id, issued at, and 30-day expiration.', 'duration': 34.992, 'max_score': 1720.623, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw1720623.jpg'}, {'end': 1835.647, 'src': 'embed', 'start': 1808.515, 'weight': 2, 'content': [{'end': 1811.656, 'text': "And we'll use this as an example of how to protect a route.", 'start': 1808.515, 'duration': 3.141}, {'end': 1812.617, 'text': 'Now we need to.', 'start': 1812.156, 'duration': 0.461}, {'end': 1814.678, 'text': 'The way we do it was with middleware.', 'start': 1812.997, 'duration': 1.681}, {'end': 1816.898, 'text': 'We create a custom piece of middleware.', 'start': 1814.738, 'duration': 2.16}, {'end': 1821.721, 'text': 'And remember, middleware is a function that runs during the request response cycle.', 'start': 1817.459, 'duration': 4.262}, {'end': 1829.964, 'text': 'So when we send a route or send a request to a route or an endpoint, this function that we create is going to run and check the token.', 'start': 1821.761, 'duration': 8.203}, {'end': 1835.647, 'text': "So let's create a file here called off middleware dot J.S.", 'start': 1830.465, 'duration': 5.182}], 'summary': 'Creating custom middleware to protect a route with a function that runs during the request response cycle.', 'duration': 27.132, 'max_score': 1808.515, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw1808515.jpg'}], 'start': 1533.955, 'title': 'Jwt token generation and user authentication', 'summary': 'Covers implementing json web token (jwt) token generation by setting a secret, creating a function to generate a token, and signing the token with specific payload and expiration time. it also explains the process of generating and using tokens for user authentication, including the generation of tokens for user registration and login, the validation and expiration of tokens, and the use of middleware to protect routes by checking the token in the authorization header.', 'chapters': [{'end': 1668.378, 'start': 1533.955, 'title': 'Implementing jwt token generation', 'summary': 'Covers implementing json web token (jwt) token generation by setting a secret, creating a function to generate a token, and signing the token with specific payload and expiration time.', 'duration': 134.423, 'highlights': ['Setting the JWT secret in environment variable and creating a function to generate a token The chapter emphasizes setting the JWT secret in the environment variable and creating a function to generate a token, utilizing a specific payload and expiration time.', 'Signing the token with specific payload and expiration time The process of signing the token with a specific payload, utilizing the user ID, and setting an expiration time of 30 days is highlighted as a crucial step in JWT token generation.', "Matching user's email and password against the database The initial step of matching the user's email and password against the database is mentioned as a prerequisite for JWT token generation."]}, {'end': 2061.081, 'start': 1668.978, 'title': 'User authentication and token generation', 'summary': 'Explains the process of generating and using tokens for user authentication, including the generation of tokens for user registration and login, the validation and expiration of tokens, and the use of middleware to protect routes by checking the token in the authorization header.', 'duration': 392.103, 'highlights': ['The process of generating tokens for user registration and login, including passing back a token along with user data for both registration and login. The chapter details the process of passing back a token along with user data for both user registration and login. It outlines the steps involved in generating tokens for user registration and login.', "The validation and expiration of tokens, including the verification of the token format and the use of JWT.io to verify the token's payload and expiration date. It explains the validation and expiration of tokens, including verifying the token format and using JWT.io to verify the token's payload and expiration date. It also mentions the 30-day expiration period for the token.", 'The use of middleware to protect routes by checking the token in the authorization header, involving the creation of a custom piece of middleware and the process of checking the token in the authorization header. The chapter explains the use of middleware to protect routes by checking the token in the authorization header. It covers the creation of a custom piece of middleware and the process of checking the token in the authorization header during the request response cycle.']}], 'duration': 527.126, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw1533955.jpg', 'highlights': ['Signing the token with specific payload and expiration time The process of signing the token with a specific payload, utilizing the user ID, and setting an expiration time of 30 days is highlighted as a crucial step in JWT token generation.', 'The process of generating tokens for user registration and login, including passing back a token along with user data for both registration and login. The chapter details the process of passing back a token along with user data for both user registration and login. It outlines the steps involved in generating tokens for user registration and login.', 'The use of middleware to protect routes by checking the token in the authorization header, involving the creation of a custom piece of middleware and the process of checking the token in the authorization header. The chapter explains the use of middleware to protect routes by checking the token in the authorization header. It covers the creation of a custom piece of middleware and the process of checking the token in the authorization header during the request response cycle.', 'Setting the JWT secret in environment variable and creating a function to generate a token The chapter emphasizes setting the JWT secret in the environment variable and creating a function to generate a token, utilizing a specific payload and expiration time.', "The validation and expiration of tokens, including the verification of the token format and the use of JWT.io to verify the token's payload and expiration date. It explains the validation and expiration of tokens, including verifying the token format and using JWT.io to verify the token's payload and expiration date. It also mentions the 30-day expiration period for the token.", "Matching user's email and password against the database The initial step of matching the user's email and password against the database is mentioned as a prerequisite for JWT token generation."]}, {'end': 2477.288, 'segs': [{'end': 2126.38, 'src': 'embed', 'start': 2061.101, 'weight': 0, 'content': [{'end': 2063.523, 'text': "We're going to have a variable called decoded.", 'start': 2061.101, 'duration': 2.422}, {'end': 2070.184, 'text': "And we're going to set that to JWT, which is our JSON Web Token package.", 'start': 2064.523, 'duration': 5.661}, {'end': 2072.605, 'text': "And then there's a verify method.", 'start': 2070.244, 'duration': 2.361}, {'end': 2077.025, 'text': 'So this takes in the token itself and then the secret.', 'start': 2073.245, 'duration': 3.78}, {'end': 2083.427, 'text': "So remember, that's in process dot env dot and then JWT underscore secret.", 'start': 2077.286, 'duration': 6.141}, {'end': 2096.737, 'text': 'OK, next we want to get user from the token because the token has the user ID as a payload.', 'start': 2085.275, 'duration': 11.462}, {'end': 2104.679, 'text': "We also want to assign it to request.user so that we can access request.user in any route that's protected.", 'start': 2097.278, 'duration': 7.401}, {'end': 2109.66, 'text': "So let's say await and then user.", 'start': 2105.46, 'duration': 4.2}, {'end': 2112.481, 'text': "So from the user model, we're going to use findById.", 'start': 2110.14, 'duration': 2.341}, {'end': 2116.912, 'text': 'and the id is going to be in the decoded object.', 'start': 2113.949, 'duration': 2.963}, {'end': 2126.38, 'text': 'okay, because this right here, when we do verify that, will allow us to get the payload or that will decode it so that we can get the payload,', 'start': 2116.912, 'duration': 9.468}], 'summary': 'Using jwt package to verify and decode user token for accessing protected routes.', 'duration': 65.279, 'max_score': 2061.101, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw2061101.jpg'}, {'end': 2183.592, 'src': 'embed', 'start': 2152.219, 'weight': 2, 'content': [{'end': 2154.581, 'text': "Even though the password is hashed, I don't want that here.", 'start': 2152.219, 'duration': 2.362}, {'end': 2156.162, 'text': 'So we can use .', 'start': 2154.641, 'duration': 1.521}, {'end': 2162.186, 'text': "select, and if we put a string in here of minus password, then it won't include the password.", 'start': 2156.162, 'duration': 6.024}, {'end': 2166.769, 'text': "So we won't have request.user.password or whatever.", 'start': 2163.266, 'duration': 3.503}, {'end': 2173.73, 'text': 'and then we just want to call next, because at the end of our middleware we want to be able to call the next piece of middleware.', 'start': 2167.569, 'duration': 6.161}, {'end': 2183.592, 'text': "now, if there's an error, then we're going to first of all just console, log the error and then we'll just do a res.status of 401,", 'start': 2173.73, 'duration': 9.862}], 'summary': 'Using select method to exclude password from request, logging error if any', 'duration': 31.373, 'max_score': 2152.219, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw2152219.jpg'}, {'end': 2330.722, 'src': 'heatmap', 'start': 2234.752, 'weight': 0.724, 'content': [{'end': 2237.092, 'text': "Then we're assigning the token to this variable.", 'start': 2234.752, 'duration': 2.34}, {'end': 2239.273, 'text': "We're decoding and verifying the token.", 'start': 2237.232, 'duration': 2.041}, {'end': 2244.634, 'text': "We're getting the user from the token, calling the next piece of middleware.", 'start': 2239.293, 'duration': 5.341}, {'end': 2251.096, 'text': "If this doesn't, if none of this, if something goes wrong, then we're going to send a 401 and say not authorized.", 'start': 2244.774, 'duration': 6.322}, {'end': 2253.797, 'text': "If there's no token at all, not authorized.", 'start': 2251.256, 'duration': 2.541}, {'end': 2259.138, 'text': 'So wherever we want to use this, we can simply go into the route file.', 'start': 2254.617, 'duration': 4.521}, {'end': 2262.819, 'text': 'So for instance, user routes, this slash me.', 'start': 2259.218, 'duration': 3.601}, {'end': 2268.98, 'text': 'Right now I can go to it, right? If we go to, where is it? User slash me.', 'start': 2263.439, 'duration': 5.541}, {'end': 2271.481, 'text': "I can hit it, right? And it's just sending this message.", 'start': 2269.04, 'duration': 2.441}, {'end': 2273.521, 'text': 'But I want to protect that.', 'start': 2272.281, 'duration': 1.24}, {'end': 2277.182, 'text': "So what I'm going to do is bring in the protect function from our middleware.", 'start': 2273.621, 'duration': 3.561}, {'end': 2280.203, 'text': 'So protect and set that.', 'start': 2278.302, 'duration': 1.901}, {'end': 2290.621, 'text': 'get that from dot dot, slash middleware, slash auth middleware, and all you have to do is add it as a second argument.', 'start': 2282.014, 'duration': 8.607}, {'end': 2302.89, 'text': "so we can just say protect that, and then let's try to hit that route again, and you can see we get not authorized, no token.", 'start': 2290.621, 'duration': 12.269}, {'end': 2306.733, 'text': "so now let's um, Let's log in.", 'start': 2302.89, 'duration': 3.843}, {'end': 2308.375, 'text': 'So right here, I already did.', 'start': 2306.953, 'duration': 1.422}, {'end': 2309.517, 'text': "I'll just hit this again.", 'start': 2308.416, 'duration': 1.101}, {'end': 2313.064, 'text': 'So I logged in with the correct email and password.', 'start': 2309.798, 'duration': 3.266}, {'end': 2315.668, 'text': "And now I'm going to grab this token.", 'start': 2313.825, 'duration': 1.843}, {'end': 2320.537, 'text': 'and go to my protected route, which is user slash me.', 'start': 2316.795, 'duration': 3.742}, {'end': 2321.978, 'text': 'and you could do this a couple ways.', 'start': 2320.537, 'duration': 1.441}, {'end': 2328.001, 'text': 'you could add here in the the, not here as a param, but as a header.', 'start': 2321.978, 'duration': 6.023}, {'end': 2330.722, 'text': 'you could add authorization and then put the token.', 'start': 2328.001, 'duration': 2.721}], 'summary': 'Decoding, verifying, and using token for authorization in user routes.', 'duration': 95.97, 'max_score': 2234.752, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw2234752.jpg'}, {'end': 2268.98, 'src': 'embed', 'start': 2239.293, 'weight': 3, 'content': [{'end': 2244.634, 'text': "We're getting the user from the token, calling the next piece of middleware.", 'start': 2239.293, 'duration': 5.341}, {'end': 2251.096, 'text': "If this doesn't, if none of this, if something goes wrong, then we're going to send a 401 and say not authorized.", 'start': 2244.774, 'duration': 6.322}, {'end': 2253.797, 'text': "If there's no token at all, not authorized.", 'start': 2251.256, 'duration': 2.541}, {'end': 2259.138, 'text': 'So wherever we want to use this, we can simply go into the route file.', 'start': 2254.617, 'duration': 4.521}, {'end': 2262.819, 'text': 'So for instance, user routes, this slash me.', 'start': 2259.218, 'duration': 3.601}, {'end': 2268.98, 'text': 'Right now I can go to it, right? If we go to, where is it? User slash me.', 'start': 2263.439, 'duration': 5.541}], 'summary': 'Middleware checks user token for authorization, sends 401 if not authorized.', 'duration': 29.687, 'max_score': 2239.293, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw2239293.jpg'}, {'end': 2449.359, 'src': 'embed', 'start': 2424.438, 'weight': 5, 'content': [{'end': 2435.093, 'text': "because we set that in the middleware, and then we'll say res, dot status 200 and then dot json and we'll send an object with.", 'start': 2424.438, 'duration': 10.655}, {'end': 2440.575, 'text': "we'll say ID and set that to our underscore ID, name.", 'start': 2435.093, 'duration': 5.482}, {'end': 2443.756, 'text': "actually we'll just say name and email.", 'start': 2440.575, 'duration': 3.181}, {'end': 2449.359, 'text': "So now whatever user's logged in, when they hit this route, they should get their own info.", 'start': 2444.957, 'duration': 4.402}], 'summary': "Middleware sets status 200 and sends user's info.", 'duration': 24.921, 'max_score': 2424.438, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw2424438.jpg'}], 'start': 2061.101, 'title': 'Jwt decoding and authorization middleware implementation', 'summary': 'Covers decoding jwt, user authentication, and implementing an authorization middleware. it includes usage of jwt package, verification method, findbyid function, and protecting routes. additionally, it discusses throwing a 401 error for missing or invalid tokens and retrieving user information.', 'chapters': [{'end': 2173.73, 'start': 2061.101, 'title': 'Jwt decoding and user authentication', 'summary': 'Covers decoding jwt and user authentication to access user id from the token, using the jwt package, verify method, and findbyid function from the user model, ensuring exclusion of the password hash.', 'duration': 112.629, 'highlights': ['Decoding the JWT token to access the user ID and set it to request.user in protected routes, utilizing the JWT package and verify method.', 'Fetching user data using the findById function from the user model based on the decoded user ID from the token.', 'Excluding the password hash from the user object using the .select method to enhance security and privacy.']}, {'end': 2477.288, 'start': 2173.73, 'title': 'Authorization middleware implementation', 'summary': 'Discusses the implementation of an authorization middleware to verify and decode a bearer token, protect routes, and provide user-specific data, with the middleware throwing a 401 error if the token is missing or invalid, and demonstrating the retrieval of user information based on the token.', 'duration': 303.558, 'highlights': ["The middleware throws a 401 error with the message 'not authorized' if there's an error in decoding or verifying the token. The middleware logs the error and sends a status of 401 with a new error message 'not authorized' if there's an error in decoding or verifying the token.", "If there's no token at all, the middleware sends a 401 error with the message 'not authorized, no token'. If there's no token at all, the middleware sends a status of 401 with a new error message 'not authorized, no token'.", "The user-specific data is retrieved from the token and sent back as a JSON object containing the user's ID, name, and email with a status of 200. The middleware retrieves the user-specific data from the token and sends a JSON object with the user's ID, name, and email, setting the status as 200."]}], 'duration': 416.187, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw2061101.jpg', 'highlights': ['Decoding the JWT token to access the user ID and set it to request.user in protected routes, utilizing the JWT package and verify method.', 'Fetching user data using the findById function from the user model based on the decoded user ID from the token.', 'Excluding the password hash from the user object using the .select method to enhance security and privacy.', "The middleware throws a 401 error with the message 'not authorized' if there's an error in decoding or verifying the token.", "If there's no token at all, the middleware sends a 401 error with the message 'not authorized, no token'.", "The user-specific data is retrieved from the token and sent back as a JSON object containing the user's ID, name, and email with a status of 200."]}, {'end': 3148.209, 'segs': [{'end': 2534.379, 'src': 'embed', 'start': 2505.545, 'weight': 4, 'content': [{'end': 2511.647, 'text': "But what I would like to do is protect that route for one thing and then have it return only the user's goals.", 'start': 2505.545, 'duration': 6.102}, {'end': 2516.028, 'text': "So let's close up user routes, close up auth middleware.", 'start': 2512.107, 'duration': 3.921}, {'end': 2519.529, 'text': "And I think we're all set with our user controller as well.", 'start': 2516.768, 'duration': 2.761}, {'end': 2523.99, 'text': "So now we're going to open up goal controller and goal routes.", 'start': 2520.049, 'duration': 3.941}, {'end': 2527.773, 'text': 'because we want to protect these routes.', 'start': 2525.151, 'duration': 2.622}, {'end': 2534.379, 'text': "so in our goal routes, let's bring in the protect middleware function.", 'start': 2527.773, 'duration': 6.606}], 'summary': 'Protect user routes and implement protect middleware for goal routes.', 'duration': 28.834, 'max_score': 2505.545, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw2505545.jpg'}, {'end': 2588.642, 'src': 'embed', 'start': 2555.284, 'weight': 3, 'content': [{'end': 2562.448, 'text': "so now, if i come back to api, slash goals and send, i'm not authorized because i didn't send a token.", 'start': 2555.284, 'duration': 7.164}, {'end': 2564.929, 'text': 'so i actually want to protect all of these.', 'start': 2562.448, 'duration': 2.481}, {'end': 2568.512, 'text': "so set goal, let's say protect.", 'start': 2564.929, 'duration': 3.583}, {'end': 2579.013, 'text': "for delete goal, we're going to protect that and for update goal all right.", 'start': 2568.512, 'duration': 10.501}, {'end': 2585.199, 'text': "now let's go back to our goal controller, now that all those are protected and private.", 'start': 2579.013, 'duration': 6.186}, {'end': 2588.642, 'text': "and um, like i said, right now we're just.", 'start': 2585.199, 'duration': 3.443}], 'summary': 'Api goals endpoints secured for protection and privacy.', 'duration': 33.358, 'max_score': 2555.284, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw2555284.jpg'}, {'end': 2884.034, 'src': 'embed', 'start': 2853.065, 'weight': 2, 'content': [{'end': 2864.673, 'text': "Okay, so that's the logged in users ID and then We're gonna say if not user so if the user doesn't exist I'm just gonna put a comment here.", 'start': 2853.065, 'duration': 11.608}, {'end': 2880.264, 'text': "We'll say check for user, Then let's do a rez dot Status and do a 401 with his, which is not authorized, and let's throw a new error.", 'start': 2864.713, 'duration': 15.551}, {'end': 2884.034, 'text': "and And here we'll just say user not found.", 'start': 2880.264, 'duration': 3.77}], 'summary': 'Code checks for user existence and throws an error if not found.', 'duration': 30.969, 'max_score': 2853.065, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw2853065.jpg'}, {'end': 3115.669, 'src': 'embed', 'start': 3080.862, 'weight': 0, 'content': [{'end': 3084.966, 'text': "brad has no goals, brad's a loser, but yeah.", 'start': 3080.862, 'duration': 4.104}, {'end': 3092.815, 'text': 'so now we have complete, crud functionality with author authentication and authorization.', 'start': 3084.966, 'duration': 7.849}, {'end': 3101.272, 'text': 'okay, we authenticate by going against the database and making sure we have the correct email and password,', 'start': 3092.815, 'duration': 8.457}, {'end': 3108.082, 'text': 'and then we authorize by sending the right token to the correct route.', 'start': 3101.272, 'duration': 6.81}, {'end': 3111.463, 'text': "so that's it.", 'start': 3110.402, 'duration': 1.061}, {'end': 3115.669, 'text': 'now we have an authentication, an api that has authentication.', 'start': 3111.463, 'duration': 4.206}], 'summary': 'Developed complete crud functionality with authentication and authorization for the api.', 'duration': 34.807, 'max_score': 3080.862, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw3080862.jpg'}], 'start': 2478.129, 'title': 'Api crud with user authentication', 'summary': "Covers protecting api routes, implementing user authentication, and achieving complete crud functionality with authentication and authorization, ensuring users can access and modify their own goals while prohibiting access to others' goals.", 'chapters': [{'end': 2614.487, 'start': 2478.129, 'title': "Protecting and accessing user's goals", 'summary': "Discusses protecting the api routes to access and modify user goals by implementing authentication middleware and modifying the goal controller to return only the specific user's goals.", 'duration': 136.358, 'highlights': ['The chapter discusses protecting the API routes to access and modify user goals. The user discusses the need to protect the API routes for accessing and modifying user goals.', "Implementing authentication middleware and modifying the goal controller to return only the specific user's goals. The user explains the process of implementing authentication middleware and modifying the goal controller to ensure that only the specific user's goals are returned.", 'Adding protection to all API routes for setting, deleting, and updating goals. The user adds protection to all API routes for setting, deleting, and updating goals, ensuring that these operations are only accessible to authorized users.']}, {'end': 3148.209, 'start': 2614.487, 'title': 'Api crud functionality with authentication', 'summary': "Demonstrates adding authentication to an api, allowing users to create, update, and delete their own goals, while ensuring that they are not authorized to access others' goals, achieving complete crud functionality with authentication and authorization.", 'duration': 533.722, 'highlights': ['Complete CRUD functionality with authentication and authorization The chapter demonstrates the implementation of complete CRUD functionality with authentication and authorization, ensuring that users can only access, update, and delete their own goals, achieved through the use of user tokens and user ID validation.', 'Use of user tokens and user ID validation The chapter emphasizes the use of user tokens and user ID validation to ensure that users can only access, update, and delete their own goals, enhancing the security and integrity of the API.', 'Demonstration of adding authentication to an API The chapter showcases the process of adding authentication to an API, enabling users to log in with their credentials and access specific functionality based on their authorization level, enhancing the overall security of the API.']}], 'duration': 670.08, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/enopDSs3DRw/pics/enopDSs3DRw2478129.jpg', 'highlights': ['Complete CRUD functionality with authentication and authorization', 'Demonstration of adding authentication to an API', 'Use of user tokens and user ID validation', 'Adding protection to all API routes for setting, deleting, and updating goals', "Implementing authentication middleware and modifying the goal controller to return only the specific user's goals", 'The chapter discusses protecting the API routes to access and modify user goals']}], 'highlights': ['The process of signing the token with a specific payload, utilizing the user ID, and setting an expiration time of 30 days is highlighted as a crucial step in JWT token generation.', 'The chapter details the process of passing back a token along with user data for both user registration and login. It outlines the steps involved in generating tokens for user registration and login.', 'The chapter explains the use of middleware to protect routes by checking the token in the authorization header. It covers the creation of a custom piece of middleware and the process of checking the token in the authorization header during the request response cycle.', 'The chapter emphasizes setting the JWT secret in the environment variable and creating a function to generate a token, utilizing a specific payload and expiration time.', "It explains the validation and expiration of tokens, including verifying the token format and using JWT.io to verify the token's payload and expiration date. It also mentions the 30-day expiration period for the token.", "The initial step of matching the user's email and password against the database is mentioned as a prerequisite for JWT token generation.", 'Decoding the JWT token to access the user ID and set it to request.user in protected routes, utilizing the JWT package and verify method.', "The middleware throws a 401 error with the message 'not authorized' if there's an error in decoding or verifying the token.", "If there's no token at all, the middleware sends a 401 error with the message 'not authorized, no token'.", "The user-specific data is retrieved from the token and sent back as a JSON object containing the user's ID, name, and email with a status of 200.", 'Complete CRUD functionality with authentication and authorization', 'Demonstration of adding authentication to an API', 'Use of user tokens and user ID validation', 'Adding protection to all API routes for setting, deleting, and updating goals', "Implementing authentication middleware and modifying the goal controller to return only the specific user's goals", 'The chapter discusses protecting the API routes to access and modify user goals', 'The chapter focuses on user registration and validation, including checking for required fields, handling validation errors, and verifying if a user already exists in the system.', "The process involves checking for the existence of a user by using the 'find one' method of the user model and searching for a user by the provided email.", 'The process of registering a user, including error handling, password hashing, user creation, and status code and data responses.', 'The process of logging in a user, including email and password matching, authentication, and status code and data responses.', 'The chapter covers creating a user model in Mongoose with fields like name, email, and password, each having specific requirements such as being required and unique.', 'Demonstrates setting up a user schema with timestamp fields for created at and updated at, automatically generated upon creation of a new resource.', 'Explains the process of adding a user association with goals by creating a reference field for the user model, allowing a user to be associated with a goal.', 'Covers the creation of user routes for registration, login, and user data, including the installation of bcrypt js for password encryption and json web token for managing user authentication through tokens.', 'The current CRUD API functionality includes creating, reading, updating, and deleting goals. The existing API allows creating, reading, updating, and deleting goals, providing a comprehensive set of functionalities.', 'The chapter covers adding authentication to a REST API using JSON Web Tokens. Authentication is being added to a REST API using JSON Web Tokens, ensuring secure access to endpoints.', 'The basics of JSON Web Tokens are explained, including its three parts and their significance. The basics of JSON Web Tokens are outlined, covering the three parts of a JWT and their respective roles in ensuring secure transmission and verification of data.']}