Middleware for multi-tenancy?

Tom · November 11, 2018, 7:14am

From what I gather, there is currently no native way of enforcing a namespace / multi-tenancy aspect that’s required for any modern SaaS project.

Is there a way to introduce middleware into the Dgraph server that would allow us to wrap / constraint any query / mutation by assessing for example a JWT auth token and wrapping the incoming query with a

// jwt { name: "johndoe" }
q(func: has(namespace-johndoe)) {
  ... incoming query ...
}

MichelDiz · November 11, 2018, 6:17pm

There’s a lot of discussion here on Discuss about Multi-tenancy and ACLs. There are planes for this.

See Possible timeline of implementing ACL's in Dgraph - #2 by mrjn

Tom · November 12, 2018, 6:40am

That post is literally a year old… Any updates since then?
And what about my question, is there a way to manually introduce a middleware until the native ACL is ready?

MichelDiz · November 12, 2018, 3:59pm

There is an internal paper with update on this, the only update I can pass is that it has already started some work on this. But there is no date, as there are many other issues to be worked on.

You can try this One JS example with Dgraph-js for beginners. Using graphQL instead of REST or create some kind of REST. There’s no other way as far I know.

labs20 · November 13, 2018, 12:09pm

Hi, Michel.

I have no experience with docker, but I was wondering if a docker farm could do the job until then. Like, one docker for each customer database, each one listening on a different port, and having some logic on app login to redirect the connection for each user. This could be a fix for a while (on a small scenario?).

If that can be done, would you have any docs or good practical examples to share of how to do that?

Thanks!

MichelDiz · November 13, 2018, 2:37pm

In theory, yes can be done. In practical, too way complex to deal and I don’t think has examples for this available anywhere. Cuz is unusual this way of thinking tenancy usage.

And we can not spend time on this to create an example, as there are plans already for ACLs.

But, instead of this, you could create a Graph Structure inside Dgraph to simulate DBs. Like graph branches. Each branch your code would consider as a Client DB. You’d sharing the same DB for all costumers.

A Graph DB is a blank slate and you can painting as you want.

system · December 13, 2018, 2:37pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Multi-tenant solution for Dgraph Users	4	2354	January 4, 2018
Clarification on ACL with multi tenancy and Dgraph lambda Dgraph kind:question , dgraph , lambda	0	390	May 14, 2023
Multi-Tenancy 2021 Dev	1	1525	March 10, 2021
How GraphQL would work with Multi-tenancy Dev rfc , multi-tenancy	2	1612	July 9, 2021
What is the endpoint of a namespace on a dedicated server? Dgraph Cloud kind:question , dgraph	9	1209	October 5, 2022

Middleware for multi-tenancy?

Related topics