Build a REST API with Node.js, Express, TypeScript, MongoDB & Zod 

Thank so much for your effort, your courses are awesome.. Can you please add video for Redis cache on this video or another built project. Thanks

Man I love you already!

@@francisabonyi7115 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

you are amazing dude, thanks a lot

​@@stevechude3730 my videos are not for beginners. If you don't know hwo to set up Mongo locally, this video is not for you. Please consider how rude you're being to people that spend hours making videos for free.

This advice will land you a job, guaranteed

yah 2 years ago but still gold. I'm not going to intern yet but through this tutorial, my skills have improved. I decide to watch the tutorial and then redo it by myself :D

Great. But how do users login as there no route for login

This is not to take anything away from Tom and his wonderful tutorials, the one thing I have began to observe is that lesser the subscriber count the better is the quality of the tutorial. Definitely not every time but generally

Great to hear!

I'm working on testing with Jets now, it will be out nest week, Prometheus should be quick so I will do that too :)

I also have a video about caddy + docker here: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-2oNsjyaCIrI.html

I thought about that joke for way too long.

Thank you for the feedback. It's difficult to tell what pace the video should be because it really depends on how much experience the viewer has I think.

@@TomDoesTech Yeah I know what you mean. "Advanced" or "Beginner" is always subjective of course and a question what kind of audience you'd like to serve with your videos. More beginners or more advanced devs that might get bored out. But nonetheless, your content stays on a high quality! Thanks for your efforts, Tom.

Thanks Adrian, I am working on the UI part. I'm going to keep the library use to a minimum because it could get confusing for anyone that doesn't know how that library works.

So glad you like it :)

@@TomDoesTech when i hit the healthcheck route I get an error that says "unable to connect to remote server". but the console shows app is running on the designated port

@@christopherugochukwu3517 are you using Mongo Atlas or something? What is the "remote server"?

Never heard of Neovim, I'm going to download it and have a play around with it. let me know if you have any questions :)

Thank you for the feedback, that's really helpful! When I make those mistakes, I stop talking while I try figure it out so I need to learn to keep talking and explain the issue.

I agree, this is great tutorial, but you need to make sure to let us know when you’ve made a correction that been edited out. 🙏🏾 Otherwise excellent work👍🏾

Me as well

Yeah, I really like TypeGraphQL and have used it a fair bit so I think I will make a tutorial on it.

Glad it was helpful!

Thanks! I am working on the testing video now :)

Firstly, I'm not a security expert, I'm just demonstrating concepts here so if you're working with a lot of user data, make sure you have someone who understands security in-depth look at your code. Yeah, you should be worried about someone stealing the refresh token because if they have that, they can get an access token and then have access to the system. I would spend my effort trying to prevent the token from being stolen before I spend time reducing the blast radius in the event it does get stolen. So, what I mean by that is make sure you figure out how your application could be vulnerable to XSS attacks and reduce those threats. As for rotating refresh tokens. The issue is that you have no way to invalidate the refresh token without changing the public and private key pair. A lot of large companies will rotate their keys, but getting this to work without impacting the user experience would be challenging.

These 2 things aren't mutely exclusive. The con fig file has defaults which can be overwritten by env vars

I did that video ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-oSz23pPBpFY.html&ab_channel=TomDoesTech

It's just the way I'm used to doing it. I've used the express.Router() in another video

Thank you so much :)

@@TomDoesTech ur welcome =) Just one little question. When you call the createUserSessionHandler you are using the same private key for the accessToken and refreshToken. Isn't that a problem? Or are you changing that later. Cant't wait to watch the next videos of that series =D

Thanks, who's Tim?

@@TomDoesTech ohh sorry i mispelled tom as tim 😅

You can use the same or different keys, up to you. Probably better to use different keys but it's not that big of a deal

Zod has better TS support and I'm more familiar with it

I don't know if it's standard or now and I don't think it's useful to think about it like that. I think the question you should be asking is: "Does this make sense for my application and does it fit with the way I like to work?"

@@TomDoesTech thanks !

Yup, good call!

Oh wow, thank you

I'd call it a 'TomDoesTech special architecture', nah it's MCS or something, Model Controller Service. Why would I abstract the database? This is a tutorial, not an application I'm deploying. But who just rips out their BD and swaps it for something else? It's not something I've ever seen happen. Not without a major rewrite anyway.

Sorry but longer videos do much better. I've done a few videos where they are in parts and they do significantly worse

It's stored in the DB so we can check that it's still valid when we go to issue a refresh token. Storing it in Redis would is a good idea.

There is a UI part in this series if you want to check that out

@@TomDoesTech ok, thanks so much. Meanwhile, i'll like to point out that, both your terminal & your file EXPLORER cover more than half of the screen in this video, it would be nice if you minimize your terminal when not in use that way, the viewers can have a clear view of the code on the screen. Thank you, you are the best.

yeah

@@TomDoesTech But I doesn't in the video. We are still able to get Sessions. I assume that when we consume the API on the frontend, there'll be a method of invalidating the accessToken to circumvent it.

I did something very similar to this but I used Fastify instead of Express.

@@TomDoesTech Awesone,, could you share the link pls

@@sreekumarmenon ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-LMoMHP44-xM.html

@@TomDoesTech Thanks I like the folder structuree in that video better, controller,service,schema all in same folder grouped by feauture! question why pick zod over yup ?

@@sreekumarmenon Zod has better TS support than Yup

Yeah if options is undefined and you try spread it, essentially your're saying ...undefined which isn't valid and it will throw. You can default options to an empty object and it will work, but I use the ...(options && options) syntax because it works for all data types

There's no reason not to do that. I don't think its necessary or help for this particular tutorial but sometimes I will split routes into their corresponding resource. So for example, user.routes.ts, session.routes.ts & product.routes.ts. However, I usually don't do this and usually just have one massive file for all the routes. It doesn't contain any complicated business logic and so I generally think it works fine.

I usually use cookies, if you watch the UI part of this series you'll see I use cookies

I'm interested in the answer for this question as well, thanks for asking.

Hi Skia, thanks for the question. The answer to this is going to be a little long, so sorry for that. The module approach has become really popular, especially with Nest.js using it. I think it's a great approach but not really something I use outside of Nest.js. Firstly, it doesn't really matter what you use, just be consistent. People will choose weird hills to die on and tell you one thing is absolutely better and another, I tend to be very skeptical of opinions like that. The module approach that you mentioned in a tip of the hat to OOP where everything is organised around object definitions. OOP isn't a paradigm that I use often, or at all outside of Next.js. I like to organise my code around functions and think more about how the data flows through the system, opposed to how objects are defined. Lastly, this structure helps to illustrate how the data flows from the route handlers, through the controller and down to the DB, which I think it an important concept to think about and teach.

I'll also add that when it coming to maintaining large code bases, I rarely think about how the code is actually organised, as long as it's consistent. The other things that also help maintain large code bases are good tests, documentation, small and simple components, appropriate abstractions ect...

It converts a JWT into a user object and attaches it to the request object so it's usable for the rest of the request

same here, please did you get a way around this?