https://github.com/rexadbapp/rexadb-studio

RexaDB Studio — Backend API server for a database client GUI. Proxies database connections (Postgres, MySQL) through a central API with JWT auth, role-based access control (RBAC), AES-256-GCM credential encryption, and a pluggable driver system. Built with Next.js App Router, Drizzle ORM, and SQLite (libSQL).
https://github.com/rexadbapp/rexadb-studio

database-management databases mysql postgres sql

Last synced: 3 days ago
JSON representation

RexaDB Studio — Backend API server for a database client GUI. Proxies database connections (Postgres, MySQL) through a central API with JWT auth, role-based access control (RBAC), AES-256-GCM credential encryption, and a pluggable driver system. Built with Next.js App Router, Drizzle ORM, and SQLite (libSQL).

• Host: GitHub
• URL: https://github.com/rexadbapp/rexadb-studio
• Owner: rexadbapp
• Created: 2026-05-25T09:49:56.000Z (26 days ago)
• Default Branch: master
• Last Pushed: 2026-06-16T21:33:35.000Z (4 days ago)
• Last Synced: 2026-06-16T23:20:30.056Z (3 days ago)
• Topics: database-management, databases, mysql, postgres, sql
• Language: TypeScript
• Homepage: https://rexadb.app
• Size: 232 KB
• Stars: 2
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# rexadb-studio

> Backend API server for the rexadb database client GUI. Proxies database connections through a central API with role-based access control (RBAC), so admins can grant team members scoped access to databases without exposing credentials.

## Quick Start

```sh

npm run setup     # interactive — prompts for admin, generates secrets, installs, migrates, seeds

```

Or with Docker:

```sh

docker compose up -d

```

## Architecture Overview

```

Client App → POST /query (Bearer token) → rexadb-studio

  ├── Verify JWT

  ├── Check RBAC permissions

  ├── Decrypt stored credentials (AES-256-GCM)

  ├── Connect via driver (pg / mysql2)

  ├── Execute query

  ├── Log audit trail

  └── Return rows + fields

```

| Layer | Description |

|-------|-------------|

| `src/app/api/` | Thin route handlers |

| `src/lib/auth.ts` | JWT auth adapter (swappable) |

| `src/lib/rbac.ts` | Permission & connection-level access checks |

| `src/lib/drivers/` | Pluggable database drivers (Postgres, MySQL) |

| `src/lib/encryption.ts` | AES-256-GCM credential encryption |

| `src/db/` | Drizzle ORM schema + SQLite app storage |

| `src/config/` | Permission codes & default role definitions |

## Supported Databases

- **Postgres** (via `pg`)

- **MySQL** (via `mysql2`)

- Extensible — implement `DatabaseDriver` and use `registerDriver()`

## Permissions

Granular permission system with built-in roles (`super_admin`, `admin`, `developer`, `viewer`) and connection-level access types (`FULL_ACCESS`, `READ_ONLY`, `CUSTOM`). Custom roles can be created at runtime.

## Docs

- [Architecture & API Reference](docs/architecture.md)

- [Users API](docs/users-api.md)

- [Frontend API Integration](docs/frontend-api.md)

- [Integrate with Main App](docs/integrate-with-main-app.md)

## Tech Stack

**Next.js** (App Router), **Drizzle ORM** + **libSQL** (SQLite), **pg** / **mysql2** (drivers), **Zod** (validation), **AES-256-GCM** (encryption).