f7f7u7f7
TTCTheo's Typesafe Cult
•Created by f7f7u7f7 on 8/8/2024 in #questions
Seeking robust multi-tenant authentication for NextJS/Node app
We're developing a full-stack application using NextJS and Node (split backend), with Prisma as our ORM, tRPC for API calls, and other modern tools. We're looking to implement multi-tenancy in our app, but we want to ensure it's both secure and elegantly designed.
Our main concerns are:
1. Finding a clean approach to implementation
2. Ensuring build-time safety to prevent accidental data leaks
3. Avoiding potential security issues caused by forgotten WHERE clauses
We've considered Postgres row-level security, but it doesn't seem to be well-supported by either Prisma or Drizzle ORM.
Does anyone have experience with or suggestions for implementing multi-tenant authentication in this stack? We're particularly interested in solutions that provide strong safety guarantees at build time, reducing the risk of exposing data across tenants due to developer oversight.
Any best practices, libraries, or architectural patterns would be greatly appreciated!
2 replies