Feature Request : App level storage

[triptych]

Right now apps can store stuff I assume per user - but this is more like a localstorage that only the user can see. I want an app to be able to store things at an app level so that when the app runs 'anywhere' it has access to it's own storage.

A use case: 1) chat - to store and see who's all logged in to the app 2) shared docs - multiple authors perhaps editing some doc 3) simple database - app config

TL:DR; - A global key value store per app -- not specific to any given user.

[jelveh]

This would be very useful. One concern we have is whether it can be abuse and what safeguards we should put in place. Building a shared-app store means that any user can write to or read from that store and bad actors could DDOS the apps storage. Any thoughts on this?

[jelveh]

@KernelDeimos has some good thoughts on this.

[kveroneau]

I was actually thinking of this type of feature myself, as opening files which are owned by the app itself, instead of just end-user controlled files would be really nice. At first I thought I could just place whatever files I want the app to use in the deployment, but then the tricky part comes to writing any data back for future use by the app itself. Perhaps a simple solution would be to say have a special directory inside the deployment folder say labeled public or something, which then an API can be used to save resources back into it. I can see the potential for abuse, so perhaps, for this type of feature to even be available, the end-user needs a Puter.com account, this way it can be tracked in the case of abuse, and files cannot be written by non-registered users. It is tricky from a security point of view.

[jelveh]

@kveroneau I missed this comment :/ This is a very useful feature, same as app-level kv storage. The only issue, as you mentioned, is abuse. We need a way to rate-limit requests which is controlled by the app itself. Any thoughts? Please post them here to brainstorm. The backend will be open-sourced soon, so we're close to implementing these!

[triptych]

I believe other implementations enforce an appkey that is used to make App level api calls. This appkey both identifies the app, but allows for rate limiting, etc. The appkey can be revoked etc if the app starts to abuse the apis.

[kveroneau]

One way to at least prevent some abuse would be to limit such an API to non-guests, meaning a full Puter account is needed for an app to use app-specific storage. Another idea that also came to mind as on Discord I've been seeing all the amazing progress @triptych has been making with an RPG engine, is to have some sort of Puter message queue system, which could then allow the creation of an MMORPG using just Puter as the backend, allowing one client to say publish where the character is on the map, and the other Puter app clients can be notified, and hence movement of other players on the shared map could be performed.

I feel like having this type of feature in Puter, where apps can store shared data can really increase the overall potential of what Puter apps can do on the platform without needing to involve any additional outside APIs.