database-proxy
Advanced tools
`database-proxy` 是一个「超级API」,一个 API 替代服务端 90% 的传统 APIs。
通过一套「访问控制规则」配置数据库访问,让前端开发者“安全直连”数据库,再也不需要和服务端对接口了!
客户端使用 `laf-client-sdk` ,像在服务端操作数据库那样,在客户端直接读写相应的数据即可。
npm install database-proxy
const app = require('express')()
const { Proxy, MongoAccessor, Policy } = require('database-proxy')
const { MongoClient } = require('mongodb')
app.use(express.json())
// design the access control policy rules
const rules = {
categories: {
"read": true,
"update": "!uid",
"add": "!uid",
"remove": "!uid"
}
}
const client = new MongoClient('mongodb://localhost:27017')
client.connect()
// create an accessor
const accessor = new MongoAccessor(client)
// create a policy
const policy = new Policy(accessor)
policy.load(rules)
// create an proxy
const proxy = new Proxy(accessor, policy)
app.post('/proxy', async (req, res) => {
const { uid } = parseToken(req.headers['authorization'])
const injections = {
uid: uid
}
// parse params
const params = proxy.parseParams(req.body)
// validate query
const result = await proxy.validate(params, injections)
if (result.errors) {
return res.send({
code: 1,
error: result.errors
})
}
// execute query
const data = await proxy.execute(params)
return res.send({
code: 0,
data
})
})
app.listen(8080, () => console.log('listening on 8080'))
npm install laf-client-sdk
const cloud = require('laf-client-sdk').init({
dbProxyUrl: 'http://localhost:8080/proxy',
getAccessToken: () => localStorage.getItem('access_token')
})
const db = cloud.database()
// 查询文档
const res = await db.collection('categories').get()
// 条件查询
const res = await db.collection('articles')
.where({status: 'published'})
.orderBy({createdAt: 'asc'})
.offset(0)
.limit(20)
.get()
// 更新
const res = await db.collection('articles')
.doc('the-doc-id').update({
title: 'new-title'
})
更多使用参考客户端使用文档
{
"categories": {
"read": true,
"update": "$admin === true",
"add": "$admin === true",
"remove": "$admin === true"
},
"articles": {
"read": true,
"update": "$admin === true",
"add": "$admin === true",
"remove": "$admin === true"
}
}
{
"articles": {
"read": true,
"update": "$userid && $userid === query.createdBy",
"add": "$userid && data.createdBy === $userid",
"remove": "$userid === query.createBy || $admin === true"
}
}
{
"articles": {
"add": {
"condition": "$userid && data.createdBy === $userid"
},
"remove": "$userid === query.createBy || $admin === true",
"$schema": {
"title": {"length": [1, 64], "required": true},
"content": {"length": [1, 4096]},
"like": { "number": [0,], "default": 0}
}
}
}
场景介绍: 用户之间站内消息表访问规则
{
"messages": {
"read": "$userid && ($userid === query.receiver || $userid === query.sender)",
"update": {
"condition": "$userid && $userid === query.receiver",
"data": {
"read": {"in": [true]}
}
},
"add": {
"condition": "$userid && $userid === data.sender",
"data": {
"read": {"in": [false]}
}
},
"remove": false,
"$schema": {
"content": {"length": [1, 20480], "required": true},
"receiver": {"exists": "/users/id"},
"read": { "in": [true, false], "default": false }
}
}
}
安装依赖
npm i
npx mocha tests/units/*.test.js
使用 Docker 启动个测试数据库,等待mongo 启动成功
docker pull mongo
docker run --rm -p 27018:27017 --name mongotest -d mongo
执行测试用例
npx mocha tests/mongo_db/*.test.js
停止&删除 Mongo 实例
docker rm -f mongotest
使用 Docker 启动个测试数据库,等待mongo 启动成功
docker pull mysql
docker run --name mysqltest -e MYSQL_ROOT_PASSWORD=kissme -e MYSQL_DATABASE=testdb -d -p 3306:3306 mysql
手动创建测试使用的数据表:
create table IF NOT EXISTS categories (
id int not null auto_increment,
name varchar(64) not null,
created_at int,
primary key(id)
)ENGINE=InnoDB DEFAULT CHARSET=utf8;
create table IF NOT EXISTS articles (
id int not null auto_increment,
title varchar(64) not null,
category_id int,
content text,
created_at int,
updated_at int,
created_by int,
primary key(id)
)ENGINE=InnoDB DEFAULT CHARSET=utf8;
执行测试用例
npx mocha tests/mysql_db/*.test.js
停止&删除 Mongo 实例
docker rm -f mysqltest
请确保已经运行 mongo 和 mysql 测试的实例;
npx mocha tests/**/*.test.js
FAQs
Through a set of access control rules configuration database access to realize the client directly access the database via HTTP.
The npm package database-proxy receives a total of 24 weekly downloads. As such, database-proxy popularity was classified as not popular.
We found that database-proxy demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket and Seal Security collaborate to fix a critical npm overrides bug, resolving a three-year security issue in the JavaScript ecosystem's most popular package manager.
Security News
TypeScript is porting its compiler to Go, delivering 10x faster builds, lower memory usage, and improved editor performance for a smoother developer experience.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.