JSPM

zenstack

1.0.0-alpha.28
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 22244
  • Score
    100M100P100Q139717F
  • License MIT

A toolkit for building secure CRUD apps with Next.js + Typescript

Package Exports

    This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (zenstack) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

    Readme

    What it is

    ZenStack is a toolkit that simplifies the development of a web app's backend. It supercharges Prisma ORM with a powerful access control layer and unleashes its full potential for web development.

    Our goal is to let you save time writing boilerplate code and focus on building real features!

    How it works

    ZenStack extended Prisma schema language for supporting custom attributes and functions and, based on that, implemented a flexible access control layer around Prisma.

    // schema.zmodel

model Post {
    id String @id
    title String
    published Boolean @default(false)
    author User @relation(fields: [authorId], references: [id])
    authorId String

    // 🔐 allow logged-in users to read published posts
    @@allow('read', auth() != null && published)

    // 🔐 allow full CRUD by author
    @@allow('all', author == auth())
}

    At runtime, transparent proxies are created around Prisma clients for intercepting queries and mutations to enforce access policies. Moreover, framework integration packages help you wrap an access-control-enabled Prisma client into backend APIs that can be safely called from the frontend.

    // Next.js example: pages/api/model/[...path].ts

import { requestHandler } from '@zenstackhq/next';
import { withPolicy } from '@zenstackhq/runtime';
import { getSessionUser } from '@lib/auth';
import { prisma } from '@lib/db';

export default requestHandler({
    getPrisma: (req, res) => withPolicy(prisma, { user: getSessionUser(req, res) }),
});

    Plugins can generate strong-typed client libraries that talk to the APIs:

    // React example: components/MyPosts.tsx

import { usePost } from '@lib/hooks';

const MyPosts = () => {
    // Post CRUD hooks
    const { findMany } = usePost();

    // list all posts that're visible to the current user, together with their authors
    const { data: posts } = findMany({
        include: { author: true },
        orderBy: { createdAt: 'desc' },
    });

    return (
        <ul>
            {posts?.map((post) => (
                <li key={post.id}>
                    {post.title} by {post.author.name}
                </li>
            ))}
        </ul>
    );
};

    Features

    • Access control and data validation rules right inside your Prisma schema
    • Auto-generated RESTful API and client library
    • End-to-end type safety
    • Extensible: custom attributes, functions, and a plugin system
    • Framework agnostic
    • Uncompromised performance

    Examples

    Check out the Collaborative Todo App for a running example. You can find the source code below:

    Community

    Join our discord server for chat and updates!

    License

    MIT