https://www.prisma.io/ logo
Join Slack
Powered by
Hello Everyone! I’m trying to implement applicati...
# orm-help
e
Hello Everyone! I’m trying to implement application-level encryption in our middleware, but I noticed that middleware only triggers for the root action, and I’d have to build complex traversal of the params to handle encryption of the fields on the nested models that will be created/updated as a result of this root action. Before I go and implement that traversal and cross-checking with the schema, I have to ask: Am I doing something wrong? Is there a simple way to intercept and modify attributes of a model before they get written/read from the database without requiring complex processing of this sort in the nested actions case?
r
@Eduardo Del Balso 👋 You would need to perform a traversal in this case as we currently do not support middleware for nested creates at the moment. It would be great if you could add a 👍 to this request so that we know the priority 🙂
e
Done. The workaround suggested there doesn't work because it presumes that all column names across all nested models are unique. We're struggling because there are many nested models that have an email column, but only one of those models should have its email encrypted. This is true for many columns across many models, so because we have many deeply nested models with different cardinalities in their relationships: the traversal code that has to track columns and the models they're associated with + the mutations gets REALLY gnarly
And it feels like this is something that Prisma should be managing, not us.. :/
💯 1
Especially since there seems to be no simple way to ask Prisma what columns exist for an attribute that represents a relationship, we're also finding we have to parse the schema file to get the model name for an associated column dynamically
The team is arguing with me that Prisma isn't production ready because of this and are pushing me to ditch it. :/
r
The team is arguing with me that Prisma isn’t production ready because of this and are pushing me to ditch it. 😕
I would say that there are a lot of advantages to Prisma and as per the requirements there could be a better workaround. Maybe @janpio has an idea 🤔
e
I’m actually curious if there’s a way to ask a model what its attributes are without having to parse the schema file. I can’t find it in the documentation or when I google
I think that would help make this a bit easier
We see ONE mention of the DMMF here in the docs: https://www.prisma.io/docs/concepts/components/prisma-schema#comments
and assume that’s where we might find some answers, but can’t figure out anything beyond that yet
we ended up using 
const { getDMMF } = require('@prisma/sdk/dist/engine-commands/getDmmf')
to make some progress, but really feels like we’re down the wrong path here.
r
You can use the private field directly from the 
PrismaClient
instance:
Copy code
import { PrismaClient } from '@prisma/client'

const prisma = new PrismaClient()
console.log(prisma._dmmf)
j
Note that DMMF is an internal thing that can break any time. It is not a supported API we try to keep stable.
e
I figured it was internal, but is there any other way to dynamically introspect the schema for a given attribute or model at runtime?
or is that my best option?
@Ryan / @janpio -> Curious your answer to whether there’s a good way to dynamically introspect the schema at runtime or not
j
What does "dynamically introspect" mean? Figure out what fields they have?
e
yea, like if I have a User model with a Posts association, then that’s expressed as an attribute 
posts
on User
so when I’m in a middleware, and I see something like:
Copy code
{
  data: {
    posts: [
     { 
       create: {
         data: { ... }
       }
     }
  }
}
When I’m traversing that object in the middleware code, I’d like to look up what the model is for the 
posts
attribute and what are the names of its fields, so that I can cross-check that with the list of fields on models that should be encrypted, and encrypt them if so.
We’re building an app that collects PII and stuff like that, so we have compliance requirements around how our data is stored and we have to implement application-level encryption like this. Hooking into prisma read and writes is an excellent solution, but the limitations of the middleware are making it really challenging because not all fields named 
income
need to be encrypted because they’re not all PII, it depends on which model has the field named 
income
The best solution would be for us to be able to add custom 
@
directives in the schema, so that we can label each field with 
@encrypted
or something and then in middleware query for that directive on the field and change the read/write behavior for it, but that’s not supported, so we have a shadow schema that specifies the encryption behavior and we’re trying to glue it all together in middleware, so that we don’t have to implement wrappers around all our crud operations and can keep using prisma as the crud api
@janpio / @Ryan any thoughts?
j
The request for custom attributes is not a new one - we have an issue for that somewhere in GitHub 👍
That would also be available via the DMMF right now btw - which is why this feature kinda would be connected to making this an official API.
Soooo the DMMF is probably your best bet right now. But I have to repeat at this time that this is not an official API and might change in the future, including breaking changes, outside of major updates of Prisma.
Realistically that will not happen though, and if it does it will offer the same functionality in a different format only.
e
Awesome, ok. Well you have my vote to make this official 🙂 Let me know if there’s anything I can do to help
I also feel like there’s a good use case here for yielding in middleware for each nested model and attribute action. Just want to echo how that would allow us to NOT use the DMMF at all in this scenario, which is ideal since I don’t want to be cross-checking schemas or traversing the write API’s nested object structure myself in middleware
But thank you for the response and consideration, good to know about the DMMF, and I 100% hear you that it’s not an official api
j
Can you see if there is an issue for the "yielding in middleware for each nested model and attribute action" feature? I think I agree this might be super helpful.
e
@janpio -> This is the best one I could find: https://github.com/prisma/prisma/issues/4211
it’s also the one that show the solution that doesn’t really work since it doesn’t resolve which model the field is an attribute for
j
Comments and further information welcome then. And if you think the issue is not great in the first place, feel free to open a new one as well.
e
Will do my best
👍 1
Open in Slack
PreviousNext
Powered by