How to customize the OData server using JayData?

Question

I'm quite new to JayData, so this may sound like a stupid question. I've read the OData server tutorial here: http://jaydata.org/blog/install-your-own-odata-server-with-nodejs-and-mongodb - it is very impressive that one can set up an OData provider just like that. However the tutorial did not go into details about how to customize the provider.

I'd be interested in seeing how I can set it up with a custom database and how I can add a layer of authentication/authorization to the OData server. What I mean is, not every user may have permissions to every entity and not every user has the permission to add new entities.

How would I handle such use cases with JayData?

Peter Aron Zentai · Accepted Answer · 2013-04-06T06:30:37.020

2

UPDATE:

Here are two posts that will get you started:

The $data.createODataServer method frequently used in the posts is a convenience method that hides the connect/express pipleline from you. To interact with the pipeline examine the method body of $data.createODataServer function found in node_modules/odata-server folder.

Disregard text below

Authentication must be solved with the connect pipeline there are planty of middleware for that.

For authorization EntityContext constructor accepts an authorization function that must be promise aware.

The all-allow authorizator looks like this.

  function checkPerm(access, user, entitysets, callback) {
        var pHandler = new $data.PromiseHandler();
        var clbWrapper = pHandler.createCallback(callback);
        var pHandlerResult = pHandler.getPromise();
        clbWrapper.success(true); // this grants a joker rw permission to everyone
        //consult user, entitySet and acces to decide on success/error
        //since you return a promise you can call async stuff (will not be fast though)
        return pHandlerResult;
    }

I have to consult with one of the team members on the syntax that let you pass this into the build up process - but I can confirm this is doable and is supported. I'll get back with the answer ASAP.

Having authenticated the user you can also use EntityContext Level Events to intercept Read/Update/Create/Delete operations.

$data.EntityContext.extend({
   MySet: { type: $data.EntitySet, elementType: Foobar,
            beforeDelete: function(items) {
               //if delete was in batch you'll get multiple items
               //check items here,access this.request.user 
               return false // deny access
            }

});

And there is a declarative way, you can annotate Role names with permissions on entity sets, this requirest that your user object actually has a roles field with an array of role names.

edited Apr 06 '13 at 06:30

answered Apr 04 '13 at 18:07

Peter Aron Zentai

11,482
5
41
71

Hi @Peter, thanks for your answer! It would be nice to see a working example of this, though, I don't have enough expertise with your project yet to piece it together myself. – Venemo Apr 05 '13 at 11:47
On a different note, I'm looking at your API docs here: http://jaydata.org/api/ and I can't really tell which APIs are available in your open source product and which are restricted to your paid service. – Venemo Apr 05 '13 at 11:48
In general that is in the API docs are in the open source. I do not know of any exceptions. – Peter Aron Zentai Apr 05 '13 at 13:03
@Venemo In a couple of hours you'll see a new post on jaydata.org/blog about how to implement an authorization scenario. – Peter Aron Zentai Apr 05 '13 at 13:04
Thank you @Peter I'm looking forward to seeing it :) – Venemo Apr 05 '13 at 21:21
@Venemo updated the post with references to the info you requested. – Peter Aron Zentai Apr 06 '13 at 06:31
thanks for your effort, the example is indeed quite simple enough, as you said. :) I got curious, so I also tried to look up the createODataServer function in your API docs, but can't find it. At least it's not in the `$data` and `$data.oDataServer` sections. Can you please tell me where to look for it? – Venemo Apr 06 '13 at 08:51
Okay, thank you @Peter for your help. I'm marking this answer as accepted and will try out the example code. :) – Venemo Apr 07 '13 at 09:05

score 1 · Answer 2 · answered Feb 10 '13 at 08:28

1

I too have been researching oData recently and as we develop our platform in both node and C# naturally looked at JayStorm. From my understanding of the technical details of JayStorm the whole capability of Connect and Express are available to make this topic possible. We use Restify to provide the private API of our platform and there we have written numerous middleware modules for exactly this case.

answered Feb 10 '13 at 08:28

Dokie

304
3
9

Hi, could you be please more specific? – Venemo Feb 10 '13 at 20:21
What I mean is that you can write/re-use Connect or Express middleware modules to place in the request/response pipeline of JayStorm and these can do whatever you require them to. We have written similar middleware modules for Restify and Connect to handle Authentication/Authorizatio/Content Filtering/Claims/Anti-CSRF/Anti-XSS and so on. – Dokie Apr 04 '13 at 21:11

score 1 · Answer 3 · answered Mar 13 '13 at 01:46

We are using JayData for our OData Service layer also, and i have implemnment a very simple basic authentication with it. Since the JayData is using Express, so we can leverage Express' features. For Basic Auth, the simplest way is:

app.use(c.session({ secret: 'session key' }));
// Authenticator
app.use(c.basicAuth('admin', 'admin'));
app.use("/odata.svc", $data.JayService.OData.Utils.simpleBodyReader());

you also can refer to this article for more detail for authentication with Express: http://blog.modulus.io/nodejs-and-express-basic-authentication

Thanks.

score -2 · Answer 4 · answered Feb 02 '13 at 16:36

-2

I wrote that blogpost, I work for JayData. What do you mean by custom database? We have written a middleware for authentication and authorization but it is not open source. We might release it later. We have a service called JayStorm, it has a free version, maybe that is good for you. We probably will release an appliance version of it.

answered Feb 02 '13 at 16:36

Gabor Dolla

2,680
4
14
13

Hi Gábor, I understand that the component in question is not open source. The question is about how to implement such a middleware for my own app. :) – Venemo Feb 02 '13 at 18:29
For the authentication you can use any node.js module, we use passport. For authorization you have to implement a lot of things, a good starting point is this blog post: http://jaystack.com/blog/using-jaystorm-api-on-the-server-side – Gabor Dolla Feb 04 '13 at 13:38
Gabor mentioned JayStorm, the hosted version of the tecnology. Give it a try for free here: http://jaystack.com/blog/jaystorm-open–starting-point (Disclaimer: I'm member of the dev team, let me know if you need technical help) – Robesz Feb 04 '13 at 16:28
Hi, thanks for the recommendation! at this point I'm only trying out things on a hobbyst level, so I'm more interested in experimenting with OData and Node.js - but I may consider using your service in the future :) – Venemo Feb 04 '13 at 20:33
I read the suggested blog post and it seems to be about something else. But it doesn't contain the answer to my question. :( – Venemo Feb 09 '13 at 07:22
1

@Venemo There is a way to do it. Check my response - it might help. I'll come back with a more detailed how-to as soon as I can. – Peter Aron Zentai Apr 04 '13 at 18:11
We posted two new blogposts about this topic. – Gabor Dolla Apr 07 '13 at 20:14

How to customize the OData server using JayData?

4 Answers4

UPDATE: