Open maparent opened 3 years ago
maparent
commented
3 years ago Feeling more secure in the choice of debezium. One thing we'll have to live with: for the client that made the change, it gets a change notice of the changes it has just made. We'll have to be a bit sensitive in how we manipulate the VueX state so it tolerates receiving changes it's already applied.
maparent
commented
2 years ago First draft done. Uses Postgres listen/notify, with a highly ad-hoc dsl. A dispatcher process reads those and sends to socket which need it. Currently only works for nodes, more to do.
maparent
commented
2 years ago Quests are next on the board.
maparent
commented
2 years ago Quests are done.
This is much more difficult than it seems. Most systems that automate subscription to database operations (eg postgraphile) are not security-aware. So this is a place where we need a middleware. Provisional idea: Look at tools that translate database operations to Kafka (Debezium?), consume those in a middleware (Python or JavaScript) that will keep a cache of enough info to know to take security decisions. This middleware will expose websockets (probably using the same token as Postgrest for identity checking). This is going to be one exception to DRY of (read) security rules.