วีดีโอ

Yes you should definitely use bcrypt to store the password on the database.

Thank you for the comment. Yes, I’ll do soon a video about the reset password endpoint.

Thank you for the comment. The AT we’re not storing anywhere. Just sending directly on the response. To invalidate the AT then we need to store somewhere to check if that AT is invalid (in case the user already logged out). The RT we are storing on the DB. So in that case we need to delete. You could store both the AT and RT on the database as well, and create a boolean flag to invalidate the AT. It all depends on the way you want to work.

@@manfraio Thanks a lot! Access and refresh tokens help in preventing replay attacks. Ideally, blacklisting both will prevent an attacker from using a sniffed AT or RT to gain access to the system when the user is logged out AND the token is not yet expired. (Side Note: in case the user is already logged in and the hacker was able to obtain his AT or RT and use it; this can be detected from the list of concurrent sessions of that user then the system can take actions accordingly; maybe block the user's account or log out "both"). However, it creates an overhead on the backend server and DB due to the logout-login pattern of many users. That is when many users log out (blacklist each AT and RT) then log in (create new AT and RT) then logout (blacklist newly created AT and RT) and so on. On the DB side, a "clean-up" job could remove expired AT and RT. Therefore, I think the meet-me-in-the-middle solution is to delete the RT (since there is nothing to compare against between user's RT AND server's RT; deleted one) and blacklist AT until it expires then the system (e.g DB job) can safely delete it. Much appreciated!

@@manfraio Thanks a lot! Access and refresh tokens help in preventing replay attacks. Ideally, blacklisting both will prevent an attacker from using a sniffed AT or RT to gain access to the system when the user is logged out AND the token is not yet expired. (Side Note: in case the user is already logged in and the hacker was able to obtain his AT or RT and use it; this can be detected from the list of concurrent sessions of that user then the system can take actions accordingly; maybe block the user's account or log them out "both"). However, it creates an overhead on the backend server and DB due to the logout-login pattern of many users. That is when many users log out (blacklist each AT and RT) then log in (create new AT and RT) then logout (blacklist newly created AT and RT) and so on. On the DB side, a "clean-up" job could remove expired AT and RT. Therefore, I think the meet-me-in-the-middle solution is to delete the RT and blacklist AT until it expires then the system (e.g DB job) can safely delete it. Much appreciated!

@@manfraio Thanks a lot! Access and refresh tokens help in preventing replay attacks. Ideally, blacklisting both will prevent an attacker from using a sniffed AT or RT to gain access to the system when the user is logged out AND the token is not yet expired. (Side Note: in case the user is already logged in and the hacker was able to obtain his AT or RT and use it; this can be detected from the list of concurrent sessions of that user then the system can take actions accordingly; maybe block the user's account or log them out "both"...etc). However, it creates an overhead on the backend server and DB due to the logout-login pattern of many users. That is when many users log out (blacklist each AT and RT) then log in (create new AT and RT) then logout (blacklist newly created AT and RT) and so on. On the DB side, a "clean-up" job could remove expired AT and RT. Therefore, I think the meet-me-in-the-middle solution is to delete the RT and blacklist AT until it expires then the system (e.g DB job) can safely delete it. Much appreciated!

@@manfraio Thanks a lot! Access and refresh tokens help in preventing replay attacks. Ideally, blacklisting both will prevent an attacker from using a sniffed AT or RT to gain access to the system when the user is logged out AND the token is not yet expired. (Side Note: in case the user is already logged in and the hacker was able to obtain his AT or RT and use it; this can be detected from the list of concurrent sessions of that user then the system can take actions accordingly; maybe block the user's account or log them out "both"...etc). However, it creates an overhead on the backend server and DB due to the logout-login pattern of many users. That is when many users log out (blacklist each AT and RT) then log in (create new AT and RT) then logout (blacklist newly created AT and RT) and so on. On the DB side, a "clean-up" job could remove expired AT and RT. Therefore, I think the meet-me-in-the-middle solution is to delete the RT and blacklist AT until it expires then the system (e.g DB job) can safely delete it. Much appreciated!

On Stripe, subscriptions typically auto-renew unless explicitly configured otherwise.

I intend to do a video about this but with a complete project. But for now here are the steps you can follow to move from sandbox to production (live mode): Make sure to create a PayPal business account. Then login to that account - switch to the Live mode by selecting the option at the top-right corner - in the dashboard, navigate to My Apps & Credentials - create an app - replace the sandbox credentials, inside your code, to the live credentials (clientId and secret) - replace the endpoints in your code, with the production (live) one (api.paypal.com). PayPal may require additional information (e.g., business details) before allowing your app to go live. They might also review your integration to ensure compliance with their policies.

Sometimes it doesn’t show and that’s normal, but you can add on the payment settings inside Stripe dashboard. Please check this video, where I show you how to add or remove other payment methods: th-cam.com/video/cheDHoEazPs/w-d-xo.html

@@manfraio ive checked and it is turned on

@FauzulFadzil are you using the stripe card element?

Thank you for the comment. You can create a template message with a variable that is gonna be the verification code. Just like on the video, instead of sending the user name on the variable , you send the code. Does that make sense?

@@manfraio Yes! Awesome! This way I don't need a Twillio in order to send just verification codes;) Thank you!

@@manfraio Other question, adding my own phone number to sending messages through Whatsapp, can I use the same number on my phone?

The WhatsApp Business API requires you to register a dedicated WhatsApp Business number that is separate from your personal WhatsApp number.

@@manfraio I found the issue that whatsapp doesn't want to accept my templates with verification code. Do you have any template that they would accept?

You mean the test number that whatsapp generated for you to use to send messages or the phone number you add, to send to that number?

​@manfraio All of them please 😢

Sim 🇧🇷

Yes. You would need to create a webhook on your server to listen for incoming messages, and configure this webhook on your whatsapp business platform: // Webhook to receive messages from WhatsApp app.post('/webhook', (req, res) => { const webhookEvent = req.body; // Check if this is a message event if (webhookEvent.entry && webhookEvent.entry[0].changes && webhookEvent.entry[0].changes[0].value.messages) { const messageEvent = webhookEvent.entry[0].changes[0].value.messages[0]; const from = messageEvent.from; // The user's phone number const messageText = messageEvent.text.body; // The message content // Chatbot logic to respond to the message let responseMessage; // Basic chatbot responses (you can expand this logic) if (messageText.toLowerCase().includes('hello')) { responseMessage = 'Hello! How can I assist you today?'; } else if (messageText.toLowerCase().includes('price')) { responseMessage = 'Our products range from $10 to $100. How can I help with pricing?'; } else if (messageText.toLowerCase().includes('bye')) { responseMessage = 'Goodbye! Have a great day!'; } else { responseMessage = 'Sorry, I did not understand that. Can you please rephrase?'; } // Send the response back to the user sendMessage(from, responseMessage); } // Send a 200 OK response back to WhatsApp res.sendStatus(200); }); // Verification route to verify the webhook with WhatsApp app.get('/webhook', (req, res) => { const verifyToken = process.env.VERIFY_TOKEN || 'your_verify_token'; const mode = req.query['hub.mode']; const token = req.query['hub.verify_token']; const challenge = req.query['hub.challenge']; // Validate the webhook token if (mode && token === verifyToken) { console.log('Webhook Verified'); res.status(200).send(challenge); } else { res.sendStatus(403); } });

Yes, you can use the say and play properties together multiple times on the call.

@@manfraio i mean if user says 'hi' in call I want to play some relevant audio on ongoing call , is it possible ?

Here is an example of how to make an outbound call using Twilio, wait for the user to say something, and then respond accordingly by either playing an audio file or saying something: 1. Create an endpoint to make the call and when the user answer, pass another endpoint to the url property to handle the answering: app.post('/make-call', async (req, res) => { const toNumber = req.body.to; // Get the user's number from the request try { const call = await client.calls.create({ url: 'your_app_url/voice', // This won't work on localhost. To test locally you would have to use something like ngrok to: toNumber, from: 'YOUR_TWILIO_PHONE_NUMBER' // Your Twilio number }); res.send(`Calling ${toNumber}...`); } catch (err) { console.error(err); res.status(500).send('Error making the call.'); } }); 2. Create the endpoint to handle the response (the same endpoint you passed on the URL parameter on the make-call endpoint) : app.post('/voice', (req, res) => { const twimlResponse = new twilio.twiml.VoiceResponse(); const gather = twimlResponse.gather({ input: 'speech', speechTimeout: '3s', // Wait 3s for the user to say something action: '/process-speech', // This won't work locally as well. Use something like ngrok method: 'POST', // Method from the /process-speech endpoint passed above on the action attribute }); gather.say('Please say something to continue.'); // If no speech is detected, re-prompt twimlResponse.say('I did not hear anything. Please try again.'); twimlResponse.redirect('/voice'); res.type('text/xml'); res.send(twimlResponse.toString()); }); 3. Create the third endpoint to process the speech, that means handle whatever the user said: app.post('/process-speech', (req, res) => { const twimlResponse = new twilio.twiml.VoiceResponse(); const speechResult = req.body.SpeechResult; // Check what the user said if (speechResult) { twimlResponse.say(`You said: ${speechResult}. Now playing audio.`); twimlResponse.play('www.example.com/path/to/your/audio.mp3'); // Replace with your audio file URL } else { twimlResponse.say('I did not recognize that. Please try again.'); twimlResponse.redirect('/voice'); } res.type('text/xml'); res.send(twimlResponse.toString()); });

@@manfraio can you make a separate video about that

Yes we have plans to add react, react native and next.js videos. We’re focusing more on backend for now but soon we’ll have full stack projects. Stay tuned!

Use the upload function to upload the pdf file to whatsapp server: async function uploadFile(filePath) { const data = new FormData() data.append('messaging_product', 'whatsapp') data.append('file', fs.createReadStream(filePath) data.append('type', 'application/pdf') const response = await axios({ url: 'graph.facebook.com/v20.0/phone_number_id/media', method: 'post', headers: { 'Authorization': `Bearer ${process.env.WHATSAPP_TOKEN}` }, data: data }) return response.data.id } Then call the uploadFile function and send a message along with the file: async function sendPDFFile() { const pdfFileId = await uploadFile(filePath) const response = await axios({ url: 'graph.facebook.com/v20.0/phone_number_id/messages', method: 'post', headers: { 'Authorization': `Bearer ${process.env.WHATSAPP_TOKEN}`, 'Content-Type': 'application/json' }, data: JSON.stringify({ messaging_product: 'whatsapp', to: 'phone_number', type: 'document', document: { id: pdfFileId, caption: 'This is message', filename: 'any_filename' } }) }) console.log(response.data) }

Thank you for your comment. For next year we’ll have full stack videos with react and react native as well. We’ll also have a website with templates that we can use for the frontend. Stay tuned my friend.

That’s great my friend. Glad I could help.🤜🏻🤛🏻

I have a mac pro with apple chip and a HP laptop with windows. Mac with 1T and 24gb of RAM and HP with 1T and 16gb RAM.

@@manfraio I heard that most programmers use Linux.

Yes, since a was developing for iOS, I use Mac for a long time. I just got used to it.

Thank you my friend. Glad I could help. I wish you the same🤜🏻🤛🏻

sir do you run a business, work a job, or do freelancing?

@snacksports8188 I actually do all 3 lol. But I’m more focused on my job, which is backend with ai, and a little of frontend as well.

Yes sure. We’ll publish 3 videos soon with Postgres and Node.js, using Prisma, TypeORM and Sequelize. Stay tuned!!

@@manfraio thanks a lot sir, I'll be waiting. Btw I am your new subscriber.

Obrigado meu amigo. Sou sim rsrs

@@manfraio tem linkedin irmao??

@@manfraio sou muito grato para esse video, vou precisar integrar o Twilio no meu micro-saas esse mes.

For WhatsApp I recommend using their official API. There’s a video here o the channel explaining how to use WhatsApp API with Node.js. Integrate Whatsapp API with Node.js: th-cam.com/video/4cvQxqFZTIQ/w-d-xo.html

@@manfraio 🤝 thanks a lot, bro

Hey my friend, hope this will fix your issue: 1. Log in to the PayPal business account. 2. Go to Profile > Account Settings. 3.Under Money, banks, and cards, click Manage currencies. 4. Add the currency you want to accept payments in.

Thank you very much my friend.🤜🏻🤛🏻

Thank you for the comment. I work with Node for 8+ years, so I learn a lot working in different projects.

okay nvm I got it now

Great. Sometimes you might have to refresh VSCode when using npm init for the package.json file to appear.

When a user upgrades to a different plan in the middle of the billing cycle, by default, Stripe will automatically apply proration to account for the time left in the current billing cycle. This ensures the customer only pays for the upgraded plan for the remaining period and credits any unused portion of the previous plan.

@manfraio thanks for the reply. So it would also be able to adjust the licences etc via a Web hook to suit?

Sorry I didn't get your question. When you say license you want to actually update the subscription price?

@@manfraio no more along the lines of if my white label product can create 10 items for £10 a month and the upgrade to 20 for £20 could I use a webhook to change the limit mid month as its tied in with the subscription

Thank you for the comment. Glad you liked🤜🏻🤛🏻

@@manfraio You litteraly saved my life, your tutorial clearly deserve at least 1 million views 😀 Keep this kind of content bro !