part 15…

To get started with adding some of these validators to the signin method in the post route, we need to add some checks to the email and password to make sure that the inputs match a valid format and also an existing user.

So once again, we’re going to add the validators as the second argument directly to an array…

and similar to what we did with the signup method, we are going to chain on so methods…

These are all of the built-in validators that we are going to use, but now we will want to add some custom validators…

The first custom validator will be for email, we need to make sure that the provided email, matches on that has already been created…

Again, just like in the signup method where we set errors = to the Error object, we need to do the same in the signin method, and then check to make sure that it is set up properly…

And after saving that, head to localhost:3000/signin… enter a valid but non-existing email and password…

then check the the console…

There we have the error object, and with it we get information about what went wrong. Looks good, so now that we know the first custom validator is setup properly, we can add a check to the password and ensure that the password validator works as well.

So now, we are going to cut and paste the checks that we have written a few lines down and make a few adjustments…

But now we need to access the user to call user.password, to do that, as a second argument we are going to pass in that req object witch gives us access to the email of the user that we want to check…

That returns the password that we want to compare. but now instead of sending the “Invalid password” string, we are going to throw a new error. And to add to that and to ensure that in the situation that we run into an undefined user… we need to check to make sure that a user has been returned, and if not, we will display invalid password…

Then we can clean-up the route handler a little bit, we no longer need to check for the user outside of the new validators, and we can delete the password property from the req.body its a little verbose at the moment but the entire handler should now look like…

Now checking for this to ensure that it is set up properly, repeat the steps from the email check, except this time enter an existing email so that the error gets thrown in the right place. If you’ll notice the browser window will likely show “You are signed in!” this is because we removed a check but head over to your console and you should see the error…

And then if you try to log in with good credentials you shouldnt see anything. Now the last thing we need to do, is to extract those validators to the validators.js file…. the entire point of doing this was for a seperation of concerns and looking at that 45 line route handler is kinda ugly. First lets start with the email check, over in the validator.js file…

then for password…

Now back in the auth.js require in both of those validators and add those in place of the logic we just moved…

And thats what the route handler looks like now… At this point always a good idea to test the endpoint to ensure that nothing was missed when we pulled out those validators, I recommend the full cycle…. email, and password, valid and invalid and after that… We’re done with this part, next we will add some template helper functions, and start to add a little bit of styling!