Security rules
Squid provides powerful authorization features to help you control access to your different entities, such as databases, backend functions, APIs, and more. This allows you to protect your data and ensure that only authorized users can perform certain actions.
Using the Squid Backend SDK, you can apply various decorators to your functions to enable authorization checks. These decorators act as guards to restrict access to your entities, based on various criteria such as user roles, permissions, and more.
If a client attempts to access a secured entity but the authorization function returns false
, indicating that the user
is not authorized, the client will receive an Error
with the following details
{
"statusCode": 401,
"message": "UNAUTHORIZED"
}
For example, let's say you have a users
collection and want to ensure that users can only read their own user record.
You can write a backend function annotated with @secureCollection
like this
import { secureCollection, SquidService, QueryContext } from '@squidcloud/backend';
type User = { id: string; email: string; age: number };
export class ExampleService extends SquidService {
@secureCollection('users', 'read')
secureUsersRead(context: QueryContext<User>): boolean {
const userAuth = this.getUserAuth();
if (!userAuth) {
return false;
}
const userId = userAuth.userId;
return context.isSubqueryOf('id', '==', userId);
}
}
If a user tries to read users other than themselves, the secureUsersRead
function will return false, causing the
client function to throw an error:
// This function will throw an error
async function readAllUsers(squid: Squid): Promise<User[]> {
return await squid.collection<User>('users').query().snapshot();
}
In summary, Squid provides powerful authorization and security features that allow you to easily control access to your data and resources.
Explore
Securing data access
Use a range of decorators provided by Squid to protect any database that is connected to Squid, including the built-in internal database.
Securing APIs
Use the @secureApi decorator to protect and manage access to an API integration.
Securing GraphQL
Use the @secureGraphQL decoratoru to protect access to your GraphQL integrations.
Securing distributed locks
Distributed locks manage access to shared resources to transact data in order. The @secureDistributedLock decorator secures locks.
Securing the Squid AI Agent
Use the @secureAiChatbot decorator to designate a funciton as securing a given agent.
Securing storage buckets
The @secureStorage decorator which allows protects your storage buckets so only authorized users can access your files.
Securing Squid Queues
The @secureTopic decorator protect your Apache Kafka queues, ensuring that only authorized users can access your data stream messages.