Open in app

Sign in

Write

Sign in

Approaching release of Dexie Cloud

David Fahlander
Dexie.js
Published in
2 min readJul 8, 2022

--

Dexie Cloud has been feature complete since new year and I’ve recently been seeing an increased usage from beta testers as we’ve added lots of new users to the service. If you’ve not been approved yet, please apply again and we’ll be revisiting your request.

What’s new since the last blog post:

  1. Access Control model was completed, allowing to use role based access control.
  2. The docs have been largely extended to include the entire client-side API surface.
  3. Sample app is updated using a role based access model.

As of this writing, we have around 500 approved testers and getting more people on the waitlist and each day.

Production Ready

The service is ready for production but we’re keeping the beta-status for a while in order to verify long-term stability. Actively used databases in Dexie Cloud BETA will persist into production. In case you need to make a BETA release of your app now, please do! Not-used databases (not accessed for 3 months or more) may be cleaned out but we will first email out a warning and allow a grace period for reactivating them.

A note on Access Control mechanism

Dexie Cloud verifies access control on the server. All operations in sync requests are verified according to the data in your members, roles and realms tables.

When you code your app, there are client-side helpers you can use to render your buttons and actions conditionally depending on the access level of your current user: usePermissions and db.cloud.permissions(). However, the actual security verification will take place on the server. Helpers prohibit users from violating access control (by disabling a button or field). Client-side storage will not prohibit mutation that violate access control. You can try to add objects in a realm you’ve only have readonly access in. However, as soon as the eager sync request is made, violations will be detected at the server and transaction will be rolled back, and the rollback-operations will be sent back to the client that will apply the rollback onto the offline storage.

We might start verifying access on the client-side storage level at a later point, but the real security value lies on the server, this extra ‘eager client security check’ has not been regarded as a critical feature yet.

If you’d like to discuss this, please refer to Dexie’s GitHub discussions.

Next steps

  • …production features for database owners — manage databases and subscriptions
  • …payment solution
  • …investigate more features such as web push and streamed server requests to handle sync of larger datasets.

Please continue to give feedback — good and bad, and let me know if you aim to release an app soon or expect increased usage so we can scale the service accordingly.

--

--

David Fahlander
Dexie.js

Written by David Fahlander

58 Followers

Author of Dexie.js. Passionate about simplifying app development. Javascript. Isomorphic app, data fetching and React.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams