`database-proxy` 是一个「超级API」，一个 API 替代服务端 90% 的传统 APIs。

通过一套「访问控制规则」配置数据库访问，让前端开发者“安全直连”数据库，再也不需要和服务端对接口了！

客户端使用 `laf-client-sdk` ，像在服务端操作数据库那样，在客户端直接读写相应的数据即可。

使用

    npm install database-proxy

服务端代码示例

const app = require('express')()
const { Proxy, MongoAccessor, Policy } = require('database-proxy')
const { MongoClient } = require('mongodb')

app.use(express.json())

// design the access control policy rules
const rules = {
    categories: {
        "read": true,
        "update": "!uid",
        "add": "!uid",
        "remove": "!uid"
    }
}

const client = new MongoClient('mongodb://localhost:27017')
client.connect()

// create an accessor
const accessor = new MongoAccessor(client)


// create a policy
const policy = new Policy(accessor)
policy.load(rules)

// create an proxy
const proxy = new Proxy(accessor, policy)

app.post('/proxy', async (req, res) => {
  const { uid } = parseToken(req.headers['authorization'])

  const injections = {
    uid: uid
  }

  // parse params
  const params = proxy.parseParams(req.body)

  // validate query
  const result = await proxy.validate(params, injections)
  if (result.errors) {
    return res.send({
      code: 1,
      error: result.errors
    })
  }

  // execute query
  const data = await proxy.execute(params)
  return res.send({
    code: 0,
    data
  })
})

app.listen(8080, () => console.log('listening on 8080'))

客户端使用

    npm install laf-client-sdk

const cloud = require('laf-client-sdk').init({
    dbProxyUrl: 'http://localhost:8080/proxy',
    getAccessToken: () => localStorage.getItem('access_token')
})

const db = cloud.database()

// 查询文档
const res = await db.collection('categories').get()

// 条件查询
const res = await db.collection('articles')
    .where({status: 'published'})
    .orderBy({createdAt: 'asc'})
    .offset(0)
    .limit(20)
    .get()

// 更新
const res = await db.collection('articles')
    .doc('the-doc-id').update({
        title: 'new-title'
    })

更多使用参考客户端使用文档

数据访问安全规则示例

简单示例 1：简单博客

{
    "categories": {
        "read": true,
        "update": "$admin === true",
        "add": "$admin === true",
        "remove": "$admin === true"
    },
    "articles": {
        "read": true,
        "update": "$admin === true",
        "add": "$admin === true",
        "remove": "$admin === true"
    }
}

简单示例 2：多用户博客

{
    "articles": {
        "read": true,
        "update": "$userid && $userid === query.createdBy",
        "add": "$userid && data.createdBy === $userid",
        "remove": "$userid === query.createBy || $admin === true"
    }
}

复杂示例 1：数据验证

{
    "articles": {
        "add": {
            "condition": "$userid && data.createdBy === $userid"
        },
        "remove": "$userid === query.createBy || $admin === true",
        "$schema": {
            "title": {"length": [1, 64], "required": true},
            "content": {"length": [1, 4096]},
            "like": { "number": [0,], "default": 0}
        }
    }
}

复杂示例 2：更高级的数据验证

场景介绍：用户之间站内消息表访问规则

{
    "messages": {
        "read": "$userid && ($userid === query.receiver || $userid === query.sender)",
        "update": {
            "condition": "$userid && $userid === query.receiver",
            "data": {
                "read": {"in": [true]}
            }
        },
        "add": {
            "condition": "$userid && $userid === data.sender",
             "data": {
                "read": {"in": [false]}
            }
        },
        "remove": false,
        "$schema": {
            "content": {"length": [1, 20480], "required": true},
            "receiver": {"exists": "/users/id"},
            "read": { "in": [true, false], "default": false }
        }
    }
}

运行测试

安装依赖

    npm i

单元测试

    npx mocha tests/units/*.test.js

数据库访问测试

Mongo

使用 Docker 启动个测试数据库，等待mongo 启动成功

    docker pull mongo
    docker run --rm -p 27018:27017 --name mongotest -d mongo

执行测试用例

    npx mocha tests/mongo_db/*.test.js

停止&删除 Mongo 实例

    docker rm -f mongotest

MySQL

使用 Docker 启动个测试数据库，等待mongo 启动成功

    docker pull mysql
    docker run --name mysqltest -e MYSQL_ROOT_PASSWORD=kissme -e MYSQL_DATABASE=testdb -d -p 3306:3306 mysql

手动创建测试使用的数据表：

create table IF NOT EXISTS categories (
  id int not null auto_increment,
  name varchar(64) not null, 
  created_at int, 
  primary key(id)
)ENGINE=InnoDB DEFAULT CHARSET=utf8;

create table IF NOT EXISTS articles (
  id int not null auto_increment,
  title varchar(64) not null, 
  category_id int,
  content text,
  created_at int, 
  updated_at int,
  created_by int,
  primary key(id)
)ENGINE=InnoDB DEFAULT CHARSET=utf8;

执行测试用例

    npx mocha tests/mysql_db/*.test.js

停止&删除 Mongo 实例

    docker rm -f mysqltest

执行所有测试用例

请确保已经运行 mongo 和 mysql 测试的实例；

npx mocha tests/**/*.test.js

1.0.0 (2024-04-01)

Bug Fixes

build: remove unneeded build layer (#1822) (f53510c)
cli: dotenv package missing error (#1747) (3539d17)
cli: func desc missing caused by typo (#1832) (3816b3f)
cli: storage field key error during refresh (#1833) (17811c4)
fix bson version error in database-ql (#1751) (d3a5c7f)
runtime-exporter: repair the build process (#1869) (2948df9)
runtime: fix override deps when init package.json (#1855) (d73d71b)
runtime: fix runtime database connection error (#1776) (db10359)
runtime: fix storage server query url problem (#1910) (27be959)
runtime: fix upload-dependencies tar path (#1891) (bc948e2)
runtime: print error when invoke init function error (#1887) (fbfa762)
runtime: wait for db ready (#1774) (f1f0798)
server: add environment variable to control bucket domain Create task switch (#1836) (3e17727)
server: billing error with old apps (#1797) (fadd735)
server: billing for all apps including stopped apps (#1781) (6cb7e57)
server: certificate of unbundled website domain name is not deleted (#1871) (d52a578)
server: disable i18n file watching in server (#1800) (e9b6de7)
server: fix being failed to find address when connect ddb (#1771) (0ed539e)
server: fix certificate not deleting and rebuilding issue when unbundling runtime custom domains (#1829) (77be144)
server: fix compiled code that doesn't support await import (#1828) (b23d2a2)
server: fix dedicated database connect host (#1906) (658fe49)
server: fix extra billing for ddb when app has stopped (#1884) (3113289)
server: fix multi-region database connectivity issues (#1801) (aa28e7e)
server: fix too large entity error when upload large func (#1882) (fdf96bb)
server: read manifest failed when init region (#1820) (f72e024)
server: update account updateAt (#1806) (1b75bac)
server: update function changelog optional (#1799) (84ea810)
web&server: fix billing query time boundary problem (#1745) (d9cfd9f)
web: cannot click history func version (#1798) (12bef25)
web: change monaco loader cdn with self-host js (#1812) (604ee33)
web: error when click recommend specs (#1793) (cea1c88)
web: fix ddb not compactable with old app (#1768) (208a683)
web: fix editor theme override & init with value (#1795) (b127a0b)
web: fix function scroll bar & support horizontal scrolling (#1814) (48d636c)
web: fix monaco editor key binding (#1809) (87b3c03)
web: fix nginx conf (#1907) (b37508a)
web: fix nginx conf (#1908) (9ec2a97)
web: fix not auto import typings when switch paths (#1896) (f7ab0dd)
web: fix only display either phone or email login (#1888) (896386d)
web: fix pwa cache (#1905) (ab28cd4)
web: fix storage path concatenation & add dependency install tip (#1864) (53e491a)
web: not update recent function list when deploy & fix type when import function by relative path (#1821) (2a06729)
web: wait for all delete files promise settled (#1777) (44df222)

Features

runtime&server: support display error/log line (#1813) (faefc11)
runtime&server: support updating dependencies without restarting (#1823) (debd01c)
runtime: add ts lsp server (#1660) (ba8de86)
server: Add a setting to control whether WebPromoPage is enabled or not. (#1861) (cc97241)
server: add app network traffic metering (#1892) (ef30cd9)
server: adding a delinquent flag to an account when the account… (#1881) (a9bc541)
server: recover the application and synchronize the recovery functions to sys_db (#1879) (46a0cd4)
server: support auth methods of email (#1867) (2364f57)
server: support dedicated database (#1728) (cae101b)
server: support function history changelog (#1756) (829fd8a)
server: support notification (#1683) (d9f527b)
services: add database metrics interface (#1739) (74518b9)
web&server: control the activation of the ddb & change the location of deploy manifests (#1810) (a8bd80e)
web: add app network traffic metering (#1894) (e9d012d)
web: add function list context menu (#1825) (bcde132)
web: add index page setting config (#1858) (f192ec8)
web: add laf_doc and laf_about_us url config (#1763) (9a96ff7)
web: optimize app log stream (#1811) (59da485)
web: remove charge input (#1912) (c39772b)
web: support ai code completion (#1877) (1c688b8)
web: support auth methods of email (#1865) (9f0a683)
web: support dedicated database (#1730) (6a02910)
web: support deleting multiple storage files (#1755) (4e47d04)
web: support function changelog (#1757) (9d86105)
web: support function editor with lsp (#1657) (d7d0b46)
web: support function editor with lsp (#1784) (022ee46)
web: support rename functions using dragging (#1762) (f108ea8)
web: support sort files of storage & fix monitor data undefined (#1819) (55360e9)
web: support updating dependencies without restarting (#1824) (bd69fea)
web: support version upgrade prompt (#1754) (94e3e82)

Reverts

Revert "feat(web): support function editor with lsp (#1657)" (#1783) (5a63468), closes #1657 #1783

Keywords

FAQs

What is database-proxy?

Is database-proxy popular?

Is database-proxy well maintained?

Package last updated on 01 Apr 2024

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

database-proxy

介绍

使用