Recently we are working with a customer who want's one of our mongodb collection to be shared with them. I'm pretty new to Dev/Sys Ops so I'm wondering what would be the best way to share collection with them?
Client needs to be able to specify dates and then pull all of the data in that range from collection (so some sort of query is needed).
I was considering giving them access to mongo through ssh, but would that be secure and appropiate?
Second thing I consider was by creating some simple webapp and then sending it over as POST
Thoughts? Cheers
Posting my comment as an answer after a small discussion with OP
A simple REST API should suffice - sending the search criteria to your API, then querying MongoDB.
Returning in JSON format would be easier - though this depends on your customers requirements.
Thanks for your help. I have ended up simply creating username and password to mongo to my client and set correct permissions leaving them with doing all the heavy lifting.
Related
I am building a personal work/career portfolio web app project, and plan on using MongoDB for my database. (I plan to build the project using MERN stack.) Most of my data is not one-time data (such as education, and work experiences), however I have a few pieces of data (such as my personal summary (the content for my "About Me" section), and skills summary) that are one-time only data (I think "single instance" might be a better fitting term). I would like to store all of the data in a database, and set up an admin-end to manage and edit the data. However, I am not sure how to go about storing the one-time data in my MongoDB database.
One idea I had was to create a collection solely for the one-time data, and only allow the user (me) to update and read the documents in the collection. Another idea I had was placing all of my portfolio data into a single collection called "entries", and giving each "entry" a type (such as "Education", or "Personal Summary"). Then when I retrieve the data from the collection I would gather all the documents with the same value in their type field together. I was thinking of storing each of the types as a constant on my server. However, my biggest concern with both ideas is if they would be considered bad practice of not.
I would be very appreciative if anyone has any advice on how to solve this problem.
I had implemented this a while back on one of my small projects, and again after discussing it over with some professionals I'm in contact with, they said that the best approach would be to create a collection with a single document that contains all the information, like the links, about, etc...
One more thing I, was suggested is that we could use Redis solely for the purpose of storing this type of information as well.
Something that I implemented a long time back similar to the one collection, single doc approach: https://github.com/codelancedevs/Sundar-Clinic/tree/local-backend/src/api/app
Working on a similar approach here: https://github.com/kunalkeshan/Cam-O-Genics-Backend
Hope this is of some help, I'm still learning as to what might be the best approach. Open to any suggestions out there!
Basically, I'm querying the D365 web API and I'm trying to get all of the related contacts for an account.
Been following this link:
https://learn.microsoft.com/en-us/dynamics365/customer-engagement/developer/webapi/query-data-web-api#retrieve-related-entities-by-expanding-navigation-properties
Trying to use $expand but it only will bring over _primarycontactid_value. So just the one primary contact and not everyone that is related to the Account.
It would look something like the following:
/api/data/v9.0/accounts&?select=name&$expand=Contacts(fullname, email)
The only fields in Account that have "contact" in them are:
preferredcontactmethodcode
_primarycontactid_value
address2_primarycontactname
address1_primarycontactname
_tcc_primaryinvoicecontactid_value
_tcc_consultingcontact_value
_tcc_contactlist_value //some custom field that doesn't apparently do anything
_new_foundationcontact_value
_tcc_primaryapcontactid_value
So none of which can be used to look-up all of the contacts... that I know of.
Another way to do it would be to start with the Contact first and then $expand= on the _parentcustomerid_value. But I need to filter on the Account to specify certain accounts that I want... this would just bring over every account and be incredibly slow. I'm not sure there is a way to $filter= on an $expand= value.
So:
How can I query the Account and all the related to Contacts for an Account?
If there is no way, is it possible to use $filter= on and $expand= value?
Trying to keep the amount of queries to a minimum. This could be solved by doing multiple iterative queries, but that will just make it incredibly slow. Or just query everything and piece it together, but that will be slow as well.
Ok, stumbled across the answer: contact_customer_accounts.
Query ends up looking like the following: /api/data/v9.0/accounts&?select=name&$expand=contact_customer_accounts($select=fullname).
As far as I can tell, custom relationships can be used as well, although I have only tested with 1:N types.
Still takes a little while to generate, but works.
I am trying to shift towards serverless architecture when it comes to building REST API. I came from Ruby on Rails background.
I have successfully understood and adapted services such as Api Gateway, Cognito, RDS and Lambda functions, however I am struggling with putting it all together in optimal way.
My case is the following. I have a simple user based platform when there are multiple resources related to application members say blog application.
I have used Cognito for the sake of authentication and Aurora as the database service for keeping thing like articles and likes..
Since the database and Cognito user pool are decoupled, it is hard for me to do things like:
Fetching users that liked particular article
Fetching users comments
It seems problematic for me because I need to pass some unique Cognito user identifier (retrieved during authorization phase in API gateway) to lambda function which will then save the database record with an external reference to this user. On the other hand, If I were to fetch particular users, firstly I must fetch their identifiers from my relation database and then request users details from Cognito user pool..I lack some standard ways of accessing current user in my lambda functions as well as mechanisms for easily associating databse record with that user..
I have not found some convincing recommended patterns for designing such applications even though it seems like a very common problem and I am having hard time struggling if my approach is correct..
I would appreciate some comments on what are some patterns to consider when designing simple user based platform and what are the pitfalls of my solution. Any articles and examples will also be very helpfull.
Thanks in advance.
These sound like standard problems associated with distributed, indpependent, databases. You can no longer delegate all relationships to the database and get a result aggregating them in some way. You have to do the work yourself by calling one database, then the other.
For a case like this:
Fetching users that liked particular article
You would look up the "likes" database to determine user IDs of those who liked it, then look up the "users" database to determine user details such as name and avatar.
Most patterns follow standard database advice, e.g. in the above example, you could follow the performance-oriented pattern of de-normalising - store user data such as name and avatar against each "like", as long as you feel the extra storage and burden of keeping it consistent is justified by the reduction in queries (probably too many Likes to justify this).
Another important practice is using bulk queries to avoid N+1 queries. This is what Rails does with the includes syntax, but you may have to do it yourself here. In my example, it should only take two queries because the second query should get all required user data in one go, by querying for users matching the list of user IDs.
Finally, I'd suggest you try to abstract things. This kind of code gets messy fast, so be sure to build a well-encapsulated data layer that isolates application code from dealing with the mess of multiple databases.
I've create an interesting API and I'm wondering if there is a security issue I haven't thought of. So basically my get route allows the user to send an entire stringified mongo query, which I then just pass to the mongo driver.
I make sure that any query containing $where or function are invalid. Other then that I couldn't think of any other issue I might run in to by allowing the client to send queries.
I'm really interested to hear your thoughts, am I missing something totally obvious here?
I'm bulding a small web application using mongodb and just thought if it's a good practice to show mongoIds publicly, in urls for example.
Now I'm using the following url structure for user profiles: http://example.com/user/MONGOID
Does this have any security flaws or is it discouraged in some other way?
The answer depends on many of things...
Using an ID in a URL is generally a bad idea. According to OWASP, it ranks #4 in the top 10 web security vulnerabitiy list. But using it will not ruin your project.
To prevent the security vulnerability, you must either :
Use it only on data that is public (like StackOverflow profiles)
Have some code intercept the request and validate that the user has the rights to see the resource (a profile, a page, a document, etc.)
Using _id It also ties your public URL to the back-end. You will need some conversion if you change database technology. Or maybe you will need to run some changes that will result in the object being destroyed and created again, but with a different _id, like merging databases or something. You don't want your URL to change because of that.
Another thing is that _id does not have a good spatial distribution. It does not make a good sharding key. Being derived from a time stamp, all _id are close together, linear if you will. They will tend to go in the same shard (Mongo will spread them later, but you want a key that has high cardinality).
So I prefer to pay now, and use a id field that is private to the application from the start. You can store it in the _id field if you want, but consider adding another key to your document, index it, and use that in your URLs.
No it does not have security implications.
All the person would be able to do is to guess the Id of some user or to try to go through all Ids to get all users of the system.
Take stackoverflow as an example. They have the same pattern as you: http://stackoverflow.com/users/352959 this is 352959 is you and there is nothing bad with it. The only thing that whenever you will enter this in your browser you will be redirected to http://stackoverflow.com/users/352959/king-julien.
I can try to iterate through these numbers and the next guy is http://stackoverflow.com/users/352960 but all I can found is that this is some john. And surely http://stackoverflow.com/users/1 is the creator of the resource.