RethinkDB Proxy

Reverse proxy for RethinkDB

Make your RethinkDB publicly accessible through limiting what kind of queries can be executed on your RethinkDB database.

Currently, RethinkDB has no access control (although they're currently working on it). Anyone with access to a running instance has access to everything, including system tables. This is a simple solution to that problem that allows for limited access to RethinkDB.

• Introduction by Example
• Try it!
• Installation
• Running rethinkdb-proxy
• Options
• The Future
• License

Introduction by Example

First, start the proxy.

$ rethinkdb-proxy --port 8125

Using the proxy, getting all users in the users table is allowed.

r.connect({ port: 8125 }).then((conn) => {
  r.table('users').coerceTo('array').run(conn)
    .then((results) => {
      // We have some results!
      console.log(results); // [{ name: 'jorge' }, ... ]
    });
});

But deleting the users is not:

import rethinkDBProxy from 'rethinkdb-proxy';
rethinkDBProxy({ port: 8125 });

r.connect({ port: 8125 }).then((conn) => {
  r.table('users').delete('array').run(conn)
    .catch((err) => {
      // We get an error!
      console.log(err); // RqlClientError: Cannot execute query. "DELETE" query not allowed
    });
});

Try it!

You can try out rethinkdb-proxy by connecting to a publicly available proxy at rethinkdb-proxy.thejsj.com:8125. This database (named test) has two tables: countries and cities. You can run queries against it to see how rethindkb-proxy works.

JavasScript:

import r from 'rethinkdb';
r.connect({ host: 'rethinkdb-proxy.thejsj.com', port: 8125 })
 .then(function (conn) {
   r.table('countries').coerceTo('array').run(conn);
 });

Python:

import rethinkdb as r
conn = r.connect(host="rethinkdb-proxy.thejsj.com", port=8125)
r.table('countries').coerce_to('array').run(conn)

Installation

Install rethinkdb-proxy through npm.

npm install -g rehtinkdb-proxy

Running rethinkdb-proxy

CLI

rethinkdb-proxy comes with a CLI out-of-the box:

rethinkdb-proxy --port 8125 

Module

You can also import rethinkdb-proxy into Node.js:

import rethinkDBProxy from 'rethinkdb-proxy';
rethinkDBProxy({ port: 8125, allowInsert: true });

Options

• port
• rdbHost
• rdbPort
• dbs
• allowSysDbAccess
• tables
• allowWrites
• allowInsert
• allowUpdate
• allowDelete
• allowReplace
• allowDbCreate
• allowDbDrop
• allowTableCreate
• allowTableDrop
• allowIndexes
• allowIndexCreate
• allowIndexDrop
• allowIndexRename
• allowReconfigure
• allowRebalance
• allowHttp
• allowJavascript

Port

Port in which to listen for driver connections. You should point your driver to this port.

RethinkDB Host

Host in which RethinkDB is running.

RethinkDB Port

Host in which RethinkDB is running.

Databases

Database to allow access to. By default, all database are allowed except rethinkdb.

Allow System Database Access

Allow access to the rethinkdb database. This is not allowed by default because access to this database allows the user to delete all other data, cancel jobs, mess with the cluster, etc.

Tables

Tables to allow access to. Tables must include their database db.table.

Allow Writes

Allow all operations that write to the database (insert, update, delete).

Allow insert

Allow insert queries.

Allow update

Allow update queries.

Allow delete

Allow delete queries.

Allow replace

Allow replace queries.

Allow dbCreate

Allow dbCreate queries

Allow dbDrop

Allow dbDrop queries

Allow tableCreate

Allow tableCreate queries.

Allow tableDrop

Allow tableDrop queries.

Allow Indexes

Allow all operations on indexes (indexCreate, indexDrop, indexRename).

Allow indexCreate

Allow indexCreate queries.

Allow indexDrop

Allow indexDrop queries.

Allow indexRename

Allow indexRename queries.

Allow reconfigure

Allow reconfigure queries.

Allow rebalance

Allow rebalance queries.

Allow http

Allow queries with the http term.

Allow js

Allow queries with the js term.

The Future

As of right now, there are many features that could be added to rethinkdb-proxy. If you have any suggestions, please submit an issue. If enough people use this, I'd be happy to implement them. Features for the future might include:

• Access from the front-end, Firebase style (through http and/or websockets)
• Authentication/User accounts (perhaps integration with Github/OAuth)
• More robust access control (permissions per database, per table)
• Options stored in the database

License

Copyright (c) 2015, Jorge Silva.

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.