Skip to main content

Securing Squid Queues

Squid Cloud provides the @secureTopic decorator, which allows you to protect your Apache Kafka queues, ensuring that only authorized users can access your data stream messages.

To secure a Squid queue topic, use the @secureTopic decorator, passing the topic name and the type of action. The following code allows read and write access to a queue for the 'hello-world' topic:

Backend code
import { SquidService, secureTopic } from '@squidcloud/backend';

export class ExampleService extends SquidService {
@secureTopic('topic-name', 'all')
allowTopicAccess(): boolean {
return true;
}
}

The action type can be 'read', 'write', or 'all'.

Securing topic message reads

When securing topic message reads, the security function passes a TopicReadContext which contains the integration ID and topic name for the topic messages the client wants to read. The following example secures the 'topic-name' topic such that only authenticated users can read topic messages:

Backend code
@secureTopic('topic-name', 'read')
allowTopicRead(context: TopicReadContext): boolean {
console.log(context.topicName);

return this.isAuthenticated();
}

Securing topic message writes

When securing topic message writes, the security function passes a TopocWriteContext<T> (T is the type of the message) which contains the integration ID, topic name, and array of topic messages the client wants to write. The following example shows how to secure writing to a topic such that if any messages contain 'bad word', the write is not permitted:

Backend code
@secureTopic('topic-name', 'write')
allowTopicWrite(context: TopicWriteContext<T>): boolean {
console.log(context.topicName);
for (const message of context.messages) {
console.log(message);
if (message.contains('bad word')) {
return false;
}
}
return true;
}

When using an Apache Kafka or Confluent integration, provide the integration ID as the third parameter of the decorator. The following example shows a security function for a queue with an integration ID of 'kafka-integration-id':

Backend code
import { SquidService, secureTopic } from '@squidcloud/backend';

export class ExampleService extends SquidService {
@secureTopic('topic-name', 'all', 'kafka-integration-id')
allowTopicAccess(): boolean {
return true;
}
}