zenstackhq / zenstack Goto Github PK

Typescript toolkit on top of Prisma ORM, offering flexible and declarative Access Control Policy(Authorization/Permission) for RBAC/ABAC/PBAC/ReBAC with auto-generated type-safe APIs and frontend hooks.

Home Page: https://zenstack.dev

License: MIT License

JavaScript 0.37% TypeScript 99.18% Shell 0.02% Kotlin 0.28% CSS 0.15%

fullstack nextjs orm typescript authorization crud prisma access-control trpc api

zenstack's People

Contributors

Stargazers

Watchers

Forkers

ymc9 piyushchauhan2011 dingzhanjun farukencoded jonathangerbaud jawadst potion-cellar zhuewizz xemah azzerty23 jiashengguo shism2 chemitaxis rodrigoinhaia randpharoah hazdik selique samkenxstream sureshkuchana mateus-p krist7599555 abdullahahmeda tlancina gilsonricardopeloso neon0x quan-vu rortan134 mubaidr lordfirespeed frikadellios hassanshanjava jasonmacdonald yangzhihui0627 leeight silentnyte elsantoalcielo ivi3 jacky-odoo anli-xsigns sitch sorokinvld franko00007 dikyarga bbozzay chunkerchunker mentordotgit eraoul simonedelmann ictserv unifiedcentury georgee0 karlorz tgtgamer ustice eventiva stevenpersia johanhartono overphoenix weiplanet wittech me0wster jbruxelle sakgoyal eliav2 azoom-dang-van-hoi

zenstack's Issues

Add todo sample to documentation

Missing @unique attribute is not properly checked

One-to-one relation requires one side of reference to be marked @unique. It's not checked today.

repro:

model User {
    id String @id @default(cuid())
    data UserData?
}

model UserData {
    id String @id @default(cuid())
    user User  @relation(fields: [userId], references: [id])
    userId String
}

Error:
Error parsing attribute "@relation": A one-to-one relation must use unique fields on the defining side. Either add an @unique attribute to the field userId, or change the relation to one-to-many.

Provide an appropriate solution for calling get/find hooks when argument cannot be constructed yet

Arguments of get/find hooks can come from other hooks and may not be available when a component is first rendered. We should probably provide a way to "mute" the hooks until args are ready.

VS Code extension occasionally reports errors

Describe the bug
VS Code extension occasionally reports errors with a stack like:

An error occurred during validation: Error: AST node has no document.
at Mb (/Users/yiming/.vscode/extensions/zenstack.zenstack-1.0.4/bundle/language-server/main.js:36:5802)
at get ref [as ref] (/Users/yiming/.vscode/extensions/zenstack.zenstack-1.0.4/bundle/language-server/main.js:3736:24701)
at rM (/Users/yiming/.vscode/extensions/zenstack.zenstack-1.0.4/bundle/language-server/main.js:6630:26281)
at tc.validate (/Users/yiming/.vscode/extensions/zenstack.zenstack-1.0.4/bundle/language-server/main.js:6630:32491)
at ch.checkExpression (/Users/yiming/.vscode/extensions/zenstack.zenstack-1.0.4/bundle/language-server/main.js:6630:33668)
at /Users/yiming/.vscode/extensions/zenstack.zenstack-1.0.4/bundle/language-server/main.js:3736:29142
at /Users/yiming/.vscode/extensions/zenstack.zenstack-1.0.4/bundle/language-server/main.js:3582:26330
at async Promise.all (index 8)
at async eg.validateAst (/Users/yiming/.vscode/extensions/zenstack.zenstack-1.0.4/bundle/language-server/main.js:3582:26175)
at async eg.validateDocument (/Users/yiming/.vscode/extensions/zenstack.zenstack-1.0.4/bundle/language-server/main.js:3582:25876)

To Reproduce
Can't reproduce consistently.

Expected behavior
No error.

Environment (please complete the following information):

OS: Mac OS
Node version: 16.15
NPM version: 8.9.2
Database type: Sqlite

Issue warning if no policy is found in a model

If a model doesn't have any policy, by default, no operation is permitted, so no hooks are generated. However, this can be confusing to new users. We should issue a warning during generation.

Complex types are not properly handled: bigint, decimal, date, and bytes

Upgrade to Prisma 4.7

VSCode and CLI reports error when using enum as field default

enum OrderStatus {
  UNPAID
  PAID
}

model Order {
  id String @default(cuid())
  status OrderStatus(UNPAID)
}

Error: Value is not assignable to parameter

Example with ironsession

User without 'name' property will get error when generating

node_modules/.zenstack/src/auth/authorize.ts:32:21 - error TS2322: Type '{ id: true; email: true; password: true; name: true; }' is not assignable to type 'UserSelect'.
Object literal may only specify known properties, and 'name' does not exist in type 'UserSelect'.

32 name: true,

Field validation

Wrong http method for "upsert" method in react hooks

It's generated as "PUT" now but should be "POST" instead.

Make sure auth()'s type is properly resolved

Currently, result type of auth() function is weakly resolved because it needs to refer to the User model defined by user. We should actually let it resolve to the user-defined User model.

Add `zenstack init` command for initializing a project

Vscode extension: goto definition doesn't work for pre-defined attributes and functions

Update broken test cases

Todo sample: after signup, user's space is not correctly fetched so creating list fails

The path generated in prisma file couldn't be recognized in Windows OP

error: Unknown escape sequence. If the value is a windows-style path, \ must be escaped as \\.
--> schema.prisma:8
|
7 | provider = "prisma-client-js"
8 | output = "..\node_modules.zenstack.prisma"

Should provide a way to exclude certain fields, like password

Insufficient query guard is generated when context user doesn't have an id

Make a website

When CLI runs, should check if Prisma is installed with a minimum supported version

Triple-slash comments cannot be used on attribute/function/etc

Right now it's only allowed for model and model field.

Generic internal error 500 is returned when database unique constraint is violated

Should give an HTTP 4xx with an appropriate error instead.

Use explicit signup in next-auth starter project

Right now, the project implicitly signup a user account if it's not found during signup. We should change it to explicit signup as a better sample.

Extract next-auth adapter into a separate package

Appropriate logging mechanisms

Right now, all logging is done with console. We need to have an appropriate mechanism for it.

Run "prisma generate" automatically after "zenstack generate"

Implement changesets

Merge @zenstackhq/internal and @zenstackhq/runtime packages

Version update check and prompt

Prisma schema should be regenerated for all Zenstack cli commands

Generate proper checking error messages for collection predicate expressions

Proper CI/CD for npm package publishing

Upgrade to swr v2

SSR support

Field comparison operator functions

Schema: merge user defined "generator"

Add Telemetry to CLI

User model with non-string id doesn't work with auth() policy check

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:
1.
2.
3.

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Environment (please complete the following information):

OS: [e.g. Mac OS 13.0]
Node version: [e.g. 16.15.0]
NPM version: [e.g. 8.19.2]
Database type: [e.g. Postgresql]

Additional context
Add any other context about the problem here.

model M14 {
    id String @id @default(cuid())

    // consistency of ? between m12 and m12Id
    m12 M12? @relation(fields: [m12Id], references: [id])
    m12Id String?
}

model Model {
        id String @id @default(uuid())
        a String
        b String
        @@unique([a, b])
        @@allow('all', true)
}

await withPresets(prisma).model.findUnique({ where: { a_b: { a: 'a', b: 'b' } } }));

Error

Invalid prisma.model.findMany() invocation:

{
  where: {
    AND: [
      {
        a_b: {
        ~~~
          a: 'a1',
          b: 'b1'
        }
      },
      {
        x: {
          gt: 0
        }
      }
    ]
  }
}