atomic-server icon indicating copy to clipboard operation
atomic-server copied to clipboard
verified publisher icon atomicdata-dev

Multi-tenancy

Open joepio opened this issue 4 years ago • 0 comments

Let's consider what it would take to give users / organisations their own store.

Relates to #481

Some considerations:

  • Tenants must only get access to their own data
  • Calculate how much space a tenant is using
  • Drives are probably the same as tenants

Current situation

  • We can use authorization to tenantize
  • As more resources are non-public, the queries will become slower, since only a small percentage of queries will hit resources that a user will have access to.

QueryFilter should include tenant

  • If we add a Tenant option to QueryFilter objects, we solve the performance issue discussed above.

Relates to adding a parent to QueryFilter #295 #481 #570

One Tree per tenant

We use a bunch of sled's Tree items to store stuff on the disk. We do this for Resources and various indexes. For each request, we could determine which tenant is used, and pass this in following functions. In this scenario, each tenant will have their own indexes.

  • This will lead to data duplication if multiple tenants use the same resources.
  • Secure, really low chance of leaking data between tenants
  • Does not solve search, since tantivy does not use sled. But we can also add a tenant to the tantivy scheme, and filter there.
  • Allows seeing how much space is used
  • Allows potentially encrypting per tenant #300
  • Unsure what the performance implications are of opening a tree at runtime.

Require different subdomain for every tenant / Drive

Advantages:

  • Would make it easy to perform range queries, as they start with different URLs.
  • Would make it easy to find the Drive for any given URL - no recursive queries needed for rights checks!
  • Feels like it's your own little island
  • Great UX in web browsers with autocomplete: start with your own name, autocomplete to atomicdata.dev

Disadvantages:

  • I know we sometimes check URLS by how they start. This would not work.

Considerations

  • Maybe we need to change the type for subject. We currently use String or &str, but maybe we need to change this to something that allows us to easily extract the subdomain. Or maybe we can simply use some new regex function for this.
  • We should keep in mind the sign-up UX #489

Subdomains with actix

Not sure how to implement this with actix-web using SSL / TLS. It does not support hot-swapping SSL credentials and I don't think it supports creating subdomains at all.

However, if I run atomic-server locally I can visit example.localhost, and it actually works. So There's probably some things I can do in routes to fix this.

Also, there is the Host guard that allows me to filter by hostname. I want to do this dynamically, and find a solution for the SSL stuff. Maybe we can use a wildcard domain certificate.

Update: we can use actix_web::dev::ConnectionInfo to get the hostname, thus we can find a subdomain. #502

Subdomains with Axum

Seems doable! Here's an example.

But that would mean I'd have to rewrite most of the server part... That's a big investment!

joepio avatar Jan 24 '22 20:01 joepio