Security rules
Squid Cloud provides powerful authorization features to help you control access to your different entities, such as databases, backend functions, APIs, and more. This allows you to protect your data and ensure that only authorized users can perform certain actions.
Using the Squid Backend SDK, you can apply various decorators to your functions to enable authorization checks. These decorators act as guards to restrict access to your entities, based on various criteria such as user roles, permissions, and more.
If a client attempts to access a secured entity but the authorization function returns false
, indicating that the user
is not authorized, the client will receive an Error
with the following details
{
"statusCode": 401,
"message": "UNAUTHORIZED"
}
For example, let's say you have a users
collection and want to ensure that users can only read their own user record.
You can write a backend function annotated with @secureCollection
like this
import { secureCollection, SquidService } from '@squidcloud/backend';
import { QueryContext } from '@squidcloud/client';
type User = { id: string; email: string; age: number };
export class ExampleService extends SquidService {
@secureCollection('users', 'read')
secureUsersRead(context: QueryContext<User>): boolean {
const userAuth = this.getUserAuth();
if (!userAuth) {
return false;
}
const userId = userAuth.userId;
return context.isSubqueryOf('id', '==', userId);
}
}
If a user tries to read users other than themselves, the secureUsersRead
function will return false, causing the
client function to throw an error:
// This function will throw an error
async function readAllUsers(squid: Squid): Promise<User[]> {
return await squid.collection<User>('users').query().snapshot();
}
In summary, Squid provides powerful authorization and security features that allow you to easily control access to your data and resources.
Explore
Securing data access
You can use a range of decorators provided by Squid Cloud to protect any database that is connected to Squid Cloud, including the built-in internal database. Each decorator is designed to protect a different part of a database.
Securing APIs
Squid Cloud provides the @secureApi decorator, which allows you to protect an API integration. You can use this decorator to protect each endpoint separately, or all endpoints within the integration.
Securing GraphQL
Squid Cloud provides the @secureGraphQL decorator, which allows you to protect your GraphQL integrations. This decorator enables you to easily control access to your GraphQL endpoints, ensuring that only authorized users can access your data and resources.
Securing distributed locks
Use distributed locks to manage access to your shared resources in real-time to transact data in the desired order. Secure distributed locks using the @secureDistributedLock decorator
Securing the AI Chatbot
Securing your data is vital when using the Squid Client to create profiles and enable chatting. The AI chatbot's profiles and the chats conducted with them can contain sensitive information, so it's crucial to restrict access and updates to prevent unauthorized usage or modification.
Securing storage buckets
Squid provides a @secureStorage decorator which allows you to protect your built-in storage bucket and AWS S3 buckets, ensuring that only authorized users can access your files
Securing Squid Queues
Squid Cloud provides the @secureTopic decorator, which allows you to protect your Apache Kafka queues, ensuring that only authorized users can access your data stream messages.