generated from 47ng/typescript-library-starter
-
-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nested queries support #5
Merged
Merged
+3,067
−473
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
They are generated per-Model & per-operation, to make sure we only encrypt the right things in case some nested fields have the same name but aren't encrypted. Note: targeted decryption has been disabled for now (WIP), it will try to eagerly decrypt anything it sees.
Pull Request Test Coverage Report for Build 1523194943Warning: This coverage report may be inaccurate.This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.
Details
💛 - Coveralls |
- Use @prisma/sdk to generate test DMMFs from schema strings
Use a depth-first search algorithm with branch-local state to define which model we're working on, and follow the model's connections down to the target fields. This allows going through models that have no encrypted fields, and handles any level of nesting both on the input and the output objects. Using a layered visitor pattern (object -> models -> cipher) allows a single iteration for performance.
Logging can be done in the integration tests with the `PRISMA_FIELD_ENCRYPTION_LOG` environment variable (see .env). See #4.
With multiple outgoing connections to the same target model, and an un-encrypted model.
🎉 This PR is included in version 1.1.0-beta.1 🎉 The release is available on: Your semantic-release bot 📦🚀 |
🎉 This PR is included in version 1.1.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Encryption and decryption should be targeted better.
This PR adds support for precise control over which fields should be encrypted on write operations, and which fields should be attempted to be decrypted (ie: not all string leaves).
Why ?
Issues Encountered
Nested creates can potentially end up with cyclic graphs (A -> B -> C -> A). How does the query engine resolve those ?
Note: there seems to be an undocumented use of $use (pun intended), by setting 'engine' as the first argument and passing the callback as a second, the middlware will be plugged on the query engine, which has more info about the query structure. But it's an internal thing that could break and the datamodel there is just as hard to parse.