Recently I started working on a new project to learn some new technologies (Prisma 2, REST api with Express, etc.). Tho, I faced a problem.
My app has a user authentication system and the user model has a password column. So, when the client requests a user, the backend selects all the columns from the database including the password (that's hashed by the way).
I tried to not select the password column on the prisma findMany, like this:
await prisma.user.findUnique({
where: {
...
},
select: {
password: false
}
});
But I got an error by prisma saying that the select should contain at least one truly value. Thus, I added id: true
to the select. I made an api request and I saw that only the id was returning for the user.
By my understanding, prisma expects me to add all the columns I care to the select object. But, I need a lot of columns from the user and I am making a lot of queries to fetch users and I cannot just write all the field I need everytime.
So, I wanted to ask you if there is a legit way to do that.
PS: I don't take "use rawQuery instead" as a solution.
The most efficient way to do it, especially in case you are using this as an API response, is to use class-transformer.
With it, you can create a DTO class for the user, that doesn't expose, for example, the password field.
Then, use the plainToClass
function to convert the user entity (that comes from Prisma and includes the password) to the user DTO class (that doesn't include the user's password).
That's how you get rid of the password.
Check the library it's pretty cool, it made things a lot simpler for me.