 Hello everyone, this is Christian. Welcome to another video with me on Node.js sessions. In the previous video, we learned how to create sessions and store user data into a database called in the PostgreSQL database system. This time, we'll do something very similar, except we're going to store data into a Mongo database. So also we're going to hash the password as well. This is the previous example here. It's working beautifully. So when we register, we're going to add the username, email, password to a Mongo database. Now, in my Mongo database system over here, I'm going to use the same database I created in the previous one, a video called users. I have a few examples here, but I'm going to turn all these, delete all of these here. So we're going to have a clean slate. And so no data. So what I have is basically going to be three fields. The ID we've managed by Mongo, I'm going to have the username, email, and password only and be injected directly to this program. So let's go to our program and see how we can do this. Now, I made a copy of the PostgreSQL application and change that to a session Mongo. So it's the same application, but the changes will be just the database part of it. So over here, as you can see, I imported everything so the same as before. We're going to modify this a little bit when we first create our database in the user JS file. So let's go over here and change some stuff over here. So this time we're going to new, we're not going to use, PostgreSQL is going to be from Mongo database. So I'm going to delete everything here and we'll call it Mongoose. I use Mongoose, by the way. I need to import that, but in a minute, we'll do it. We acquired the Mongoose. Actually, you know, before we start, let me install that first. So let's go to the terminal and this is still running that's turned all these off for now. I want to make sure it runs from the right place. So let's go here. And first let's install the MongoDB and Mongoose. Okay, we need those. And I think the rest is already be installed. Okay, you need that. So it'll be crypt and then session and so forth. Okay, so all those will be installed here. Make sure you have these packages installed. Basically, these are here. The PG, I'll leave it here. I don't need it, but that's okay. All right, so that is done. And then now we go ahead and go to the, we actually run the program now. Okay, actually run the Singapore 8080 and then we can close this. Okay, so let's set up our Mongoose. So again, if you remember, right, Mongoose.connect, connect to the MongoDB. I'm using the lazy method here. You can use variable if you want, but this is fine. One, make sure you use the IP address as opposed to local host. So it doesn't have any conflict with Mongoose and the database is called myDB. So if you haven't watched what the other video, how I can actually set this up. And then I'm gonna do a, just make sure it's working. So log that information saying we know it's working. Otherwise, we're gonna go into catch error. Standard, pretty standard stuff. You can handle error, but I'm gonna just console log back to the message. And this should be a nothing here. Okay, that's the connection. Only one connection string. And then we're gonna go ahead and then we need to also create a schema. So a constant call a user schema is equal to new, you know, it's the, yeah, new, Mongoose, that schema. The passing here, the username, will that be a type string to be unique through? And then we have the required also true. Okay, when that field, it next is the email kind of, isn't it kind of similar except, you know, say I'm gonna copy this, put it here. Save us some typing. The password is, let me say not unique, but it's required. Okay, so basically those three fields will be created for us. And then here we're gonna go ahead and then do the model, right? So we put here const, it's gonna be boost that model. And we pass in the user, then these users, we'll export this out. Okay, that is pretty much it for this one here. It's type, no, I meant model, okay. All right, so this is the setup for Mongoose. Again, you can verify, make sure it's connected or not. When we launch, you see the bottom, you see the message connected because the app was running correctly, running. So again, if you go to the browser and refresh the page, just refresh it, right after you load, the message should be, make sure connected on here, if you reset it. So we're good here for this part. Now, let's go over to the index page and we import that user here the same as before our location, that's fine. The only thing that is different is gonna be when we do the login. Okay, so these are same, nothing different here. Okay, when we login via the post, right? We go to the form, the user data comes in and we're not gonna make query this way anymore, right? So basically I'm gonna delete everything here so it's not too confusing and we'll just do everything from fresh. The login needs to be performed a little differently. Well, the first thing we need to do is we've got the data already, user and password, that's fine. Is we're gonna try this part, okay? We're gonna call everything here asynchronously. That means this callback has to be async, right? Async. And then we're gonna catch the error down here if there's any problem and then. And you can handle it in a nicer way if you want to, usually, but that's fine. So and they try block here. We're going to check the user if the user exists in the database. So we're gonna create a constant call user and await, go to user.find function, right? And then wanna make sure we call the collation and make sure we set the locale to English. Because I'll text this in English. That means, and then set the strength to a one or two. It doesn't matter. This is just basically for case insensitivity when you search. Otherwise, you have to search exactly in case insensitivity. So basically that's for that. And then to find, we need to find, actually I wanna do a find one. We're passing here the filter, right? What are we looking for? We're looking for the user name. Does the user name exist here or not? So you put here user name. Again, if the field is exactly the same, the keyword is username, the field and user are exactly the same, then you can omit that for username like that, okay? So that's basically, this username here is not this one, okay? This username here is the one you use in the database or in your schema. So in our schema, right, we call it username. If you call it differently, whatever it is one is has to match that, right? So username, username is the same, so let's call it that. If that is true, if that is successful, then the user should contain something, right? If it's not successful, the user is gonna be empty. So we check to see if the user is indeed not empty. So we can say if the user is not empty, something, then go ahead and process that else. You know, we direct the user back to log in again. You know, keep log in until you get it right, right? Basically that's it. So if the user is indeed successful, then we proceed. Then we need to validate the password. So again, like the previous example, we already encrypt the password. If you do encrypt it, then it's not gonna work. So let's just say, again, if I don't encrypt it, right? So I'm just gonna put it in. The user.password, this is from the database, equal to the password. If it's not encrypted, then go ahead and do the following. I'm gonna change the session of the user to the user coming from the database. I'm gonna change the app, the locals of the username to show on this browser. It is gonna be the user, that username. And then I would add that locals, the login attribute will be equal to true, right? And then we're gonna redirect the user. I think that, you know, right? Direct the user to the index page or the homepage, okay? That is the true part, right? So that's how you set up for MongoDB, okay? The logic here is still the same, but just that we're using it different way after we access the data. That is for the login. So let's save and try this first, okay? So let's save that. And this should not work because there's nothing in the database. So let's go over here and do a login. I'll put some, you know, some gibberish. You can see nothing is logged in. We can't log in until we have some data. So let's go to MongoDB and create one example of data here. Let's refresh the page first. No data, we're gonna create one, very simple one. And the ID, I can leave it blank. I need the username. For me, the email me.atm.com and then we have the password 1234, okay? So add that in here. So we have one username, me1234. So let's try that. So here we go me and then 1234 and boom. So we logged in. You can see that the username me is now here and it's working as expected. Okay, so now when we register, right? So we do the same thing, we'll register. Let's go ahead and fix our code first down here. When we do the post and register, we check the user passwords, make sure they match. Once they match, then we build the user just like we did before, okay? We just pick the data here. And then again, the hashing is the way it is, it's fine. I'm gonna hash it, okay? Since we're here, we're gonna hash the password, use the big group hash sync. And then we pass the password and you set the salt to 10. And then now this part is not gonna be like this anymore, right? When you post, when you add data, we're gonna do it differently. It's actually much simpler than this. So basically, here, we don't need this whole part actually. I'll just make it a little bit easier for us. Let me re-clean this part here. So once we set our object like this, because we're using schema, right? Mongoose is a schema-based program. So that means that once I create this object, it matches my schema, right? So the user here using the password matches schema. All I'm doing is basically save this data. So I'm gonna do something like user.save. And that is pretty much it. But before we do that though, how does Mongoose know that we actually pass some data to this? And that is by creating a new schema here called a new user. We pass into this new user, it's a constructor. He passes object to it like that. So as you can see, quite easy, right? We create a new user using the user. We import it way up here, right here, okay? Which is this model right here. So we instantiate a new user, right? The pass and the data, the object we need. We encrypt the password right away. And then we just call this save function. And that's it. Very simple like that using Mongoose. And then the rest will be the same. We set up the username, the user session, log in true and we direct back to the index page or the slash is the same, call the index. So we're not confusing. And that's it. So now we're using hash, but when I log in, I did not use the hash right here. So once I register a new user, this will not work. Okay, just to prove that it doesn't work, let's give it a test. So go over here. I'm gonna click again, log in with me, right? We have one, two, three, four. I'm able to log in because the password is not hashed. Now let's register you and you have you.com. And then one, two, three, four. One, two, three, four. Okay, I'm registered as you can see, you is logged in. Alrighty, I'm gonna log out and log in you. One, two, three, four. As you can see, it won't let me log in, okay? Because the password is now hashed and I'm trying to log in using hash and then it's not correct. Just to verify in our password hash refresh this, you see the second user has a hash password. To get this back, unhash it. So that is the way to do it. So basically when you do this part here again, we're going to unhash this. So you put that into the bcrypt.compare-sync using the synchronous approach. The first is the playing string, which is just the password. The second is gonna compare that against the one and the user.username, I mean password, which is the hash keyword. Okay, so now this will work for the second user, the first user, it doesn't work anymore, okay? So save that, go to the webpage and again go to login me at me 1234 will not work, okay? But you at 1234 should work. Here we go. Okay, so that is how you use Mongo database to store data when you do this kind of session. So again, the code looks very similar to Postgres. The only difference is again how you insert data, how you make query based on the system, but the whole logic here is exactly the same. All right, so if you have any questions, please let me know. Thank you.