zenstack

mirror of https://github.com/zenstackhq/zenstack synced 2026-05-24 10:08:55 +00:00

History

Yiming e93ca5bf10 fix: zod typing for `DateTime` field, improve overall code generation (#363 ) Co-authored-by: Abdullah Hassan <iAbdullahHassan@gmail.com>		2023-04-22 09:19:26 -07:00
..
language	fix: support object literal in plugin fields processing (#351 )	2023-04-14 11:05:56 -07:00
next	fix: zod typing for `DateTime` field, improve overall code generation (#363 )	2023-04-22 09:19:26 -07:00
plugins	fix: zod typing for `DateTime` field, improve overall code generation (#363 )	2023-04-22 09:19:26 -07:00
runtime	fix: deprecated `cuid` dependency & clean up CI file (#359 )	2023-04-18 22:01:20 -07:00
schema	fix: zod typing for `DateTime` field, improve overall code generation (#363 )	2023-04-22 09:19:26 -07:00
sdk	fix: zod typing for `DateTime` field, improve overall code generation (#363 )	2023-04-22 09:19:26 -07:00
server	fix: zod typing for `DateTime` field, improve overall code generation (#363 )	2023-04-22 09:19:26 -07:00
testtools	fix: zod typing for `DateTime` field, improve overall code generation (#363 )	2023-04-22 09:19:26 -07:00
LICENSE	merge canary to dev (#181 )	2023-01-27 22:31:44 +08:00
README.md	merge canary to dev (#181 )	2023-01-27 22:31:44 +08:00

README.md

What it is

ZenStack is a toolkit that simplifies the development of a web app's backend. It supercharges Prisma ORM with a powerful access control layer and unleashes its full potential for web development.

Our goal is to let you save time writing boilerplate code and focus on building real features!

How it works

ZenStack extended Prisma schema language for supporting custom attributes and functions and, based on that, implemented a flexible access control layer around Prisma.

// schema.zmodel

model Post {
    id String @id
    title String
    published Boolean @default(false)
    author User @relation(fields: [authorId], references: [id])
    authorId String

    // 🔐 allow logged-in users to read published posts
    @@allow('read', auth() != null && published)

    // 🔐 allow full CRUD by author
    @@allow('all', author == auth())
}

At runtime, transparent proxies are created around Prisma clients for intercepting queries and mutations to enforce access policies. Moreover, framework integration packages help you wrap an access-control-enabled Prisma client into backend APIs that can be safely called from the frontend.

// Next.js example: pages/api/model/[...path].ts

import { requestHandler } from '@zenstackhq/next';
import { withPolicy } from '@zenstackhq/runtime';
import { getSessionUser } from '@lib/auth';
import { prisma } from '@lib/db';

export default requestHandler({
    getPrisma: (req, res) => withPolicy(prisma, { user: getSessionUser(req, res) }),
});

Plugins can generate strong-typed client libraries that talk to the APIs:

// React example: components/MyPosts.tsx

import { usePost } from '@lib/hooks';

const MyPosts = () => {
    // Post CRUD hooks
    const { findMany } = usePost();

    // list all posts that're visible to the current user, together with their authors
    const { data: posts } = findMany({
        include: { author: true },
        orderBy: { createdAt: 'desc' },
    });

    return (
        <ul>
            {posts?.map((post) => (
                <li key={post.id}>
                    {post.title} by {post.author.name}
                </li>
            ))}
        </ul>
    );
};

Features

Access control and data validation rules right inside your Prisma schema
Auto-generated RESTful API and client library
End-to-end type safety
Extensible: custom attributes, functions, and a plugin system
Framework agnostic
Uncompromised performance

Examples

Check out the Collaborative Todo App for a running example. You can find the source code below:

Community

Join our discord server for chat and updates!

License

MIT