@zenstackhq/runtime 2.10.2 → 2.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/constants.d.ts +4 -0
- package/constants.js +12 -1
- package/constants.js.map +1 -1
- package/cross/index.js +22 -20
- package/cross/index.js.map +1 -1
- package/cross/index.mjs +22 -20
- package/cross/index.mjs.map +1 -1
- package/encryption/index.d.ts +25 -0
- package/encryption/index.js +74 -0
- package/encryption/index.js.map +1 -0
- package/encryption/utils.d.ts +9 -0
- package/encryption/utils.js +99 -0
- package/encryption/utils.js.map +1 -0
- package/enhancements/edge/create-enhancement.js +11 -2
- package/enhancements/edge/create-enhancement.js.map +1 -1
- package/enhancements/edge/default-auth.js +2 -9
- package/enhancements/edge/default-auth.js.map +1 -1
- package/enhancements/edge/delegate.js +102 -37
- package/enhancements/edge/delegate.js.map +1 -1
- package/enhancements/edge/encryption.d.ts +7 -0
- package/enhancements/edge/encryption.js +150 -0
- package/enhancements/edge/encryption.js.map +1 -0
- package/enhancements/edge/password.js +1 -2
- package/enhancements/edge/password.js.map +1 -1
- package/enhancements/node/create-enhancement.js +11 -2
- package/enhancements/node/create-enhancement.js.map +1 -1
- package/enhancements/node/default-auth.js +2 -9
- package/enhancements/node/default-auth.js.map +1 -1
- package/enhancements/node/delegate.js +102 -37
- package/enhancements/node/delegate.js.map +1 -1
- package/enhancements/node/encryption.d.ts +7 -0
- package/enhancements/node/encryption.js +150 -0
- package/enhancements/node/encryption.js.map +1 -0
- package/enhancements/node/password.js +1 -2
- package/enhancements/node/password.js.map +1 -1
- package/package.json +5 -1
- package/types.d.ts +38 -1
|
@@ -0,0 +1,150 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/* eslint-disable @typescript-eslint/no-explicit-any */
|
|
3
|
+
/* eslint-disable @typescript-eslint/no-unused-vars */
|
|
4
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
5
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
6
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
7
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
8
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
9
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
10
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
11
|
+
});
|
|
12
|
+
};
|
|
13
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
14
|
+
exports.withEncrypted = withEncrypted;
|
|
15
|
+
const constants_1 = require("../../constants");
|
|
16
|
+
const cross_1 = require("../../cross");
|
|
17
|
+
const encryption_1 = require("../../encryption");
|
|
18
|
+
const logger_1 = require("./logger");
|
|
19
|
+
const proxy_1 = require("./proxy");
|
|
20
|
+
const query_utils_1 = require("./query-utils");
|
|
21
|
+
/**
|
|
22
|
+
* Gets an enhanced Prisma client that supports `@encrypted` attribute.
|
|
23
|
+
*
|
|
24
|
+
* @private
|
|
25
|
+
*/
|
|
26
|
+
function withEncrypted(prisma, options) {
|
|
27
|
+
return (0, proxy_1.makeProxy)(prisma, options.modelMeta, (_prisma, model) => new EncryptedHandler(_prisma, model, options), 'encryption');
|
|
28
|
+
}
|
|
29
|
+
class EncryptedHandler extends proxy_1.DefaultPrismaProxyHandler {
|
|
30
|
+
constructor(prisma, model, options) {
|
|
31
|
+
super(prisma, model, options);
|
|
32
|
+
this.decryptionKeys = [];
|
|
33
|
+
this.queryUtils = new query_utils_1.QueryUtils(prisma, options);
|
|
34
|
+
this.logger = new logger_1.Logger(prisma);
|
|
35
|
+
if (!options.encryption) {
|
|
36
|
+
throw this.queryUtils.unknownError('Encryption options must be provided');
|
|
37
|
+
}
|
|
38
|
+
if (this.isCustomEncryption(options.encryption)) {
|
|
39
|
+
if (!options.encryption.encrypt || !options.encryption.decrypt) {
|
|
40
|
+
throw this.queryUtils.unknownError('Custom encryption must provide encrypt and decrypt functions');
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
else {
|
|
44
|
+
if (!options.encryption.encryptionKey) {
|
|
45
|
+
throw this.queryUtils.unknownError('Encryption key must be provided');
|
|
46
|
+
}
|
|
47
|
+
this.encrypter = new encryption_1.Encrypter(options.encryption.encryptionKey);
|
|
48
|
+
this.decrypter = new encryption_1.Decrypter([
|
|
49
|
+
options.encryption.encryptionKey,
|
|
50
|
+
...(options.encryption.decryptionKeys || []),
|
|
51
|
+
]);
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
isCustomEncryption(encryption) {
|
|
55
|
+
return 'encrypt' in encryption && 'decrypt' in encryption;
|
|
56
|
+
}
|
|
57
|
+
encrypt(field, data) {
|
|
58
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
59
|
+
if (this.isCustomEncryption(this.options.encryption)) {
|
|
60
|
+
return this.options.encryption.encrypt(this.model, field, data);
|
|
61
|
+
}
|
|
62
|
+
return this.encrypter.encrypt(data);
|
|
63
|
+
});
|
|
64
|
+
}
|
|
65
|
+
decrypt(field, data) {
|
|
66
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
67
|
+
if (this.isCustomEncryption(this.options.encryption)) {
|
|
68
|
+
return this.options.encryption.decrypt(this.model, field, data);
|
|
69
|
+
}
|
|
70
|
+
return this.decrypter.decrypt(data);
|
|
71
|
+
});
|
|
72
|
+
}
|
|
73
|
+
// base override
|
|
74
|
+
preprocessArgs(action, args) {
|
|
75
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
76
|
+
if (args && constants_1.ACTIONS_WITH_WRITE_PAYLOAD.includes(action)) {
|
|
77
|
+
yield this.preprocessWritePayload(this.model, action, args);
|
|
78
|
+
}
|
|
79
|
+
return args;
|
|
80
|
+
});
|
|
81
|
+
}
|
|
82
|
+
// base override
|
|
83
|
+
processResultEntity(method, data) {
|
|
84
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
85
|
+
if (!data || typeof data !== 'object') {
|
|
86
|
+
return data;
|
|
87
|
+
}
|
|
88
|
+
for (const value of (0, cross_1.enumerate)(data)) {
|
|
89
|
+
yield this.doPostProcess(value, this.model);
|
|
90
|
+
}
|
|
91
|
+
return data;
|
|
92
|
+
});
|
|
93
|
+
}
|
|
94
|
+
doPostProcess(entityData, model) {
|
|
95
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
96
|
+
var _a;
|
|
97
|
+
const realModel = this.queryUtils.getDelegateConcreteModel(model, entityData);
|
|
98
|
+
for (const field of (0, cross_1.getModelFields)(entityData)) {
|
|
99
|
+
// don't decrypt null, undefined or empty string values
|
|
100
|
+
if (!entityData[field])
|
|
101
|
+
continue;
|
|
102
|
+
const fieldInfo = yield (0, cross_1.resolveField)(this.options.modelMeta, realModel, field);
|
|
103
|
+
if (!fieldInfo) {
|
|
104
|
+
continue;
|
|
105
|
+
}
|
|
106
|
+
if (fieldInfo.isDataModel) {
|
|
107
|
+
const items = fieldInfo.isArray && Array.isArray(entityData[field]) ? entityData[field] : [entityData[field]];
|
|
108
|
+
for (const item of items) {
|
|
109
|
+
// recurse
|
|
110
|
+
yield this.doPostProcess(item, fieldInfo.type);
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
else {
|
|
114
|
+
const shouldDecrypt = (_a = fieldInfo.attributes) === null || _a === void 0 ? void 0 : _a.find((attr) => attr.name === '@encrypted');
|
|
115
|
+
if (shouldDecrypt) {
|
|
116
|
+
try {
|
|
117
|
+
entityData[field] = yield this.decrypt(fieldInfo, entityData[field]);
|
|
118
|
+
}
|
|
119
|
+
catch (error) {
|
|
120
|
+
this.logger.warn(`Decryption failed, keeping original value: ${error}`);
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
}
|
|
124
|
+
}
|
|
125
|
+
});
|
|
126
|
+
}
|
|
127
|
+
preprocessWritePayload(model, action, args) {
|
|
128
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
129
|
+
const visitor = new cross_1.NestedWriteVisitor(this.options.modelMeta, {
|
|
130
|
+
field: (field, _action, data, context) => __awaiter(this, void 0, void 0, function* () {
|
|
131
|
+
var _a;
|
|
132
|
+
// don't encrypt null, undefined or empty string values
|
|
133
|
+
if (!data)
|
|
134
|
+
return;
|
|
135
|
+
const encAttr = (_a = field.attributes) === null || _a === void 0 ? void 0 : _a.find((attr) => attr.name === '@encrypted');
|
|
136
|
+
if (encAttr && field.type === 'String') {
|
|
137
|
+
try {
|
|
138
|
+
context.parent[field.name] = yield this.encrypt(field, data);
|
|
139
|
+
}
|
|
140
|
+
catch (error) {
|
|
141
|
+
this.queryUtils.unknownError(`Encryption failed for field ${field.name}: ${error}`);
|
|
142
|
+
}
|
|
143
|
+
}
|
|
144
|
+
}),
|
|
145
|
+
});
|
|
146
|
+
yield visitor.visit(model, action, args);
|
|
147
|
+
});
|
|
148
|
+
}
|
|
149
|
+
}
|
|
150
|
+
//# sourceMappingURL=encryption.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"encryption.js","sourceRoot":"","sources":["../../../src/enhancements/node/encryption.ts"],"names":[],"mappings":";AAAA,uDAAuD;AACvD,sDAAsD;;;;;;;;;;;AAuBtD,sCAUC;AA/BD,+CAA6D;AAC7D,uCAOqB;AACrB,iDAAwD;AAGxD,qCAAkC;AAClC,mCAAmF;AACnF,+CAA2C;AAE3C;;;;GAIG;AACH,SAAgB,aAAa,CACzB,MAAgB,EAChB,OAAmC;IAEnC,OAAO,IAAA,iBAAS,EACZ,MAAM,EACN,OAAO,CAAC,SAAS,EACjB,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,gBAAgB,CAAC,OAA2B,EAAE,KAAK,EAAE,OAAO,CAAC,EACrF,YAAY,CACf,CAAC;AACN,CAAC;AAED,MAAM,gBAAiB,SAAQ,iCAAyB;IASpD,YAAY,MAAwB,EAAE,KAAa,EAAE,OAAmC;QACpF,KAAK,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QAL1B,mBAAc,GAA8C,EAAE,CAAC;QAOnE,IAAI,CAAC,UAAU,GAAG,IAAI,wBAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,MAAM,GAAG,IAAI,eAAM,CAAC,MAAM,CAAC,CAAC;QAEjC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,qCAAqC,CAAC,CAAC;QAC9E,CAAC;QAED,IAAI,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,UAAW,CAAC,EAAE,CAAC;YAC/C,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;gBAC7D,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,8DAA8D,CAAC,CAAC;YACvG,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC;gBACpC,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,iCAAiC,CAAC,CAAC;YAC1E,CAAC;YAED,IAAI,CAAC,SAAS,GAAG,IAAI,sBAAS,CAAC,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;YACjE,IAAI,CAAC,SAAS,GAAG,IAAI,sBAAS,CAAC;gBAC3B,OAAO,CAAC,UAAU,CAAC,aAAa;gBAChC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,cAAc,IAAI,EAAE,CAAC;aAC/C,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IAEO,kBAAkB,CAAC,UAA+C;QACtE,OAAO,SAAS,IAAI,UAAU,IAAI,SAAS,IAAI,UAAU,CAAC;IAC9D,CAAC;IAEa,OAAO,CAAC,KAAgB,EAAE,IAAY;;YAChD,IAAI,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,UAAW,CAAC,EAAE,CAAC;gBACpD,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;YACpE,CAAC;YAED,OAAO,IAAI,CAAC,SAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACzC,CAAC;KAAA;IAEa,OAAO,CAAC,KAAgB,EAAE,IAAY;;YAChD,IAAI,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,UAAW,CAAC,EAAE,CAAC;gBACpD,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;YACpE,CAAC;YAED,OAAO,IAAI,CAAC,SAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACzC,CAAC;KAAA;IAED,gBAAgB;IACA,cAAc,CAAC,MAA0B,EAAE,IAAS;;YAChE,IAAI,IAAI,IAAI,sCAA0B,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBACtD,MAAM,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,KAAK,EAAE,MAA+B,EAAE,IAAI,CAAC,CAAC;YACzF,CAAC;YACD,OAAO,IAAI,CAAC;QAChB,CAAC;KAAA;IAED,gBAAgB;IACA,mBAAmB,CAAI,MAA0B,EAAE,IAAO;;YACtE,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACpC,OAAO,IAAI,CAAC;YAChB,CAAC;YAED,KAAK,MAAM,KAAK,IAAI,IAAA,iBAAS,EAAC,IAAI,CAAC,EAAE,CAAC;gBAClC,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;YAChD,CAAC;YAED,OAAO,IAAI,CAAC;QAChB,CAAC;KAAA;IAEa,aAAa,CAAC,UAAe,EAAE,KAAa;;;YACtD,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,wBAAwB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;YAE9E,KAAK,MAAM,KAAK,IAAI,IAAA,sBAAc,EAAC,UAAU,CAAC,EAAE,CAAC;gBAC7C,uDAAuD;gBACvD,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;oBAAE,SAAS;gBAEjC,MAAM,SAAS,GAAG,MAAM,IAAA,oBAAY,EAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;gBAC/E,IAAI,CAAC,SAAS,EAAE,CAAC;oBACb,SAAS;gBACb,CAAC;gBAED,IAAI,SAAS,CAAC,WAAW,EAAE,CAAC;oBACxB,MAAM,KAAK,GACP,SAAS,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;oBACpG,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;wBACvB,UAAU;wBACV,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;oBACnD,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACJ,MAAM,aAAa,GAAG,MAAA,SAAS,CAAC,UAAU,0CAAE,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC;oBACvF,IAAI,aAAa,EAAE,CAAC;wBAChB,IAAI,CAAC;4BACD,UAAU,CAAC,KAAK,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;wBACzE,CAAC;wBAAC,OAAO,KAAK,EAAE,CAAC;4BACb,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8CAA8C,KAAK,EAAE,CAAC,CAAC;wBAC5E,CAAC;oBACL,CAAC;gBACL,CAAC;YACL,CAAC;QACL,CAAC;KAAA;IAEa,sBAAsB,CAAC,KAAa,EAAE,MAA6B,EAAE,IAAS;;YACxF,MAAM,OAAO,GAAG,IAAI,0BAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;gBAC3D,KAAK,EAAE,CAAO,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE;;oBAC3C,uDAAuD;oBACvD,IAAI,CAAC,IAAI;wBAAE,OAAO;oBAElB,MAAM,OAAO,GAAG,MAAA,KAAK,CAAC,UAAU,0CAAE,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC;oBAC7E,IAAI,OAAO,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;wBACrC,IAAI,CAAC;4BACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;wBACjE,CAAC;wBAAC,OAAO,KAAK,EAAE,CAAC;4BACb,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,+BAA+B,KAAK,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC,CAAC;wBACxF,CAAC;oBACL,CAAC;gBACL,CAAC,CAAA;aACJ,CAAC,CAAC;YAEH,MAAM,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;QAC7C,CAAC;KAAA;CACJ"}
|
|
@@ -32,8 +32,7 @@ class PasswordHandler extends proxy_1.DefaultPrismaProxyHandler {
|
|
|
32
32
|
// base override
|
|
33
33
|
preprocessArgs(action, args) {
|
|
34
34
|
return __awaiter(this, void 0, void 0, function* () {
|
|
35
|
-
|
|
36
|
-
if (args && args.data && actionsOfInterest.includes(action)) {
|
|
35
|
+
if (args && constants_1.ACTIONS_WITH_WRITE_PAYLOAD.includes(action)) {
|
|
37
36
|
yield this.preprocessWritePayload(this.model, action, args);
|
|
38
37
|
}
|
|
39
38
|
return args;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"password.js","sourceRoot":"","sources":["../../../src/enhancements/node/password.ts"],"names":[],"mappings":";AAAA,uDAAuD;AACvD,sDAAsD;;;;;;;;;;;AAatD,oCAUC;AArBD,+
|
|
1
|
+
{"version":3,"file":"password.js","sourceRoot":"","sources":["../../../src/enhancements/node/password.ts"],"names":[],"mappings":";AAAA,uDAAuD;AACvD,sDAAsD;;;;;;;;;;;AAatD,oCAUC;AArBD,+CAA2F;AAC3F,uCAA6E;AAG7E,mCAAmF;AAEnF;;;;GAIG;AACH,SAAgB,YAAY,CACxB,MAAgB,EAChB,OAAmC;IAEnC,OAAO,IAAA,iBAAS,EACZ,MAAM,EACN,OAAO,CAAC,SAAS,EACjB,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,eAAe,CAAC,OAA2B,EAAE,KAAK,EAAE,OAAO,CAAC,EACpF,UAAU,CACb,CAAC;AACN,CAAC;AAOD,8DAA8D;AAC9D,MAAM,QAAQ,GAAG,OAAO,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC;AAE3G,MAAM,eAAgB,SAAQ,iCAAyB;IACnD,YAAY,MAAwB,EAAE,KAAa,EAAE,OAAmC;QACpF,KAAK,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;IAClC,CAAC;IAED,gBAAgB;IACA,cAAc,CAAC,MAA0B,EAAE,IAAS;;YAChE,IAAI,IAAI,IAAI,sCAA0B,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBACtD,MAAM,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,KAAK,EAAE,MAA+B,EAAE,IAAI,CAAC,CAAC;YACzF,CAAC;YACD,OAAO,IAAI,CAAC;QAChB,CAAC;KAAA;IAEa,sBAAsB,CAAC,KAAa,EAAE,MAA6B,EAAE,IAAS;;YACxF,MAAM,OAAO,GAAG,IAAI,0BAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;gBAC3D,KAAK,EAAE,CAAO,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE;;oBAC3C,MAAM,OAAO,GAAG,MAAA,KAAK,CAAC,UAAU,0CAAE,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,WAAW,CAAC,CAAC;oBAC5E,IAAI,OAAO,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;wBACrC,sBAAsB;wBACtB,IAAI,IAAI,GAAgC,MAAA,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,KAAK,MAAM,CAAC,0CACjF,KAAe,CAAC;wBACtB,IAAI,CAAC,IAAI,EAAE,CAAC;4BACR,IAAI,GAAG,MAAA,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,CAAC,0CAAE,KAAe,CAAC;wBAClF,CAAC;wBACD,IAAI,CAAC,IAAI,EAAE,CAAC;4BACR,IAAI,GAAG,wCAA4B,CAAC;wBACxC,CAAC;wBACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;oBAC5D,CAAC;gBACL,CAAC,CAAA;aACJ,CAAC,CAAC;YAEH,MAAM,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;QAC7C,CAAC;KAAA;CACJ"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@zenstackhq/runtime",
|
|
3
3
|
"displayName": "ZenStack Runtime Library",
|
|
4
|
-
"version": "2.
|
|
4
|
+
"version": "2.11.0",
|
|
5
5
|
"description": "Runtime of ZenStack for both client-side and server-side environments.",
|
|
6
6
|
"repository": {
|
|
7
7
|
"type": "git",
|
|
@@ -73,6 +73,10 @@
|
|
|
73
73
|
"types": "./zod-utils.d.ts",
|
|
74
74
|
"default": "./zod-utils.js"
|
|
75
75
|
},
|
|
76
|
+
"./encryption": {
|
|
77
|
+
"types": "./encryption/index.d.ts",
|
|
78
|
+
"default": "./encryption/index.js"
|
|
79
|
+
},
|
|
76
80
|
"./package.json": {
|
|
77
81
|
"default": "./package.json"
|
|
78
82
|
}
|
package/types.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import type { z } from 'zod';
|
|
2
|
+
import { FieldInfo } from './cross';
|
|
2
3
|
export type PrismaPromise<T> = Promise<T> & Record<string, (args?: any) => PrismaPromise<any>>;
|
|
3
4
|
/**
|
|
4
5
|
* Weakly-typed database access methods
|
|
@@ -112,6 +113,10 @@ export type EnhancementOptions = {
|
|
|
112
113
|
* The `isolationLevel` option passed to `prisma.$transaction()` call for transactions initiated by ZenStack.
|
|
113
114
|
*/
|
|
114
115
|
transactionIsolationLevel?: TransactionIsolationLevel;
|
|
116
|
+
/**
|
|
117
|
+
* The encryption options for using the `encrypted` enhancement.
|
|
118
|
+
*/
|
|
119
|
+
encryption?: SimpleEncryption | CustomEncryption;
|
|
115
120
|
};
|
|
116
121
|
/**
|
|
117
122
|
* Context for creating enhanced `PrismaClient`
|
|
@@ -122,7 +127,7 @@ export type EnhancementContext<User extends AuthUser = AuthUser> = {
|
|
|
122
127
|
/**
|
|
123
128
|
* Kinds of enhancements to `PrismaClient`
|
|
124
129
|
*/
|
|
125
|
-
export type EnhancementKind = 'password' | 'omit' | 'policy' | 'validation' | 'delegate';
|
|
130
|
+
export type EnhancementKind = 'password' | 'omit' | 'policy' | 'validation' | 'delegate' | 'encryption';
|
|
126
131
|
/**
|
|
127
132
|
* Function for transforming errors.
|
|
128
133
|
*/
|
|
@@ -140,3 +145,35 @@ export type ZodSchemas = {
|
|
|
140
145
|
*/
|
|
141
146
|
input?: Record<string, Record<string, z.ZodSchema>>;
|
|
142
147
|
};
|
|
148
|
+
/**
|
|
149
|
+
* Simple encryption settings for processing fields marked with `@encrypted`.
|
|
150
|
+
*/
|
|
151
|
+
export type SimpleEncryption = {
|
|
152
|
+
/**
|
|
153
|
+
* The encryption key.
|
|
154
|
+
*/
|
|
155
|
+
encryptionKey: Uint8Array;
|
|
156
|
+
/**
|
|
157
|
+
* Optional list of all decryption keys that were previously used to encrypt the data
|
|
158
|
+
* , for supporting key rotation. The `encryptionKey` field value is automatically
|
|
159
|
+
* included for decryption.
|
|
160
|
+
*
|
|
161
|
+
* When the encrypted data is persisted, a metadata object containing the digest of the
|
|
162
|
+
* encryption key is stored alongside the data. This digest is used to quickly determine
|
|
163
|
+
* the correct decryption key to use when reading the data.
|
|
164
|
+
*/
|
|
165
|
+
decryptionKeys?: Uint8Array[];
|
|
166
|
+
};
|
|
167
|
+
/**
|
|
168
|
+
* Custom encryption settings for processing fields marked with `@encrypted`.
|
|
169
|
+
*/
|
|
170
|
+
export type CustomEncryption = {
|
|
171
|
+
/**
|
|
172
|
+
* Encryption function.
|
|
173
|
+
*/
|
|
174
|
+
encrypt: (model: string, field: FieldInfo, plain: string) => Promise<string>;
|
|
175
|
+
/**
|
|
176
|
+
* Decryption function
|
|
177
|
+
*/
|
|
178
|
+
decrypt: (model: string, field: FieldInfo, cipher: string) => Promise<string>;
|
|
179
|
+
};
|