Selective synchronisation

I’m building a little app to help me get a better understanding of streaming architectures and I want to use resgate as the glue between my backend (kafka) and my web frontend.

Something I’m having a hard time with is after logging into my app, how do I only get events that I’m allowed to see?

Imagine logging into the app and balance updates from everywhere starts streaming to you? From what I’ve seen, if I subscribe to a get.account.balance topic, I’ll receive everybody’s balance updates?

Would appreciate any help / pointers.

Cheers,
paulz

A delayed response, but hopefully it is still relevant:

Resgate is more about resources than streaming. You control access to resources, not events by themselves.

When a client subscribes to a resource (eg. account.balance), the server will grant or deny get access using the access.account.balance topic (access request). If access is granted, the client will have access to the resource and all events sent on that resource.

So, how to make it more granular?

In your case, you should not have a single account.balance resource; you should have multiple resources, eg. account.{accountId}.balance (or perhaps user.{userId}.account.balance).

Instead of sending events on account.balance, you would send it to eg. account.42.balance.

Access is controlled with the access request:

Example using node.js and raw NATS client.

// Access listener
nats.subscribe('access.account.*.balance', (request, reply, subject) => {
    let r = JSON.parse(request);
    // Assume we have set userId in the token
    let userId = r.token && r.token.userId;
    // Get just the wildcard (accountId) part of the subject
    let accountId = subject.slice(15, -8);
    // Validate access in some smart way
    let getAccess = validateUserOwnsAccount(userId, accountId);
    // Reply with get access set to true or false depending on if access is granted
    nats.publish(reply, JSON.stringify({ result: { get: getAccess }}));
  });

If you are uncertain on how to set the access token (where we get the userId from in above code example), I can help with that too :slight_smile: .

Best regards,
Samuel

1 Like

Sorry for this super delayed response.

This is perfect and makes a lot of sense!

Thanks a lot.

Welcome back :grin: . Glad it made sense.