Description
Let's consider what it would take to give users / organisations their own store.
Relates to #481
Some considerations:
- Tenants must only get access to their own data
- Calculate how much space a tenant is using
- Drives are probably the same as tenants
Current situation
- We can use authorization to tenantize
- As more resources are non-public, the queries will become slower, since only a small percentage of queries will hit resources that a user will have access to.
QueryFilter should include tenant
- If we add a
Tenantoption toQueryFilterobjects, we solve the performance issue discussed above.
Relates to adding a parent to QueryFilter #295 #481 #570
One Tree per tenant
We use a bunch of sled's Tree items to store stuff on the disk. We do this for Resources and various indexes.
For each request, we could determine which tenant is used, and pass this in following functions.
In this scenario, each tenant will have their own indexes.
- This will lead to data duplication if multiple tenants use the same resources.
- Secure, really low chance of leaking data between tenants
- Does not solve search, since tantivy does not use sled. But we can also add a
tenantto the tantivy scheme, and filter there. - Allows seeing how much space is used
- Allows potentially encrypting per tenant Encrypted storage #300
- Unsure what the performance implications are of opening a tree at runtime.
Require different subdomain for every tenant / Drive
Advantages:
- Would make it easy to perform
rangequeries, as they start with different URLs. - Would make it easy to find the Drive for any given URL - no recursive queries needed for rights checks!
- Feels like it's your own little island
- Great UX in web browsers with autocomplete: start with your own name, autocomplete to
atomicdata.dev
Disadvantages:
- I know we sometimes check URLS by how they start. This would not work.
Considerations
- Maybe we need to change the type for
subject. We currently useStringor&str, but maybe we need to change this to something that allows us to easily extract the subdomain. Or maybe we can simply use some new regex function for this. - We should keep in mind the sign-up UX sign-up / register endpoint: create a new Drive and a new Agent in one request #489
Subdomains with actix
Not sure how to implement this with actix-web using SSL / TLS. It does not support hot-swapping SSL credentials and I don't think it supports creating subdomains at all.
However, if I run atomic-server locally I can visit example.localhost, and it actually works. So There's probably some things I can do in routes to fix this.
Also, there is the Host guard that allows me to filter by hostname. I want to do this dynamically, and find a solution for the SSL stuff. Maybe we can use a wildcard domain certificate.
Update: we can use actix_web::dev::ConnectionInfo to get the hostname, thus we can find a subdomain. #502
Subdomains with Axum
Seems doable! Here's an example.
But that would mean I'd have to rewrite most of the server part... That's a big investment!