Great work, Max. However, I want to point out that express-graphql can parse request's body according to its content-type, so the body parser is unnecessary. With that gone, you can send application/graphql request using postman, and copy & paste the query/mutation directly from graphiql.
Great series, Max. Enjoyed your React Native and Mongo courses through Udemy, btw. Hope you will do more RN and GraphQL. Maybe even some data visualization as well:) Happy New Year!
Great video Max! This is actually a lot easier than trying to use Passport.js (which i JUST got finished doing) when only using json web tokens. Looks like I got some refactoring to do! :)
I recently discovered a REST client called "Insomnia". You can write graphQL queries like in GraphiQL, but it has all the elements like headers, authentication, etc. like Postman. I really recommend it. There is a version for linux, windows and mac OS.
Postman has added a GraphQL option inside the Body tab. So it's a bit easier to write the queries/mutations. Of course, auto completion is not supported, as Postman has no idea about our project
Hey Max.... Please add this section how to upload photos and documents with nodejs and react and the reset of password if the user forget his/her password with nodejs and react
Sending message can be made with socket.io check it out.... I've done end to end message passing from server to client and client to server.... No idea in between clients..... Message passing is quite heavy to understand
Password Reset - One idea would be to create a temporary json web token that allows a user access to the password reset mutation, then you somehow send this to the email informed (I say somehow because I never did email with nodejs). Since GraphQL seems to only work with POST, you may have to think a way to create a link with that JWT to use in the request for the password reset mutation (You can create a Get route on Express that only purpose is to grab the token given as parameter and package it in a Post request). On the GraphQL side this is trivial, if the token is valid, you allow user to go ahead and reset the password, otherwise token either expired or was never valid and so throw an access denied. Uploading stuff - Not sure how this happens on GraphQL, it would be an interesting subject, but usually the way it's done with Express is to have static routes for GETing this files and then have the location stored in and passed around by GraphQL.
@@acommunistdwarf I'll be honest.... I know the process the way you explained is really nice.... I really appreciate it but I've tried several times.... But didn't work for me... That is y asked..... I m really grateful for your descriptive answer... I used jwt token created a unique one send it to client mail dn reset function but some how I managed to screw Them up😪😪😪
@@ashutoshpanda4336 yeah ... I really hope he takes on the items you mentioned because they are quite interesting and happen in tons of different applications. The suggestion is more a brainstorm in an attempt of having something to try if Max and folks on Academind don't take on the subject. I haven't watched the next videos yet, but I would assume he will tackle more the frontend side, which is fundamental for these two items you mention. As far as I can imagine, there is no off the shelf solution for this on GraphQL or Express.
Hi Max! This series is really good! I'm not sure what ahead but can you show the process of deployment such an API to AWS API gateway or Google firebase functions? I think the devops part and some CI/CD for such API is very important.
Hi guys, as per new ES6 syntax improvement, we can use "const user = await User.findOne({email}) " instead of ({email:email}) since both sides are the same :)
thanks Max great job, not simple by any means but you did a great job of explaining. I wonder how much research you have to do to make a 30 minute video???
Very happy to read that Khan, thank you very much! It depends on the video and on the topic to be honest, but as I prepare the entire project and not a single video it's hard to name a number here.
To save a little bit of the code, in JavaScript, an empty string would be false so no need to write: if (!token || token === "") { // some code }, this would be enough: if (!token) { // some code }
Hey Max, Is there any specific reason to use `login` as Query rather than a Mutation? Many examples I have seen online used as a Mutation. Can you help me understand?
What about socket.io connections? do they have to be authenticated for every event they emit? Or is it ok to do this only during creation of the connection? What is the best practice to handle the token on client side? Is it save to store it in localstorage? What about the socket.io? Is it save to try to authenticate a existing token from the localstorage on creating the connection?
thanks for the tutorial it really helped however when I run it it always fails when comparing I mean it always gets isEqual to false can you help ? can anyone help ?
Hello, is there any good video or resource to make an single Auth for two different websites and activate the cors for the two front end? Any recommendation would be great. Thank you beforehand Kind regards
i like this video because i was curios how you wll do the auth with graphql :) btw !token and token ==='' is allways same because empty string is falsy :) 18:25
If someone (like me) added in 'user.js' a flag 'select: false' to 'password' (to protect the field from being selected), You then have to add '.select("+password")' to 'findOne' function. Otherwise there is an error ""Illegal arguments: string, undefined"" because 'password' field won't be selected. user.js: const userSchema = new Schema({ email: { type: String, required: true }, password: { type: String, required: true, select: false //protection } ... auth.js: login: async ({ email, password }) => { try { const user = await User.findOne({ email: email }).select("+password"); //get user and password if (!user) { throw new Error("User does not exists"); } ...
Hello everyone! I am getting following error when try to execute mutation createEvent inside POSTMAN: "Must provide query string." Will someone kindly help?
@@academind yes its good to know how to use graphql for postman as well. With apollo-server I'm getting a different graphiql. It has a section to edit headers as well. I'm not sure why apollo-server-express graphiql is different look.
Postman now supports GraphQL queries! Its awesome! Thanks for the tutoarial.
Great tutorials!
FYI - Starting in version 7.2, Postman lets you create your POST body using syntax just like graphiql.
This Guy Rocks !! My source of nodeJs knowledge and videos are open to everyone just incredible.
Great work, Max.
However, I want to point out that express-graphql can parse request's body according to its content-type, so the body parser is unnecessary. With that gone, you can send application/graphql request using postman, and copy & paste the query/mutation directly from graphiql.
Hey Max, thank you for this quick upload. What a new year gift we have. Happy to see this video on 1 Jan
Great to read that you like the video Harshal, happy new year :)
Hi, I am from Vietnam, I thank you very much for the Mongodb and Graphql series.
Thank you very much.
Now I know how I can create a backend with nodejs, graphql and mongodb. Superb work Max.
Great series, Max. Enjoyed your React Native and Mongo courses through Udemy, btw. Hope you will do more RN and GraphQL. Maybe even some data visualization as well:) Happy New Year!
Thanks so much for your great feedback and your support here and on Udemy! We'll see what the new year brings :)
Great video Max! This is actually a lot easier than trying to use Passport.js (which i JUST got finished doing) when only using json web tokens. Looks like I got some refactoring to do! :)
Thank you, great to read that you like the video!
This course was so helpful, thanks!!, the explanation is fast and clear, and to the point.
So happy to read that Jesus, thank you very much!
I recently discovered a REST client called "Insomnia". You can write graphQL queries like in GraphiQL, but it has all the elements like headers, authentication, etc. like Postman.
I really recommend it. There is a version for linux, windows and mac OS.
Agreed. There is also another app which is called "GraphQL Playground" does the same thing as you suggested.
thank you!
Great job! These videos should be watched way more! Keep up good work!
Postman has added a GraphQL option inside the Body tab. So it's a bit easier to write the queries/mutations. Of course, auto completion is not supported, as Postman has no idea about our project
From Germany, We have SAP, Audi, FC Bayern Munich, and we have Max- All legendry Stuff.
"Made in Germany" is the gold standard! Greetings from New York. Thanks for a wonderful series - it's very powerful and valuable.
Kurzgesagt, DW
Hi Maximilian, excellent series. Happy 2019, keep the good work ¡.
Thank you Esam, I'll try my best to do so! Happy new year also to you :)
this is the coolest tutor I have ever seen. Thank for this reality skill
Hi Max, Your tutorial is so great , I am totally stunned...........
hOW LONG IS THE COURSE Max- Thanks. Awesome Legendry Work.
I'm still recording the videos so it's difficult to say at the moment. It will be a longer series though ;)
sir your videos helps a lot ..☺🙏❤ from India
Thanks a lot for sharing so much knowledge with us.
Hey Max.... Please add this section how to upload photos and documents with nodejs and react and the reset of password if the user forget his/her password with nodejs and react
Sending message can be made with socket.io check it out.... I've done end to end message passing from server to client and client to server.... No idea in between clients..... Message passing is quite heavy to understand
Password Reset - One idea would be to create a temporary json web token that allows a user access to the password reset mutation, then you somehow send this to the email informed (I say somehow because I never did email with nodejs). Since GraphQL seems to only work with POST, you may have to think a way to create a link with that JWT to use in the request for the password reset mutation (You can create a Get route on Express that only purpose is to grab the token given as parameter and package it in a Post request). On the GraphQL side this is trivial, if the token is valid, you allow user to go ahead and reset the password, otherwise token either expired or was never valid and so throw an access denied.
Uploading stuff - Not sure how this happens on GraphQL, it would be an interesting subject, but usually the way it's done with Express is to have static routes for GETing this files and then have the location stored in and passed around by GraphQL.
@@acommunistdwarf I'll be honest.... I know the process the way you explained is really nice.... I really appreciate it but I've tried several times.... But didn't work for me... That is y asked..... I m really grateful for your descriptive answer... I used jwt token created a unique one send it to client mail dn reset function but some how I managed to screw Them up😪😪😪
@@ashutoshpanda4336 yeah ... I really hope he takes on the items you mentioned because they are quite interesting and happen in tons of different applications. The suggestion is more a brainstorm in an attempt of having something to try if Max and folks on Academind don't take on the subject.
I haven't watched the next videos yet, but I would assume he will tackle more the frontend side, which is fundamental for these two items you mention. As far as I can imagine, there is no off the shelf solution for this on GraphQL or Express.
Am grateful for the content Max.
Hi Max! This series is really good! I'm not sure what ahead but can you show the process of deployment such an API to AWS API gateway or Google firebase functions? I think the devops part and some CI/CD for such API is very important.
There is this extension named ModHeader for chrome. Super easy to add header.Not takes more than 2 sec to send header
Thank you so much for making things clear and understandable.
Hey Max,
Can you make more videos about user auth? In front-end with react js and apollo/graphql, how can we use this for logging in?
Hi guys, as per new ES6 syntax improvement, we can use "const user = await User.findOne({email}) " instead of ({email:email}) since both sides are the same :)
This has helped me so much! Thanks a lot Max :)
Lots of love for you.. Thank's
Awesome tutorial, loving it !
You can use Insomnia instead of Postman for testing
MAx, you are awesome. Thanks for sharing the knowledge.
Thanks so much for your awesome comment Diógenes, this really means a lot to me!
This fucking guy is a god
Thank you for your best lecture videos!
Thank YOU for this awesome feedback!
hey I have the problem that the req.get ("Authorization") always returns me undefined, does anyone know what it can be?
I ended up using req.headers.authorization instead
Same problem as Alejandro, and the "req.headers.authorization" fix does not work either (also undefined).
I take it back, I just add a typo in my code ::facepalm::
Hi Max, do you have a video for implementing refresh tokens with this middleware?
thanks Max great job, not simple by any means but you did a great job of explaining. I wonder how much research you have to do to make a 30 minute video???
Very happy to read that Khan, thank you very much! It depends on the video and on the topic to be honest, but as I prepare the entire project and not a single video it's hard to name a number here.
Max thanks a lot for this amazing series! and for all other courses here and on Udemy! Is there a way we can donate even if it is a small amountt!!
Thanks Max!, Awesome as always
Excellent series!! Could anyone tell how to make authentication to not drop every time on page reload?
i understood postman + graphql but isnt there a better way using graphiql etc?
Thanks for the series.
You mean the serious....
How we can restrict data based on the role of the user? Like for Employee, return small data set and for Manager return larger data set?
To save a little bit of the code, in JavaScript, an empty string would be false so no need to write:
if (!token || token === "") {
// some code
},
this would be enough:
if (!token) {
// some code
}
Just amazing, thank you.
Thank YOU for your comment!
Hey Max, Is there any specific reason to use `login` as Query rather than a Mutation? Many examples I have seen online used as a Mutation. Can you help me understand?
Max, what are the cons of making my own auth vs using auth service?
What about socket.io connections? do they have to be authenticated for every event they emit? Or is it ok to do this only during creation of the connection? What is the best practice to handle the token on client side? Is it save to store it in localstorage? What about the socket.io? Is it save to try to authenticate a existing token from the localstorage on creating the connection?
Thank u for this awesome video and I am waiting for next video
Thank YOU for your great feedback and for your support Abhishek! The next part will be released this week.
hello max, can you please also make a video to do node js passport local authentication with graphQL?
Need help, while testing in postman, I am having "Unauthenticated". And in VS code also getting error: "JsonWebTokenError: invalid signature"
Great serious
thanks for the tutorial it really helped however when I run it it always fails when comparing I mean it always gets isEqual to false can you help ? can anyone help ?
I like your serious
:D
Nice tutorial
I got error in POSTMAN :
"errors": [
{
"message": "Must provide query string."
}
]
Kindly let me know how to solve it!
Thanks!
Hello, is there any good video or resource to make an single Auth for two different websites and activate the cors for the two front end? Any recommendation would be great. Thank you beforehand
Kind regards
And the other is using Apollo Graphql
Is it possible for user to add in request field isAuth which will be equal to true and bypass protection?
Nope
Hello Sir can you help with project Node+Express+mongodb+Reactjs Login and registration form
Empty strings are falsy so checking !token already checks token === ''
Saludos desde Chile
Hello from Germany :)
i like this video because i was curios how you wll do the auth with graphql :)
btw !token and token ==='' is allways same because empty string is falsy :) 18:25
Big tnx!
If someone (like me) added in 'user.js' a flag 'select: false' to 'password' (to protect the field from being selected), You then have to add '.select("+password")' to 'findOne' function. Otherwise there is an error ""Illegal arguments: string, undefined"" because 'password' field won't be selected.
user.js:
const userSchema = new Schema({
email: {
type: String,
required: true
},
password: {
type: String,
required: true,
select: false //protection
}
...
auth.js:
login: async ({ email, password }) => {
try {
const user = await User.findOne({ email: email }).select("+password"); //get user and password
if (!user) {
throw new Error("User does not exists");
}
...
how to fix this problem ??
const authHeader = req.get('Authorization');
^
TypeError: Cannot read property 'headers' of undefined
plz!!!
how to fix this problem ??
const authHeader = req.get('Authorization');
^
TypeError: Cannot read property 'get' of undefined
Hello everyone!
I am getting following error when try to execute mutation createEvent inside POSTMAN:
"Must provide query string."
Will someone kindly help?
I have the same error. Did you ever figure it out?
Actually it gives me the error for the query too
I'm getting error cannot return null for non nullable field rootquery. Login
@academind
OAthu with passport.js please
Excelent!
Why is it user.id and not user._id?
The desktop app version of graphiql allows you to edit http headers. No need for postman. github.com/skevy/graphiql-app
That is true. I also switched to Postman to already introduce how we structure the request body - we'll need that in the next parts.
@@academind yes its good to know how to use graphql for postman as well. With apollo-server I'm getting a different graphiql. It has a section to edit headers as well. I'm not sure why apollo-server-express graphiql is different look.
like
Hi,
The tutorial and code is outdated. Can you please update the code.