Good afternoon people, I'm developing an application in nodejs and I made the routes with JWT Token authentication, it's working normally, but now I need to make the user have access only to his data. Example: User X can only have access to his information and will not be able to access anything from another user. I'm using Nodejs with Typescript and Prisma. Could someone give me a light so I can research and implement?

I'm not very well versed in the specifics, but I believe graphql shield is one option if that is the API type you use. Generally the topic goes under autherization (as opposed to authentication), and other bigger solutions I've recently seen is Cerbos (was mentioned a video here a couple of days ago) and one of the components in the Ory ecosystem.

I'm not using graphql, but I'll check it out. Thanks.

Have you taken a look at CASL? It's a very full featured authorization lib written in Typescript. It supports filtering Prisma queries by authority to operate on records, and permissions are very easy to configure.

Thanks

Hey 👋 You can also checkout cerbos.dev for authorising the users, they have integration with Prisma. Here’s an official example of how you could use cerbos with prisma.

Thanks!