Level up your Authentication Strategies & Implementation

Get access to all lessons in this workshop.

Includes all 5 workshops + bonus:
Full Stack Foundations workshopProfessional Web Forms workshopData Modeling Deep Dive workshopAuthentication Strategies & Implementation workshopWeb Application Testing workshop+Interviews with Experts workshop

Full Stack Vol 1

Full Stack Vol 1

Loading price
Full Stack Vol 1
30-Day Money-Back Guarantee
Money Back Guarantee
includes
Workshops
  • Full Stack Foundations

  • Professional Web Forms

  • Data Modeling Deep Dive

  • Authentication Strategies & Implementation

  • Web Application Testing

  • BonusInterviews with Experts

Features
  • 5 Self-Paced Workshops

  • Lifetime Access

  • Customizable Invoice

  • Streaming 4K Video

  • 166 Interactive Exercises

  • Discord Community

  • English Transcripts & Subtitles

  • Progress Tracking

  • Completion Certificates

Current section: Protecting Routes 6 exercises
Problem

Securing User Access

This exercise is part of Authentication Strategies & Implementation and can be unlocked immediately after purchase. Already purchased? Log in here.

Transcript

00:00 You want to see something really cool? I can go to my notes here and I can create a new note. Well, what's a little less cool is I can actually do that from an unauthenticated user as well. So LOL, I pick my nose. Of course, the thing that you would say if you wanted to troll somebody. So

00:19 yeah, definitely not something that we want people to be able to do. And so your job is to make it so they can't. Not only can they not get to the new page, but you also want to make it so they can't get to the edit page either. So not only not get there, but also not perform any actions there, because remember all of your loader and action functions, those are API routes, like you could

00:39 actually hit them directly. So your job is to kind of lock some of that stuff down. And it's more than just whether or not the user ID exists, whether the user's logged in, but if they have

00:52 access to this. So like, for example, here I am logged in as Cody, but I can still go to this edit page as well. So yeah, you want to make sure that not only are they logged in, but also their

01:08 username matches the username in the URL search params here. So they've got to be the owner of the note to be able to make this edit. And that's what you're going to be enforcing. So good luck. Have a good time.