Current section: Verification 5 exercises

Creating a Verification Model in Prisma for User Verification

Loading solution


00:00 So let's create this model in our schema. We've got this verification model down here. So model verification. And I'm gonna let Copilot fill that in for us because there's a bit and it's pretty straightforward. I'll just explain it to you. So we've got our ID. That's just like the other models that we've got. We've got a created at to keep track of when this was created.

00:18 I don't really see a whole lot of sense in an updated app because these won't typically be updated anyway. So then we also have the type. This is the type of thing that they're trying to verify. So this would be like two-factor auth or they're trying to verify their email or phone number, that sort of thing. Here is the target.

00:37 So this is the thing that they're trying to verify. So if they're verifying their email address, then this would be the email address itself. If they're trying to verify their identity as a user on the platform, then this would be the user ID. And then these things are all for generating that one-time password at a future date.

00:54 So the secret is like the most important key to this. This is a cryptographically generated secret that you don't have to generate yourself. Luckily, we have libraries that do this for us. The algorithm is important also. So the algorithm that's used to generate these one-time passwords.

01:12 The number of digits for the one-time password, normally that's six, it defaults to six. The period, so how long, like what's the size of the window for the validity of a one-time password? And then the character set, the char set. This is normally by default

01:29 and with like two-factor auth code generators, this is just gonna be the digits from zero to nine. But to make it even more secure, you can go like A, B, C, D, E of all the, like whatever number of characters, and then it just explodes to the number of possible combinations that make it very, very difficult to guess.

01:49 And so the character set is also an option that you'll want to save along with this verification. And then an expires at, so when it's safe to delete this thing. Now, not all verifications need to expire, like two-factor auth, that shouldn't never expire. But for other types of verifications

02:08 like confirming a user's email address, that can expire after like a half hour or something like that. And then we have our unique constraint. We never want a user to have two types of verifications for one target. And so like you wouldn't,

02:26 a user couldn't really have two-factor auth verifications. That wouldn't make any sense. I don't want to allow a user to have two different verifications for confirming their email, that sort of thing. And so that's why we're having, we have this unique constraint, and it comes with the benefit of adding an index for us.

02:43 Speaking of, let's run npx prisma migrate dev, and we'll give this the name of verification. Well, verifications. And with that, that generates our SQL. We can pop that open and take a look at that, because there's something I think you might want to see in here.

03:02 Here we go. So it looks pretty, pretty typical. But one thing that you might notice, and maybe you already thought about this, is the fact that we don't have any relationships at all in here. So that's actually intentional. You can probably relate a verification to a specific user, but when you're confirming somebody's email,

03:23 we haven't actually set up a user for them yet, so what do we relate it to? And so I think that it makes plenty of sense to just rely on this unique constraint of the target and type, and you just look things up by the target and type. That's what we're going to be doing in these exercises. Now, there's one last thing we want to do,

03:41 and that is in our seed script right here, we want to delete all the verifications as part of resetting the database. So we're going to await prisma verification.deleteMany, and we need to do that because it's not tied to a user, just like the role and permission aren't tied to users. So we're going to delete the verifications as well.

04:00 And that gets us ready for actually verifying users in various forms. So there you go. That's the verification model in Prisma.