Check out a free preview of the full Build a Fullstack App from Scratch (feat Next.js) course:
The "Seeding User Data" Lesson is part of the full, Build a Fullstack App from Scratch (feat Next.js) course featured in this preview video. Here's what you'd learn in this lesson:

Scott demonstrates how to salt and hash users' passwords using bcrypt for encryption. A student's question regarding if the Prisma code gets shipped to the client is also covered in this segment.

Get Unlimited Access Now

Transcript from the "Seeding User Data" Lesson

[00:00:00]
>> Go back to our C-scripts here. So we have our artists and our songs. The next thing is I want to create a user. And then I want the user to have some playlists. So we'll do that. The first thing is to create a user, we need the password, but we're not gonna save the password as plain text because come on now, that's not what we do.

[00:00:16] We're gonna hash the password before we do that, in order to do that, we're gonna generate a salt. So I'm gonna say const salt = bcrypts.genSaltsSync, like that. That's gonna give us a salt. If you don't know anything about encryption, don't worry about this. This is just, you could think of it as like a, I don't know, encryption is like a reversible, it's like if you could make food but also undo it.

[00:00:47] But the only way you could do it is if you knew the special key to the oven. That's basically what this encryption is. And salt is a specific ingredient that makes the food taste a certain way and you need that ingredient in there or otherwise, it won't taste a certain way.

[00:01:01] That's the best way I can describe it without getting into a bunch of crypto stuff. So we got a salt here. And the next one is you need to make a user. So that's just gonna be a wait, prisma.user.upsert. And for this, pretty much is gonna be the same thing.

[00:01:21] So I'm gonna say find a user where we'll go by email. And I'll say email is user@test.com, that'd be our c user's email. If you find that user, I want you to do an update of nothing because I don't actually want to update this user if you find them.

[00:01:38] But I do want to create them if they don't exist. And what I want you to do when you create them is I just want you to give them email of the same email here user@test.com. And I want to give them a password of bcrypt.hashSync, and you're just gonna type in whatever password you want.

[00:02:02] I am just gonna type in password as my password so I can log in super easy. And then the salt. So that should create a user. And we'll be doing the same thing when we actually do the authentication. We'll be literally doing the same strategy of making a user and sign up.

[00:02:17] I think this is pretty intuitive. I know I'm like hyping Prisma up, I promise you I don't work for them. I've only met them once ever. I just think they created a really good tool. Yeah, Mark.
>> So does the Prisma code get shipped to the client? Just to be clear?

[00:02:33]
>> Does the Prisma code get shipped to the client? Good question. That all actually depends on where you write the code because Next.js does optimizations on imports. Thus far we have not written any Prisma code on the client. So as of right now, no. And actually going forward for this whole project, no, we will not be shipping any Prisma code on the client.

[00:02:54] Although we will be writing Prisma code in a component that is on the client. But the way Next.js behaves it actually strips all that out for the client build. So although it does look like it's been written on the client, it actually will be stripped out before it gets built.

[00:03:10] And that's the power of Next.js, so to answer your question, no. But yes, it will feel like that when we get to the next step. But this whole C-scripting is actually there's no client stuff. This is ran in node, it only interacts with the database. So no, you probably wouldn't get a lot of benefit out of the Prisma client on the front end because that would be dangerous so yeah.