Add server validation of documents

[deontologician]

This is to enable a write to go through by validating that the resulting document is valid, but is separate from security rules

[dalanmiller]

Where would one specify the required schema? Via a config file?

[deontologician]

Yeah, it'll have to be.

[deontologician]

Things that were discussed:

• Validation checks should be done on the final document to be written
• We should use json-schema for validation
  • this would lend itself to being implemented in RethinkDB itself
  • Keeps the validation language simple and standardized
  • several libraries are capable of emitting json schema
• This is orthogonal to both permissions and transactional writes
• Not settled whether to fail if any write doesn't validate, or just to keep going and report failures

[danielmewes]

Not settled whether to fail if any write doesn't validate, or just to keep going and report failures

I think validation only makes sense if we fail. The case where we weren't sure was for reads (whether to filter out documents that the user doesn't have permissions on, or fail).

Another thing that we discussed: In addition to json-schema validation, advanced users could also install their own atomic ReQL validation functions (but not arbitrary JS).

[josephg]

Yeah this would be great. Its irresponsible to allow clients to store arbitrary documents - you really want some (simple) schema validation for almost anything you store.

Calling schema validation code from inlined javascript strings in config.toml is super awkward.

[sachinbhutani]

It would be great, if it could be a generic hook, which may be used for validation change update or something else. Also, could it be isomorphic ?

[kiejo]

Making it isomorphic would be great as this should make it easier to implement offline support with optimistic updates.

What might also be interesting would be to include transformation capabilites which would allow using functions like trim or toLowerCase on fields.