Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Prisma JS/TS client generator exclude attribute

See original GitHub issue

Currently, the client selects all fields when querying a model. There’s no easy way to exclude a field by default. This makes it easy to accidentally send sensitive information back to the client, for example a password hash on a user model.

It is infeasible or too complicated to build a solution for this issue without undermining the current design of the client (exclude can’t neatly fit in besides include and select in the type system) or building complex hacks that do not work for more involved scenarios.

This proposal introduces a generator attribute that will instruct the client to not query a field by default, but it must be explicitly selected instead for it to get fetched.

Prisma Schema Language (PSL) Syntax Proposal

With the concept of generator attributes being a decided addition in the future of the Prisma Schema (https://github.com/prisma/prisma/issues/7209), we can already decide to implement exclude as a “known” generator attribute, meaning that while we don’t have pluggable generators formalized, we can skip the generic plugin part and include it first-party into the Prisma code until we have a real system in place:

generator client { ... }

model Model {
    ...
    field String @client.exclude
}

The exclude property is namespaced to the generator that will use it in the end.

Technical Details

The attribute will be attached to all places in the underlying protocol (currently internal, used by the language generators) where something has been derived from the field:

{
    "name": "Model",
    "fields": [
        {
            "name": "field",
            "args": [],
            "isNullable": false,
            "attributes": [{
                "generator": "client",
                "name": "exclude"
            }],
            "outputType": {
                "type": "String",
                "location": "scalar",
                "isList": false
            }
        }
    ]
}

Note that the above is not a final version and may change.

Feedback

Do you agree with the exclude naming? If not, what would be a preferable alternative?

Issue Analytics

State:
Created 2 years ago
Reactions:115
Comments:17 (1 by maintainers)

Top GitHub Comments

28reactions

AnandChowdharycommented, Jun 16, 2021

We can also try @public and @private, and maybe even an option to mark everything as private by default:

generator client {
  provider = "prisma-client-js"
  defaultVisibility = "public"
}

model User {
  name     String  @public // Optional because @public is the default
  password String? @private
}

26reactions

Dilvencommented, Oct 25, 2021

any updates?

Top Results From Across the Web

Generating the client (Concepts) - Prisma

This page explains how to generate Prisma Client. It also provides additional context on the generated client, typical workflows and Node.js configuration.

Prisma: how to exclude properties from generated types

I'm building my app using Prisma to connect to the DB (Next.js app). I'm having some trouble with the auto generated Typescript definitions....

Untitled

... Toshiba ssd hard drive, Steam money code generator 2014? ... 4595pro, Bong sabu keren, Error 443 vpn client, Reef builders led review,...

Syntax Highlighting — Eleventy

A pack of Eleventy plugins for PrismJS syntax highlighting. No browser/client JavaScript here, these highlight transformations are all done at build-time.

Untitled

Czest, Roselle nava song list, Beecher manor jobs, Hari garbharran, Target nuka cola sold out, Add remove programs windows 10, Avery template 5871...