Giters

AKIRA-MIYAKE / owner-centric-datastore

Proof of concept for a serverless datastore that allows data owners to manage access

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

owner-centric-datastore

Proof of concept for a serverless datastore that allows data owners to manage access

Concept

  • Data belongs to the owner
  • Owner controls access to data by group

In scope

  • Optimized for data generated over time (health data, etc.)
  • Minimize performance degradation as the number of data increases

Out of scope

  • User authentication (using OAuth2)
  • Decentralized data store
  • Relations between data

Architecture overview

  • Data are created under the user.
    • These data can only be accessed by the user himself.
  • If the user belongs to a group as a provider, a duplicate is created for each group at creation time.
    • This process is triggered by DynamoDB Stream.
    • This method is adopted to avoid N + 1 query problem and access control complexity.
  • When a user is removed from a group to which they belong as a provider, or when a group is removed, all duplicate data will be removed.
    • Therefore, users who belonged to the group as consumers cannot access the data.

TBD

  • Conditions for data to be duplicated for a group (specific type, etc.)
  • Duplicate past data when joining a group
  • Change the created data
    • Reflect user data changes in duplicated data
  • Leave a group or delete a group
    • Delete duplicate data when excluding a user from a group or deleting a group

API

User

GET /user

Get the authenticated user

POST /user

Create the authenticated user

Data

GET /user/data

List data for the authenticated user

POST /user/data

Create a data for the authenticated user

PATCH /user/data/:data_id

Update the data for the authenticated user

DELETE /user/data/:data_id

Delete the data for the authenticated user

GET /user/data/types/:type

List data of specific type for the authenticated user

GET /groups/:group_id/data

List group data
Authenticated user must be a consumer of the group

GET /groups/:group_id/data/types/:type

List group data of specfic type
Authenticated user must be a consumer of the group

Groups

POST /groups

Create a group owned by an authenticated user

GET /groups/:group_id

Get a group
Authenticated user must be a member of the group

Members

GET /user/members

List group members for the authenticated user

DELETE /groups/:group_id/members/:member_id

Delete a group member
Authenticated user must be a owner of the group

Invitations

GET /groups/:group_id/invitations

List group invitations
Authenticated user must be a owner of the group

POST /groups/:group_id/invitations

Create a group invitation
Authenticated user must be a owner of the group

POST /groups/:group_id/invitations/:invitation_id/accept

Accept the invitation

POST /groups/:group_id/invitations/:invitation_id/decline

Decline the invitation

GET /user/invitations

List invitations for the authenticated user

About

Proof of concept for a serverless datastore that allows data owners to manage access

License:MIT License

Languages

Language:TypeScript 98.7%Language:JavaScript 1.3%