Managing User Roles - NodeJS Authorization
Рет қаралды 144,563
Күн бұрынBest Tech Resume Template: papermoontech....
Use code: PEDRO for 20% off ^
In this video I will teach you guys how to create an api with a role based authorization system.
-
🚀 Learn ReactJS By Building 6 Projects: codedamn.com/l...
💻 PedroTech Discord: / discord
-
Social
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Website: machadopedro.com
Twitter: / pedrotech_
Linkedin: / machadop1407
Instagram: / _pedro.machado_
Github: github.com/mac...
Email: machadop1407@gmail.com
Equipments I Use:
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
🌟 Algorithm Book To Pass Coding Interviews: amzn.to/2Z2CirS
🌟 Microphone: amzn.to/2MKAm4V
🌟 Keyboard: amzn.to/3d0QauN
🌟 HD Webcam: amzn.to/3tMpJPD
🌟 Room LED Lights: amzn.to/3a5mFGp
Tags:
- NodeJS
- User Roles
- ReactJS Tutorial
- ReactJS and MySQL
- NodeJS Tutorial
- API Tutorial
@chibuzoekwue 3 жыл бұрын
I never new middle ware functions could take arguments. I quess we learn everyday. Thanks 👍
@PedroTechnologies 3 жыл бұрын
I found out about this a couple months ago hahaha was surprised too!
@awekeningbro1207 3 жыл бұрын
actually, that function is not a middleware but, is returning a middleware upon calling in the app.get
@ayoubnachat5920 3 жыл бұрын
Hi pedro i like your tutorials a lot *So can you please do another one about managing users rolls but in this with JWT and more secure also with an interface like using Ejs instead of PostMan* and i will be so thankful if you do it 💜😁
@vision6D 6 ай бұрын
Appreciated your presentation and specially the remark at the end where you make us aware of this being an example to understand the mechanism, but that it should never be implemented that way. Authentication has to be made first and tokens have to be delivered. Roles should not be passed between client and server, nor username, nor userid. Based on the token the server side retrieves the userid and associated roles for the app and then performs the authorization. Greeting from Geneva.
@mikealejandro3938 3 жыл бұрын
First comment ! I'm currently learning backend, i want to become a MERN developer, fullstack developer whatever, and i'm still undertanding how the backend works and videos like this one cna help me too much ! Thank you homie
@PedroTechnologies 3 жыл бұрын
Thank youu! Glad I am able to help! If I could give an advice for you that is starting to learn backend, I would advice you not to skip the fundamentals. For example, understand how an api works and the different aspects of a http request. Best of luck!
@mikealejandro3938 3 жыл бұрын
@@PedroTechnologies Thanks My Man
@pegihr 3 жыл бұрын
This is what I’ve been waiting for. Thank You
@PedroTechnologies 3 жыл бұрын
Happy to help! I am glad you liked the video!
@abhishekrawat8579 3 жыл бұрын
i've downloaded it and will watch it when my exams gets over.❤️❤️❤️❤️
@PedroTechnologies 3 жыл бұрын
Hahaha thank you for the support! Im going through exams too! Good luck!
@jeff-creations 2 ай бұрын
Excellent video Pedro. I'm using vs code and Hoppscotch. Do you have any idea why I needed to change my GET requests to POST requests to get the code to work? Really weird, I followed the tutorial to the "T". Regardless, the code works and am able to crudely authenticate.
@zulfikarahmad3684 3 жыл бұрын
Thank you bro... I want to ask, can we use social media authentication like google/fb for REST API? I don't know how to implement it to rest api
@PedroTechnologies 3 жыл бұрын
You can definitely use it, however you still need to save the user somewhere and find a way to maintain them authenticated for a long time. Many companies prefer it this way in order for them not to keep track of passwords!
@joseisraeldiazzapata5179 3 жыл бұрын
ooohh, thank you Pedro. This is useful and fun to manage different sutf with the api rest
@PedroTechnologies 3 жыл бұрын
Thank you! Glad you liked the video!
@onkelhoy1 7 ай бұрын
But what if I change the role in the body that’s passed? This is a very bad security
@usmanmughal5916 3 жыл бұрын
Hey Pedro! Can you add login with Facebook or with Google in your type-graphql series, I am really having a hard time figuring out how to do log in with Google in my project which is based on type-graphql and frontend is on nextjs.
@PedroTechnologies 3 жыл бұрын
Hey, it depends on what you are trying to do! Are you using firebase for authentication? Are you using the google and facebook api? I planned on adding a video on a manual auth system.
@usmanmughal5916 3 жыл бұрын
@@PedroTechnologies no firebase just normal session authentication with cookies and just want to add google login or facebook.
@becbelk 5 ай бұрын
in min 10 you use currying.... so it is FP style... thats cool
@sacibrancooficial 2 ай бұрын
Pedro lançou a braba mesmo! Congrats my friend!
@thiagosaurotv140 5 ай бұрын
Thanks a lot for this, bro! Class 420, present
@viktorsvoboda3186 6 ай бұрын
cool video thx. dont u have pls the code posted for this somewhere?
@liyucollections9046 2 жыл бұрын
It's gr8 video as always....but i was trying to make admin with sepecific,secured password for my web pro.if u can plz help me on this.just tell me the way.thank u!
@abhishekprasad6317 3 жыл бұрын
Very underrated video. Much Love ❤️
@PedroTechnologies 3 жыл бұрын
Thank you!! 😊
@ritugupta4385 11 ай бұрын
Hey, I just found your channel and it has impressive contents...Would you please help me with implementing guest mode feature for my website ?
@tarekghosn3648 2 жыл бұрын
thank you. there is a way in how you connect things. sometimes noobs like me get over whelmed when we see an error.
@abhishekkumaryadav652 6 ай бұрын
Hey pedro, could you tell me how can i add body in request in postman, like we can't pass a body in get request how you are doing it, when i was trying to do it, i am getting error like cannot read properties of undefined 'role'.12:20
@paulikhane Жыл бұрын
I am your 100,00oth subscriber!!!! Let me know when you get the plague. Congratulations.
@Grishopping 2 жыл бұрын
Thanks friend.... will you plan to make another video with more advanced techniques as you comment on the video? My English is bad. I use a translator... I greet you from Venezuela. I already subscribed and gave him a thumbs up... My name is Jose Grillo ESPAÑOL Gracias amigo.... tendras pensado sacar otro video con tecnicas mas avanzadas como comentas en el video? mi ingles es malo uso traductor... te saludo de Venezuela Ya me suscribi y le di manito arriba... Mi nombre es Jose Grillo
@thiagovilla970 3 жыл бұрын
BR representando :)
@liyucollections9046 2 жыл бұрын
It great video Pedro.... can u tell us more on How to set up specific secured password and username which solely authorized manage admin page....like the one asked to login into our own pc.
@simonIsDev 8 ай бұрын
It's so very understand, thanks for this perfect video
@somel_toi309 4 ай бұрын
I love this guy, makes everything I need to know easier to understand
@softwareandnetworkingtechn5946 2 жыл бұрын
Thank you Pedro how to become a mern developer it is not easy to me to master it
@djkeiran2172 2 жыл бұрын
can we have source code
@arthurcorona Жыл бұрын
Bom inglês.
@cinegolpo-movieexplainedin8192 Жыл бұрын
when user role updated how to manage jwt?
@reubenmoses1363 2 ай бұрын
athorization goood
@蹦太君-o4d 2 жыл бұрын
great
@robinsonzapata1 11 ай бұрын
great tutorial! thank you so much!
@ejazmuneeb 2 жыл бұрын
you should be #1 on top for web dev videos.
@002ashishkumar5 2 жыл бұрын
I start your videos with a like
@pedrocosta9769 2 жыл бұрын
Top. Cadê o código Pedrão?
@shafayet_hossain 3 жыл бұрын
Best coding channel
@PedroTechnologies 3 жыл бұрын
Hahaha thank you so much for the support!
@thrifterspoint1002 2 жыл бұрын
thank u so much concept clear
@josearmandozeballosduran7086 2 жыл бұрын
Amazing explication.
@im_parth 3 жыл бұрын
Never knew middlewares could take up arguments! Also had a qn that we should not decide the role based on the body field right because it's easy to intercept the request and change the field via proxies like burpsuite . Correct me if I am wrong. Great video :)
@nobytes2 3 жыл бұрын
The role should be given upon sign up, or some subscription. In real world you'll never send role with the body.
@constWardtz 3 жыл бұрын
Thank you buddy!
@PedroTechnologies 3 жыл бұрын
Any time!
@MrRossss1 2 жыл бұрын
Great stuff. Thanks
@caetanog_ 2 жыл бұрын
Great video !
@mouctechy 2 жыл бұрын
Thanks Pedro
@wilmerfroilan8991 2 жыл бұрын
code source ?
@spreadItWide 2 жыл бұрын
leo needs a tutor
@mani_naik 3 жыл бұрын
"pedro who obviously got a 100 " ...lol ...liked the video for this humourXD
@PedroTechnologies 3 жыл бұрын
Lmaoo gotta stay humble
@On7D7 3 жыл бұрын
lol.. i got 100 on Software Requirement Engineering course
@lei800123 3 жыл бұрын
Love the explanation on each little element of the code. This helped a lot for a beginner like me. Keep it up! Thank you for the great work!
@nomchomppom 3 жыл бұрын
hi, just wondering but should it be more safe to have a table on the backend database which contains users' roles/courses enrolled instead of validating against the body of the client that anyone can modify?
@im_parth 3 жыл бұрын
I also commented the same thing LOL :)
@thiagovilla970 3 жыл бұрын
Actually, what you'd do in a more realistic (production-ready) approach is to have the user role(s) set in her profile in the DB by an admin or the like. Then, when the server spawns a session (stateful-) or issues a JWT (stateless authentication), that or those roles are attached to the session or written inside the JWT. In the latter case, the token can't be messed with (e.g. up the user roles) cause that'll break the encryption and hence invalidate the token. Pedro's example is didactic and beginner-friendly, but it's a big _no no_ as you guys spotted yourselves.
@itsnobledean9450 10 ай бұрын
I been looking for this kind of simple clarity. No pompous nonsense. Just pertinent information.
Dipesh Malvia
Рет қаралды 8 М.
Marius Espejo
Рет қаралды 28 М.
CodeWithAamir
Рет қаралды 59 М.
Erik Wilde
Рет қаралды 54 М.
procademy
Рет қаралды 25 М.
Dave Gray
Рет қаралды 104 М.
Ulbi TV
Рет қаралды 206 М.
Dave Gray
Рет қаралды 767 М.