Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
damidekronik a day ago

I am using both prisma and kysely in the same codebase with a great success. The db schema is driven by SQL, not prisma. It is then introspected by both kysely and prisma, prisma is used in 95% of the places while kysely is used whenever performance is critical or when prisma doesn't support the SQL features we need.

tough 21 hours ago | parent [-]

any underlying negative consequences on letting prisma schema handle the underlynig model/migrations

I found out about stackzen yesterday, really like the RBAC/ABAC backed up into the models/codegen stuff, been thinking about just using that for our custom logic and maybe add RLS pg a la supabase but also codegen from the same .zmodel from zenstack model that generates prisma models/migrations have it generate RLS sql migrations code

thoughts??

also maybe postgres views to handle field/attribute level security since rows is mostly about whole columns

main goal is to secure the data at all the levels of the stack from db to api to app so there's no footguns in the future where someone with a pg user or modifying our clients can see data they shouldn't etc

damidekronik 4 hours ago | parent | next [-]

Prisma doesn't cover plenty of SQL features. custom types, more complex indexes (like where clause). It is also a VC backed biznes, need to be ready to drop it at almost any time, SQL/postgres on the other hand is here to stay.

RLS is hard to work with, hard to debug, hard to reason about, cumbersome. It is however powerful.

tough an hour ago | parent [-]

Right! for RLS i found out about atlasgo, which lets you do Schemas as Code including RLS stuff,

so my mind went to leverage the .zmodel to generate not only the prisma schemas through it and the client api codegen sdk, but also the RLS stuff either with plain sql migrations or a specific framework for rls.

all in all this is probably too much and as long as the app-api level is secure with zenstack and i dont use pg directly anywhere else it should be 'safe' i just wanted to harden all the stack speaking of sorts... idk

krashidov 9 hours ago | parent | prev [-]

what is stackzen? I googled it and found nothing

ebalit 8 hours ago | parent | next [-]

It's most probably ZenStack given the description: https://zenstack.dev/

tough 2 hours ago | parent [-]

yes sorry, typo, i meant ZenStack!

krashidov 9 hours ago | parent | prev [-]

is it this? https://github.com/stacksjs/stacks

tough 2 hours ago | parent [-]

Nope sorry it was zenstack https://zenstack.dev/