How do I set up an OData server using JayData?
I'm new to JayData so this might seem like a silly question. I read the OData server tutorial here: http://jaydata.org/blog/install-your-own-odata-server-with-nodejs-and-mongodb - it's very impressive that you can configure your OData provider that way. However, the tutorial did not provide details on how to set up the provider.
I would be interested to know how I can configure it with a custom database and how to add an Authentication / Authorization layer to the OData server. I mean, not every user can have permissions on every object, and not every user has permission to add new objects.
How can I handle such use cases with JayData?
Thanks in advance for your answers!
source to share
UPDATE:
Here are two messages to help you get started:
A method $data.createODataServer
often used in posts is a convenience method that hides the connection / expression string from you. To interact with the pipeline, examine the method body $data.createODataServer
found in the node_modules / odata-server folder.
Ignore the text below
Authentication has to be solved with a connecting pipeline, there is a middleware platinum for that.
To authorize the EntityContext, the constructor takes an authorization function that must be promised.
The all-allow authorization resolver looks like this.
function checkPerm(access, user, entitysets, callback) {
var pHandler = new $data.PromiseHandler();
var clbWrapper = pHandler.createCallback(callback);
var pHandlerResult = pHandler.getPromise();
clbWrapper.success(true); // this grants a joker rw permission to everyone
//consult user, entitySet and acces to decide on success/error
//since you return a promise you can call async stuff (will not be fast though)
return pHandlerResult;
}
I need to consult one of the team members on the syntax that will allow you to pass this to the build process, but I can confirm that it is doable and supported. I will get back with a reply as soon as possible.
After the user is authenticated, you can also use EntityContext Level Events to intercept Read / Update / Create / Delete operations.
$data.EntityContext.extend({
MySet: { type: $data.EntitySet, elementType: Foobar,
beforeDelete: function(items) {
//if delete was in batch you'll get multiple items
//check items here,access this.request.user
return false // deny access
}
});
And there is a declarative way, you can annotate the role names with entity permissions, this requires your custom object to actually have a role field with an array of role names.
source to share
I also looked into oData recently and when we develop our platform in both node and C # naturally looked at JayStorm. From my understanding of the technical details of JayStorm, all the features of Connect and Express are available to make this theme possible. We use Restify to expose the private API of our platform, and there we wrote a lot of middleware for this case.
source to share
We also use JayData for our OData service layer and I have a simple simple authentication implementation. Since JayData uses Express, we can use Express functions. For Basic Auth, the easiest way is:
app.use(c.session({ secret: 'session key' }));
// Authenticator
app.use(c.basicAuth('admin', 'admin'));
app.use("/odata.svc", $data.JayService.OData.Utils.simpleBodyReader());
you can also refer to this article for more details for Authentication with Express: http://blog.modulus.io/nodejs-and-express-basic-authentication
Thank.
source to share
I wrote this blogpost, I work at JayData. What do you mean by custom database? We have written authentication and authorization middleware, but it is not open source. We can let him go later. We have a service called JayStorm, it has a free version, maybe that's good for you. We will probably release a version of this device.
source to share