Handling Login Requests

[00:00:00]
>> So here, I already have everything kind of going for us, we already have the underlying, that's not we want. The underlying function for us to actually communicate with our DB layer so we can kind of go through this pretty quickly. I'm gonna do a login user. This again is going to take the request events.APIGatewayProxyRequest, where are you?

[00:00:26]
ProxyRequest, it's going to return events.APIGatewayProxyResponse and our error, okay? And over here, we're gonna basically create a new struct to handle requests. This is gonna look exactly like the register user request, it's gonna have the username and password. We could refactor that as well. Because it's already been x amount of time, I'm gonna take the lazy way and just do type LoginRequest.

[00:00:58]
Okay, it's gonna be a struct. I'm gonna put here username, it's gonna be a string, json: "username", exact same thing, and then password. It's gonna be a string, json: "password", okay? And we're gonna use this struct only when we get LoginRequests. We can do var loginRequest. There's gonna be a typed LoginRequest.

[00:01:22]
And now we're gonna unmarshal the request field we get when this method is invoked. So what we can do is error is going to be json.Unmarshal. Okay, I'm gonna take in that slice of bytes from request.body, and we're gonna pass in the reference to our log in under the initialized variable here, a loginRequest variable.

[00:01:50]
And if the error does not equal to no, we're gonna do return Events.APIGatewayProxyResponse. The body of this could just say Invalid request. Status code is gonna be http.StatusBadRequest, okay? Return that error as well. And then here, we basically need to check, does this user exist? And then check, does it match our password, our store password here?

[00:02:24]
Okay, so here we're gonna user and our error are going to be from our api.dbstore. Db .get User.
>> Isn't that on the interface?
>> It's not an interface, it is not an interface, yeah, you're right. Yep, nice. GetUser, so this GetUser as we kind of find it earlier, username is going to be a string and it's gonna return our types.User.

[00:03:07]
Thank you for that. Okay, I'm gonna get a bunch of complaints, why is that? Cuz GetUser returns a typeUser and an error. Okay, cool. Types.User and an error. Okay, cool. All those errors went away, so let's go back here. Let's just kind of get completion for us, dot.

[00:03:39]
Hey, there it is. GetUser, let's go add in pass in on loginRequest.Username. If error does not equal to nil, what we can do here is just return exact same thing, event.APIGatewayProxyResponse, it's gonna be Internal server error. I could spell that right. Okay, and then the StatusCode is going to be http.InternalServerError.

[00:04:12]
All right, so now we have our user. The one thing we have to do is validate the password we're getting from our plain text password matches the password that's stored in our database. So here we can do types.ValidatePassword, and remember the order here matters. So the user.PasswordHash, loginRequest.Password.

[00:04:32]
Users what we got from our database, loginRequest what we're getting from the user, okay? And we're basically saying if this is false, so if they do not match or if there is an error, I'm gonna return in events API body response, and I'm gonna say Invalid user credentials.

[00:04:53]
The status is going to be, let's see. The status is going to be http, I guess we just do bad request. StatusBadRequest, okay, nil. And here, we need to add if. Okay, so if this is false, we're going to return this. Otherwise, we know that we have a successful login, so we can do our hyperpath event APIProxyResponse.

[00:05:25]
Okay, we can go Body: Successfully logged in. That's code http.StatusOK. Okay, and this could be nil. And this is it. And all we have to do now is just create a new register case for score /login. Our API handler just has to do LoginUser. So that was a lot in this chapter, I know it's pretty heavy duty.

[00:06:03]
Again, this is kind of why we have that code available. So if you didn't catch up, just hopefully, when I was talking to the code, it was making sense, looked at some of the things we were doing. But yeah, essentially, what we've done, we have a router that slapped on our lambda, we're going to deploy it.

[00:06:17]
And now we have different routes to handle different calls. So a registered call or a login call. You can go make, build, Go back up, we can do our cdk diff. Cool. As you can see here, obviously we're gonna have a bunch of different methods and changes. We're adding a bunch of permissions to our gateway, and let's go ahead and rock and roll with the cdk deploy.

[00:06:41]
Cool.