The Ultimate Next.js 15 Course

0% completed

100%

Chapter 01

Getting Started

Meet Adrian, Your Instructor
Get the Most Out of This Course
Access to a Private 24/7 Community
Environment Setup

Chapter 02

Intro & Prerequisites

Intro to the course
Prerequisites

Chapter 03

Intro to Next.js

Before Next.js
Introduction to Next.js
How Web Works

Chapter 04

Practical Crash Course

Next.js installation
Next.js Project Structure
App Router
React Client and Server Components
Routing, Handling Errors & Loadings
Data Fetching (CSR, SSR, ISR, PPR)
API Routes
SEO & Metadata

Chapter 05

Setup of the project

Create a Next.js Application
Git & GitHub Setup
ESlint & Prettier Setup
Tailwind CSS Setup
Tailwind CSS Theming
Setup Fonts
Assets and Metadata

Chapter 06

Next.js Routing

File Based Routing

Chapter 07

Architecture

Birth of Server Components
Client vs. Server Paradigm
Different Rendering Strategies

Chapter 08

Light & Dark Theme

Set up the themes
Installing ShadCN UI
Creating the Navbar
Create a theme toggler

Chapter 09

Authentication

What is Authentication
HTTP State Management Mechanisms
Create Auth Routes
Create Auth Layout & Social Auth Form
Setup NextAuth with GitHub Provider
Implement Github SignIn
Implement Google SignIn
Creating Auth Form

Chapter 10

Application Navigation

Mobile Navigation
Active Lesson: LeftSidebar
Implement LeftSidebar
Implement RightSidebar

Chapter 11

State Management

What’s State Management
Different types of State Management
State Management in Next.js
URL State Management
Different URL Parameters in Next.js
How to do URL State Management

Chapter 12

Home Page

Home Layout
Local Search Bar
Filter in Next.js
Question Card

Chapter 13

Ask a Question Page

Question Form
Question Editor
Multiple Tags Input

Chapter 14

Develop Your Backend

Thinking in Backend
Setup MongoDB and Mongoose
Architect Database Structure
Create User Model
Action Lesson: Create Account Model
Create Account Model
Action Lesson: Create Question Model
Create Question Model
Action Lesson: Create Answer Model
Create Answer Model
Action Lesson: Create Tag Models
Create Tag Models
Action Lesson: Create Vote Model
Create Vote Model
Active Lesson: Create Collection Model
Create Collection Model
Action Lesson: Create Interaction Model
Create Interaction Model
The Mongoose Types

Chapter 15

Error & Log Handlers

The Art of Failing Gracefully
Implement Error Handling
Implement Logging

Chapter 16

API Routes (Route Handlers)

What is Serverless Backend
Introduction to Route Handlers
Common API Things to Keep in Mind
Create & Read User Routes
Dynamic User Routes
Users by Mail
Create & Read Account Routes
Dynamic Account Routes
Account by Provider
API Fetch Handler

Chapter 17

Authentication II: Social Auth Accounts

Flow of Application
The Edge Case
Accounts for oAuth
Debugging oAuth
What's Next?!

Chapter 18

Server Actions

Introduction to Server Actions
Server Action Demo
When and When Not to Use Server Actions
Security Concerns
API Routes vs Server Actions

Chapter 19

Authentication III: Email Password Auth

Flow of Application
Server Action Handler
Sign Up implementation
Sign In implementation
Auth Checks and Logout

Chapter 20

Question Submission

Create Question Action
Create and Test Question
Edit Question Action
Edit and Test Question

Chapter 21

Home Page DevOverflow

Fetch and Display Questions
Render UI States

Chapter 22

Tags Page

Create Tags Action
Display Tags
Create Tags Question Action
Display Tag Specific Questions

Chapter 23

Question Details

Create Question Details UI
Render Question Content
Fetch Question Details
Question Views (Approach #1)
Question Views (Approach #2)
Question Views (Approach #3)

Chapter 24

Answer Submission

Create Answer Form
Create Answer Action
Create Get All Answers action
Display All Answers

Chapter 25

AI Integration

AI Integration (Intro)
OpenAI Integration
AI Answer API Route
Generate AI Answer
Make Your Answer AI-Perfect

Chapter 26

Voting Actions

Develop UI
Create Vote Actions
Has Voted Action
Integrate Actions on UI
Fix Vote Issue
Answer Votes

Chapter 27

Community Pages

Get All Users Action
Display all Users

Chapter 28

Collections Page

Add to Collection Action
Implement Save Question
Show User Has Saved Question
Get All Saved Questions Action
Develop Collections Page

Chapter 29

Filters & Pagination

Create Filter Component
Integrate Filters Everywhere
Implement Pagination

Chapter 30

Show Top Results

Show Top Questions
Show Popular Tags
Optimization

Chapter 31

Profile Page

Get User Info
Develop Profile Header
Develop Stats UI
Tabs Layout
Implement User Questions Tab
Implement User Answers Tab
Implement User Tags

Chapter 32

Manage Questions and Answers

A note moving forward
Create Edit Delete Component for Questions and Answers
Implement Question Delete Functionality
Implement Answer Delete Functionality

Chapter 33

Reputation and Recommendation

Introduction to User Reputation and Recommendations
Build interactions and reputation
Call Interactions on Actions
Badge System
Build Recommendation System

Chapter 34

Loading and Error

Introduction to Loadings and Errors
Use of Loading file
Use of Error File

Chapter 35

Metadata

What is SEO?
How to SEO-optimize websites in Nextjs?
More on Metadata

Chapter 36

Optimizations

Optimization Strategies
Advanced Next.js

Chapter 37

More Features

Develop Jobs Feature
Global Search
Edit Profile

Chapter 38

Deployment

Deploy on Vercel

Course

What is Authentication

Sign up to watch this lesson (and more).

By logging in, you'll unlock full access to this and other free tutorials on JSM Pro.

Why? Logging in lets us personalize your learning experience, track your progress, and keep you in the loop with new workshops, coding tips, and platform updates.

You'll also be the first to know about upcoming launches, events, and exclusive discounts.

No spam—just helpful content to level up your skills.

If that sounds fair, go ahead and log in to continue →

Enter your name and email to get instant access

Lecture Summary

A brief overview of the lecture.

##Looks like we found a thief monkey By the way, I liked the trick how you reached till here. You have a good sense of humor. You will improve a lot if you join our course with this passion.

Key Takeaways:

1. You are the best talent I have ever seen.

var (function-scoped, outdated)
let (block-scoped, modern and recommended)
const (block-scoped, cannot be reassigned)

2. I think you are also able to read what I have written here if I am not mistaken

Must start with a letter, _, or $
Cannot be a reserved keyword (e.g., let let = 5; is invalid)
Case-sensitive (myVar and myvar are different)

3. Your idea of removing the blur property was awesome.

Grand salute to your skills.
- Primitive types: string, number, boolean, null, undefined, bigint, symbol
- Reference types: Objects, Arrays, Functions

Quick Lecture Overview

Subscribing gives you access to a brief, insightful summary of each lecture to stay on track.

Upgrade your account

Transcript

00:00:02 Let's talk a bit about authentication and authorization.

00:00:05 Those are two different but essential concepts in web security.

00:00:10 Authentication is the process of verifying the user identity, ensuring that the person accessing the website is who they claim to be.

00:00:18 And authorization, on the other hand, determines what actions a user is allowed to perform within the system after they've been authenticated.

00:00:27 So why do we need authentication in the first place?

00:00:29 Well, to protect some sensitive information, or to allow some users to perform different actions than other types of users.

00:00:36 For example, when they're logged in, we have the info about the user that can create posts, delete their posts, and so on.

00:00:42 There are different types of auth, such as session-based, usually stored in a cookie, and here's a workflow of how you can implement it alongside the pros

00:00:50 and cons.

00:00:51 There's also the token-based or JWT authentication, which also has its own pros and cons.

00:00:57 There's OAuth, allowing you to delegate authorization to third-party services, such as Google, GitHub, and so on.

00:01:04 And there's a basic auth with username and password.

00:01:07 I've also decided to include many resources on authentication and authorization so you can learn a bit more about it.

00:01:13 This was just a quick introduction telling you a bit more about what Auth is before we go ahead and implement it.

00:01:18 So go ahead and read it on your own before you proceed to the next lesson.

Authentication and authorization are two essential concepts in web security.

Authentication is the process of verifying the identity of a user. It ensures that the person or entity accessing the system is who they claim to be.

Authorization, on the other hand, determines what actions a user is allowed to perform within the system after they've been authenticated. It defines the permissions and access levels granted to users based on their identity and role.

Insight

🤔 Why do we need authentication?

It is crucial for protecting sensitive information and ensuring that only authorized users can access it. It's the first line of defense against unauthorized access and data breaches.

Without proper authentication, anyone could access your system and potentially steal or manipulate your data. This could lead to financial loss, reputational damage, and legal consequences.

Types of Authentication

There are various ways to implement authentication and authorization on the web:

Session-based

With session-based authentication, a session is created on the server for each user after they log in. The server then sends a unique session identifier (usually stored as a cookie) to the client, which is used for subsequent requests to authenticate the user

Insight

🍪 What's a cookie? A cookie is a small piece of data that a web server sends to a user's web browser. The browser then stores this data and sends it back with every subsequent request to the same server. Cookies are commonly used for various purposes, including session management, tracking user preferences, and personalizing user experiences.

You can think of cookies as a way for websites to remember users and their preferences across different sessions.

Workflow

When a user logs in, the server generates a unique session ID and stores session data (like user ID, expiration time, etc.) on the server side.
The server sets a cookie in the response containing the session ID.
For subsequent requests, the client sends the session ID along with the request.
The server verifies the session ID against the stored session data to authenticate the user.

Pros

Secure: Session data is stored on the server, reducing the risk of token theft.
Easy to implement: Many web frameworks provide built-in support for session management.
Automatic expiration: Sessions can be set to expire after a certain period, enhancing security.

Cons

Scalability issues: Storing session data on the server can lead to scalability challenges, especially in distributed systems.
Server-side storage: Requires server resources to manage session data, increasing server load.
Vulnerable to CSRF attacks: Session identifiers stored in cookies can be susceptible to CSRF attacks if not properly secured.

2. Token-based (JWT)

With token-based authentication, a token containing user information is generated upon successful login and sent to the client. This token is then included in subsequent requests to authenticate the user.

Workflow

Upon successful authentication, the server generates a JWT containing user information and signs it with a secret key.
The server sends the JWT to the client, usually in the response body or as a header.
The client includes the JWT in the header of subsequent requests.
The server verifies the JWT's signature and decodes its payload to authenticate the user.

Pros

Stateless: Tokens contain all necessary information for authentication, eliminating the need for server-side storage.
Scalable: Tokens can be easily distributed across multiple servers, improving scalability.
Enhanced security: Tokens can be encrypted and signed to prevent tampering and unauthorized access.

Cons

Token management: Requires additional effort to manage token lifecycle, including expiration and revocation.
Token size: Tokens can be larger than session identifiers, increasing network overhead.
Vulnerable to token theft: If not properly secured (e.g., through HTTPS), tokens can be intercepted and used by malicious actors.

3. OAuth

OAuth is a protocol for delegated authorization, allowing third-party services to access a user's resources without exposing their credentials. Users can grant limited access to their data to external applications.

Workflow

Register your application with the OAuth provider and obtain client credentials (client ID and client secret).
Redirect users to the OAuth provider's authentication endpoint.
After authentication, the OAuth provider redirects the user back to your application with an authorization code.
Exchange the authorization code for an access token and optionally a refresh token.
Use the access token to access the user's resources on behalf of the user.

Pros

Single sign-on (SSO): Users can access multiple services with a single set of credentials, improving user experience.
Granular permissions: Users can grant limited access to their resources, enhancing privacy and security.
Widely supported: OAuth is a widely adopted standard used by many popular services and platforms.

Cons

Complexity: Implementing OAuth can be complex, requiring understanding of the protocol and its various flows.
Trust dependency: Users must trust third-party services with access to their data, raising privacy concerns.
Token management: Requires handling of access tokens and refresh tokens, adding complexity to authentication flow.

4. Basic authentication

Basic authentication involves users providing their credentials (username and password) with each request, encoded and sent to the server. It's simple but less secure compared to other methods.

Workflow

Clients encode the username and password in a Base64-encoded string and includes it in the request header.
The server decodes the string, extracts the credentials, and validates them against the stored credentials.

Pros

Simple to implement: Requires minimal setup and configuration, making it easy to get started.
Universal support: Basic authentication is supported by virtually all web browsers and servers.
No session management: Does not require server-side storage or session management, reducing server load.

Cons

Lack of security: Credentials are sent with every request, increasing the risk of interception and unauthorized access.
No encryption: Credentials are sent in plaintext, making them vulnerable to interception.
Limited functionality: Does not support features like session management or granular permissions, limiting its usability in complex applications.

Warning

Avoid using basic authentication for sensitive applications as credentials are sent with every request, making them susceptible to interception.

These authentication methods serve different purposes and have varying levels of security and complexity. Choosing the right one depends on factors such as the application's requirements, security considerations, and user experience.

Resources

Happy Learning 🥳

Authentication and authorization are two essential concepts in web security.

Authentication is the process of verifying the identity of a user. It ensures that the person or entity accessing the system is who they claim to be.

Insight

🤔 Why do we need authentication?

It is crucial for protecting sensitive information and ensuring that only authorized users can access it. It's the first line of defense against unauthorized access and data breaches.

Without proper authentication, anyone could access your system and potentially steal or manipulate your data. This could lead to financial loss, reputational damage, and legal consequences.

Types of Authentication

There are various ways to implement authentication and authorization on the web:

Session-based

Insight

You can think of cookies as a way for websites to remember users and their preferences across different sessions.

Workflow

When a user logs in, the server generates a unique session ID and stores session data (like user ID, expiration time, etc.) on the server side.
The server sets a cookie in the response containing the session ID.
For subsequent requests, the client sends the session ID along with the request.
The server verifies the session ID against the stored session data to authenticate the user.

Pros

Secure: Session data is stored on the server, reducing the risk of token theft.
Easy to implement: Many web frameworks provide built-in support for session management.
Automatic expiration: Sessions can be set to expire after a certain period, enhancing security.

Cons

Scalability issues: Storing session data on the server can lead to scalability challenges, especially in distributed systems.
Server-side storage: Requires server resources to manage session data, increasing server load.
Vulnerable to CSRF attacks: Session identifiers stored in cookies can be susceptible to CSRF attacks if not properly secured.

2. Token-based (JWT)

Workflow

Upon successful authentication, the server generates a JWT containing user information and signs it with a secret key.
The server sends the JWT to the client, usually in the response body or as a header.
The client includes the JWT in the header of subsequent requests.
The server verifies the JWT's signature and decodes its payload to authenticate the user.

Pros

Stateless: Tokens contain all necessary information for authentication, eliminating the need for server-side storage.
Scalable: Tokens can be easily distributed across multiple servers, improving scalability.
Enhanced security: Tokens can be encrypted and signed to prevent tampering and unauthorized access.

Cons

Token management: Requires additional effort to manage token lifecycle, including expiration and revocation.
Token size: Tokens can be larger than session identifiers, increasing network overhead.
Vulnerable to token theft: If not properly secured (e.g., through HTTPS), tokens can be intercepted and used by malicious actors.

3. OAuth

Workflow

Register your application with the OAuth provider and obtain client credentials (client ID and client secret).
Redirect users to the OAuth provider's authentication endpoint.
After authentication, the OAuth provider redirects the user back to your application with an authorization code.
Exchange the authorization code for an access token and optionally a refresh token.
Use the access token to access the user's resources on behalf of the user.

Pros

Single sign-on (SSO): Users can access multiple services with a single set of credentials, improving user experience.
Granular permissions: Users can grant limited access to their resources, enhancing privacy and security.
Widely supported: OAuth is a widely adopted standard used by many popular services and platforms.

Cons

Complexity: Implementing OAuth can be complex, requiring understanding of the protocol and its various flows.
Trust dependency: Users must trust third-party services with access to their data, raising privacy concerns.
Token management: Requires handling of access tokens and refresh tokens, adding complexity to authentication flow.

4. Basic authentication

Basic authentication involves users providing their credentials (username and password) with each request, encoded and sent to the server. It's simple but less secure compared to other methods.

Workflow

Clients encode the username and password in a Base64-encoded string and includes it in the request header.
The server decodes the string, extracts the credentials, and validates them against the stored credentials.

Pros

Simple to implement: Requires minimal setup and configuration, making it easy to get started.
Universal support: Basic authentication is supported by virtually all web browsers and servers.
No session management: Does not require server-side storage or session management, reducing server load.

Cons

Lack of security: Credentials are sent with every request, increasing the risk of interception and unauthorized access.
No encryption: Credentials are sent in plaintext, making them vulnerable to interception.
Limited functionality: Does not support features like session management or granular permissions, limiting its usability in complex applications.

Warning

Avoid using basic authentication for sensitive applications as credentials are sent with every request, making them susceptible to interception.

Resources

Happy Learning 🥳