00:00 we're going to start protecting routes. And it's, you know, it's actually pretty simple. Can the user be here? Then if not, send them away. That's it. So the idea is we're going to have a couple of different routes that we're going to take. We have the loader, so getting data. The loader is where you're going to say

00:19 whether or not the user can be here. So you're going to look for the user in the request and you'll get the user ID. We already do that in the root. In fact, Kelly made a couple of utilities that we can use that were based on the work that we've already done to get the user's ID. So if there is no user ID, then they're not authenticated.

00:38 So they can't be in certain authenticated only parts of the app that are new in this exercise. And then also, if the user is on, like, some other user's edit page or whatever, we're going to make sure that that user has access to that page. So if it's not the right username,

00:57 if the logged in user doesn't have the same username, then they're not allowed to be there. And the same goes for the actions. So in the action case, if the user tries to submit something we want to make sure that the user is authorized to do that. So we're going to be dealing with access control. We'll be doing a little bit more on the idea

01:17 of access control and creating admin users and stuff like that in the next exercise. But this will give you an intro to, like, the assumption that users are the only ones who can access their own data. And we're going to build that in into all of our loaders and actions that care about that.

01:36 So with that said, you'll be working in the auth server util, that utility, to make sure that you can use those utilities throughout the app. And then you'll be applying those utilities throughout the app. So it's a good time. I think you'll have a fun one. See ya.