1 | # startupjs dm-sharedb-server
|
2 | > Express.js server with ShareDB, configs system, and react-router support for rendering client apps.
|
3 |
|
4 | ## Usage
|
5 |
|
6 | ```javascript
|
7 | import startupjsServer from '@startupjs/server'
|
8 |
|
9 | startupjsServer({ getHead }, ee => {
|
10 | ee.on('routes', expressApp => {
|
11 | expressApp.get('/api', async (req, res) => {
|
12 | let { model } = req
|
13 | let $counter = model.at('counters.first')
|
14 | await $counter.subscribe()
|
15 | res.json({ name: 'Test API', counter: $counter.get() })
|
16 | })
|
17 | })
|
18 | })
|
19 |
|
20 | const getHead = appName => `
|
21 | <title>HelloWorld</title>
|
22 | <!-- Put vendor JS and CSS here -->
|
23 | `
|
24 | ```
|
25 |
|
26 | ## @startupjs/sharedb-access connection
|
27 |
|
28 | ### Usage
|
29 | Add `accessControl: true` in options of your `startupjsServer`. For example:
|
30 |
|
31 | ```js
|
32 | // server/index.js
|
33 | startupjsServer(
|
34 | {
|
35 | getHead,
|
36 | appRoutes: [
|
37 | ...getMainRoutes()
|
38 | ],
|
39 | accessControl: true
|
40 | }, ee => {
|
41 | ee.on('routes', expressApp => {
|
42 | expressApp.get('/api', async (req, res) => {
|
43 | let { model } = req
|
44 | let $counter = model.at('counters.first')
|
45 | await $counter.subscribe()
|
46 | res.json({ name: 'Test API', counter: $counter.get() })
|
47 | })
|
48 | })
|
49 | })
|
50 | ```
|
51 |
|
52 | Using `@startupjs/sharedb-access` you can control `create`, `read`, `update`, and `delete`
|
53 | database operation for every collection. You can define `allow` rules for each CRUD operations
|
54 | in your orm model. By default all the operations are denied.
|
55 |
|
56 | The functions should return `true` if they think the operation should be allowed for
|
57 | `allow` rules. Otherwise they should return `false`, or nothing at all (`undefined`).
|
58 |
|
59 | #### Initialize
|
60 | You can describe access rules in the model. Create `static access` object in your orm model.
|
61 | Template of `access`:
|
62 |
|
63 | ```js
|
64 | static access = {
|
65 | create: async (backend, collection, docId, doc, session) => { your code }
|
66 | read: async (backend, collection, docId, doc, session) => { your code },
|
67 | update: async (backend, collection, docId, oldDoc, session, ops, newDoc) => { your code },
|
68 | delete: async (backend, collection, docId, doc, session) => { your code }
|
69 | }
|
70 | ```
|
71 | You can describe only those fields that are necessary. But keep in mind that without describing
|
72 | the permission rule for the operation, it is considered prohibited by default.
|
73 |
|
74 | #### Create
|
75 | ```js
|
76 | // Allow create-operation for collection 'items'
|
77 |
|
78 | // docId - id of your doc for access-control
|
79 | // doc - document object
|
80 | // session - your connect session
|
81 | class ItemModel {
|
82 | static access = {
|
83 | create: async (backend, collection, docId, doc, session) => {
|
84 | return true
|
85 | }
|
86 | }
|
87 | }
|
88 |
|
89 | // For example, let only admins can create docs in 'items' collection
|
90 | // access will be:
|
91 |
|
92 | class ItemModel {
|
93 | static access = {
|
94 | create: async (backend, collection, docId, doc, session) => {
|
95 | return session.isAdmin
|
96 | }
|
97 | }
|
98 | }
|
99 | ```
|
100 | #### Read
|
101 |
|
102 | Interface is like `create`-operation
|
103 |
|
104 | ```js
|
105 | class ItemModel {
|
106 | static access = {
|
107 | // Only if the reader is owner of the doc
|
108 | read: async (backend, collection, docId, doc, session) => {
|
109 | return doc.ownerId === session.userId
|
110 | }
|
111 | }
|
112 | }
|
113 | ```
|
114 |
|
115 | #### Delete
|
116 |
|
117 | Interface is like `create`-operation
|
118 |
|
119 | ```js
|
120 | class ItemModel {
|
121 | static access = {
|
122 | // Only owners can delete docs, but nobody can delete doc with special typ
|
123 | delete: async (backend, collection, docId, doc, session) => {
|
124 | return doc.ownerId === session.userId && doc.type !== 'liveForever'
|
125 | }
|
126 | }
|
127 | }
|
128 | ```
|
129 |
|
130 | #### Update
|
131 |
|
132 | ```js
|
133 | // docId - id of your doc for access-control
|
134 | // oldDoc - document object (before update)
|
135 | // newDoc - document object (after update)
|
136 | // ops - array of OT operations
|
137 | // session - your connect session
|
138 |
|
139 | const allowUpdateAll = async (backend, collection, docId, oldDoc, session, ops, newDoc) => {
|
140 | return true
|
141 | }
|
142 |
|
143 | class ItemModel {
|
144 | static access = {
|
145 | update: allowUpdateAll
|
146 | }
|
147 | }
|
148 | ```
|
149 |
|
150 | #### Allow Create, Read, Update, Delete
|
151 | ```js
|
152 | class ItemModel {
|
153 | static access = {
|
154 | create: async (backend, collection, docId, doc, session) => {
|
155 | return true
|
156 | },
|
157 | read: async (backend, collection, docId, doc, session) => {
|
158 | return true
|
159 | },
|
160 | update: async (backend, collection, docId, oldDoc, session, ops, newDoc) => {
|
161 | return true
|
162 | },
|
163 | delete: async (backend, collection, docId, doc, session) => {
|
164 | return true
|
165 | }
|
166 | }
|
167 | }
|
168 | ```
|
169 |
|
170 |
|
171 | ## @startupjs/sharedb-schema connection
|
172 |
|
173 | ## Usage
|
174 |
|
175 | 1. In `server/index.js` add `validateSchema: true` to `startupjsServer()` options
|
176 | 2. Go to one of your ORM document entities (for example, `UserModel`, which targets `users.*`) and add a static method `schema`:
|
177 |
|
178 | ```js
|
179 | import { BaseModel } from 'startupjs/orm'
|
180 |
|
181 | export default class UserModel extends BaseModel {
|
182 | static schema = {
|
183 | nickname: {
|
184 | type: 'string',
|
185 | minLength: 1,
|
186 | maxLength: 10,
|
187 | },
|
188 | email: {
|
189 | type: 'string',
|
190 | format: 'email',
|
191 | },
|
192 | age: {
|
193 | description: 'Age in years',
|
194 | type: 'integer',
|
195 | minimum: 0,
|
196 | },
|
197 | roleId: {
|
198 | type: 'string'
|
199 | },
|
200 | hobbies: {
|
201 | type: 'array',
|
202 | maxItems: 3,
|
203 | items: {
|
204 | type: 'string',
|
205 | },
|
206 | uniqueItems: true,
|
207 | },
|
208 | }
|
209 | }
|
210 |
|
211 | ```
|
212 |
|
213 | ## MIT Licence
|
214 |
|
215 | Copyright (c) 2016 Pavel Zhukov
|