- Scott introduces the goals for the course, as well as how it's structured. Then, a POST and a GET request are live-coded, and the server is started.
- Scott demonstrates how to use Insomnia, a GUI tool, to make requests to an API.
- Scott demonstrates how to create GET request routes and respond with JSON.
- Scott defines middleware, and explains that it allows the user to modify the request in-flight and add things like logging and authentication to routes at a higher level.
- Scott codes some middleware, and demonstrates how to pass the middleware to the controllers through the use of the next() method.
- Scott demonstrates how to pass in an exact match, a regular expression (regex) match, a parameter match, or a glob match to your REST routes using Express routing.
- Scott demonstrates how Express will respond with multiple route definitions that match the route of the request.
- Scott uses Express Router to create a sub route.
- Scott demonstrates how to use the router route combined with verb method functions to respond to multiple verbs on one route.
- Students are instructed to create routes and sub routes such that the tests pass in the exercise.
- Scott livecodes the solution to the exercise.
Controllers & Models
- Scott gives an overview of what authentication, or "auth" means when talking in the context of APIs.
- Scott introduces JSON Web Tokens, or JWTs, as a method to secure an API.
- Scott explains the code already written to allow a new token to be created and verified by the jsonwebtoken npm package.
- Students are instructed to create signup and signin controllers, and a protect middleware to lockdown API routes.
- Scott live codes the solution to the tests where an email and password are required, and creates new user that a token is sent from.
- Scott live codes the solution to the tests where an email and password are required, the user must be real, the passwords must match, and a new token is created.
- Scott live codes the solution to the tests where it looks for the Bearer token in the headers, the token must have the correct prefix, it must be a real user, and finds the user form token and passes it on.