by benpacker on 10/11/23, 3:32 PM with 0 comments
I just published my first (hopefully of many) personal open source project to be used by others.
There's 2 packages: - The lower level kysely-access-control (https://github.com/ben-pr-p/kysely-utils/tree/main/packages/...), which implements a callback that you can return `Allow/Deny/Omit` + `[Allow, where]` for
- A higher level kysely-grants (https://github.com/ben-pr-p/kysely-utils/tree/main/packages/...) that implements Postgres like grants on top of kysely
The idea grew out of frustration I've had implementing permissions in the past.
On some projects, I've implemented it each time data is supposed to be accessed, which has meant the developer implementing the route needs to know about all the permissions considerations accessing that data.
On other projects, I've implemented it at the database layer (in Postgres). That's been a generally decent experience, but gets hard to manage when you want the same user to have different permissions depending on the context. Additionally, it restricts how you can access and cache calls to the database, since you need to run (and your cache key depends on) `set_config` calls with the relevant access details on each statement request.
After this, I'm planning on writing and publishing an executor for Kysely that can automatically cache database queries. Since this access control plugin modifies the actual Kysely internal operation node, that plugin will properly cache results per user. I'm also hoping to write a plugin that can automatically invalidate the cache from wal2json results.
Feedback is super appreciated and sought after! This is my first external facing npm package, and I found the process a bit tricky to execute.