@aradox/multi-orm
Version:
Type-safe ORM with multi-datasource support, row-level security, and Prisma-like API for PostgreSQL, SQL Server, and HTTP APIs
134 lines • 3.65 kB
TypeScript
/**
* Example Middleware for Row-Level Security (RLS)
*
* These middleware examples demonstrate common patterns for:
* - Tenant isolation (multi-tenancy)
* - User-based data filtering
* - Audit logging
* - Performance monitoring
*/
import { Middleware } from '../types/middleware';
/**
* Tenant Isolation Middleware
*
* Automatically injects tenant_id filter on all queries.
* Ensures users can only access data from their own tenant.
*
* Usage:
* ```typescript
* const client = await orm.generate();
* client.use(tenantIsolationMiddleware(['Customers', 'Orders', 'Products']));
* client.setContext({ user: { tenantId: 123 } });
*
* // All queries automatically filtered by tenant_id
* const customers = await client.Customers.findMany({});
* // WHERE tenant_id = 123
* ```
*/
export declare function tenantIsolationMiddleware(models: string[]): Middleware;
/**
* User Ownership Middleware
*
* Ensures users can only access their own data.
* Injects user_id filter on specified models.
*
* Usage:
* ```typescript
* client.use(userOwnershipMiddleware(['Orders', 'Payments']));
* client.setContext({ user: { id: 456 } });
*
* const orders = await client.Orders.findMany({});
* // WHERE user_id = 456
* ```
*/
export declare function userOwnershipMiddleware(models: string[]): Middleware;
/**
* Audit Logging Middleware
*
* Logs all mutations (create, update, delete) for compliance.
*
* Usage:
* ```typescript
* client.use(auditLoggingMiddleware({
* async log(entry) {
* await db.auditLog.create({ data: entry });
* }
* }));
* ```
*/
export declare function auditLoggingMiddleware(options: {
log: (entry: {
model: string;
operation: string;
userId?: number | string;
timestamp: Date;
args: any;
result?: any;
}) => Promise<void>;
}): Middleware;
/**
* Role-Based Access Control (RBAC) Middleware
*
* Restricts access based on user roles.
*
* Usage:
* ```typescript
* client.use(rbacMiddleware({
* Employees: ['admin', 'hr'],
* Payments: ['admin', 'finance'],
* Invoices: ['admin', 'finance']
* }));
*
* client.setContext({ user: { role: 'hr' } });
* await client.Employees.findMany({}); // ✅ Allowed
* await client.Payments.findMany({}); // ❌ Forbidden
* ```
*/
export declare function rbacMiddleware(modelRoles: Record<string, string[]>): Middleware;
/**
* Performance Monitoring Middleware
*
* Tracks query execution time and logs slow queries.
*
* Usage:
* ```typescript
* client.use(performanceMonitoringMiddleware({
* slowQueryThreshold: 1000 // ms
* }));
* ```
*/
export declare function performanceMonitoringMiddleware(options: {
slowQueryThreshold: number;
}): Middleware;
/**
* Soft Delete Middleware
*
* Automatically filters out deleted records and converts delete to update.
*
* Usage:
* ```typescript
* client.use(softDeleteMiddleware(['Customers', 'Orders']));
*
* // findMany automatically filters deleted_at IS NULL
* const customers = await client.Customers.findMany({});
*
* // delete() converts to update with deleted_at = NOW()
* await client.Customers.delete({ where: { Id: 1 } });
* ```
*/
export declare function softDeleteMiddleware(models: string[]): Middleware;
/**
* Data Sanitization Middleware
*
* Removes sensitive fields from query results.
*
* Usage:
* ```typescript
* client.use(dataSanitizationMiddleware({
* Customers: ['ssn', 'credit_card'],
* Employees: ['salary', 'ssn']
* }));
* ```
*/
export declare function dataSanitizationMiddleware(modelFields: Record<string, string[]>): Middleware;
//# sourceMappingURL=examples.d.ts.map