4.3 Working With Controllers
In this lesson we will add a sign-in controller that lets users authenticate with our application. Later, we’ll restrict the dashboard so it’s only accessible to users who have signed in.
1.Introduction3 lessons, 11:27
2.Sails.js From the Front-End2 lessons, 20:07
3.Sails Blueprints2 lessons, 13:34
4.Building the Back-End7 lessons, 58:40
5.Additional Techniques2 lessons, 09:55
6.Conclusion1 lesson, 01:28
4.3 Working With Controllers
Hi folks. In this lesson, we're gonna be taking a look at controllers and their associated actions. When we created the user model in the last lesson, Sails automatically created a file called user.js in the api/models folder. It also created a controller called UserController.js in the api/controllers folder. We can also generate controllers using Sails on demand if we wish, using the generate controller command. In this case, we don't need to do that. Earlier in the course, when we were using the blueprint shortcut routes to add records to the event model, it was the implicit create action that was actually creating the records in the Sails disk database. The create action was created automatically by Sails when it created the shortcut route. When we add a custom controller action by adding a method to the UserController.js file, Sails will automatically create a blueprint action that matches the name with the method and which we can access via a RESTful url. For example, we could add a method to the controller called test. Let's just do that quickly. Now, let's go back and lift our app. And let's just open up postman, and we should find that we're able to send a request to user/test. And we see the response, this is a test. So, when we lifted our app, Sails saw the test action that we added to our user controller and it automatically created roots for us so that we could use that. So we defiantly want to turn this off in production. So let's just do that now quickly. And we can do that by opening up the config/blueprints.js file. So if we scroll down a bit, we should find a tag for shortcuts and let's just uncomment the shortcuts section. And we'll set that to false, so now none of the shortcut routes that we've been using will work. So the test action that we added will still work, because we haven't disabled the shortcut actions. We don't really want a test action, so let's just get rid of that for now. We can use the popular passport.js module to handle the authentication for us. So let's go ahead and install this as well as the passport local strategy from the command line. And once these are both installed, we can require passports in our controller. So now let's add a sign in action to our controller. So this action will automatically receive the request and response objects. And if you've used express.js before, you should be very familiar with these. So inside the action, we'll want to use passport to authenticate the user, using the authenticate method. So we need to specify the strategy that we want to use, which in this case is going to be the local strategy that we just installed. So we supply a call back function as the second argument, and that will automatically be passsed an error object, a user object, and an info object. We'll see these in more detail shortly. And we just invoke the authenticate method straightaway, passing it in the request and response objects. So inside the call back, we first want to handle any errors that might occur, or the case where a matching user was not found. So if there is an error or the user is not found, then we can set the status to 4 and 3. And that's on the response object. And then we can send back the error message using the send method of the response object. So the send method will send a message back to the client in JSON format, and that's a method that's added to the response object by Sails for us. So if there is no error object, and the user object does exist, we can then set the authenticated state on our session. And that will send back a 200 status. Great. So we've used the popular middleware for Express Passport. And for more information about Passport, you can take a look at their web site. And that's at passport.js.org. So in this lesson we added a signin controller that used the popular authentication middleware Express Passports in order to authenticate users that want to view the dashboard. We also saw how to disable the blueprint shortcut routes which Sails will create automatically. And we'll come back in the next lesson and finish off our authentication, we're not quite there yet. Thanks for watching.