PersistenceJS
comes with client-server example for syncing to backend database. But, when a project complexity reaches a certain level, cross-domain persistence store access might be required. There are many ways to tweak the script for allowing cross-domain access. I was looking for a simple and elegant way to handle this issue, and I found
non-other than tweaking the http-header. Tweaking the http-header is a common
way to bypass same domain policy.
The
purpose of this article is demonstrate the steps to tweak Nodejs web
server to support cross domain request so that persistence client hosted on
different domain can perform a database sync on the Nodejs web server.
The Server-Side - Setting the
http-header
Below is
a sample app.js based on todo-app (see my earlier post :). The example below shows the server-side scripting that is required to allow cross-domain access for persistence. The changes are highlighted in YELLOW.
var
strVcap = process.env.VCAP_SERVICES ||
'{"mysql-5.1":[{"name":"mysql-d70a3","label":"mysql-5.1","plan":"free","tags":["mysql","mysql-5.1","relational"],"credentials":{"name":"todoappdb","hostname":"localhost","host":"localhost","port":3306,"user":"root","username":"root","password":"MyNewPass"}}]}';
var
jsonVcap = JSON.parse(strVcap);
//persistence
declaration
var
persistence = require('persistencejs/lib/persistence').persistence;
var
persistenceStore = require('persistencejs/lib/persistence.store.mysql');
var
persistenceSync = require('persistencejs/lib/persistence.sync.server');
persistenceStore.config(persistence,
jsonVcap["mysql-5.1"][0].credentials.host,
jsonVcap["mysql-5.1"][0].credentials.port,
jsonVcap["mysql-5.1"][0].credentials.name,
jsonVcap["mysql-5.1"][0].credentials.username, jsonVcap["mysql-5.1"][0].credentials.password);
persistenceSync.config(persistence);
//init
sync
var Todo
= persistence.define('todo', {
content: 'TEXT',
done: 'BOOL'
});
Todo.enableSync();
//this create table with sync attribute
//nodejs
module declaration
var
express = require("express");
var app =
express();
//init
express
app.use(express.static(__dirname));
app.use(express.bodyParser());
app.use(function(req,
res, next) {
res.setHeader("Access-Control-Allow-Origin",
"*");
res.setHeader("Access-Control-Allow-Headers",
"Content-Type");
var end = res.end;
req.conn = persistenceStore.getSession();
req.conn.schemaSync();
res.end = function() {
req.conn.close();
end.apply(res, arguments);
};
req.conn.transaction(function(tx) {
req.tx = tx;
next();
});
});
app.get('/todoUpdates', function(req, res) {
console.log(" - get /todoUpdates - " + req.params.uid);
persistenceSync.pushUpdates(req.conn, req.tx, Todo, req.query.since,
function(updates) {
res.send(updates);
});
});
app.post('/todoUpdates', function(req, res) {
console.log(" - post /todoUpdates - " + req.params.uid);
persistenceSync.receiveUpdates(req.conn, req.tx, Todo, req.body,
function(result) {
res.send(result);
});
});
app.get('/markAllDone',
function(req, res) {
Todo.all(req.conn).list(req.tx,
function(todo) {
todo.forEach(function(todo) {
todo.done = true;
});
req.conn.flush(req.tx, function() {
res.send({status: 'ok'});
});
});
});
app.get('/markAllUndone',
function(req, res) {
Todo.all(req.conn).list(req.tx,
function(todo) {
todo.forEach(function(todo) {
todo.done = false;
});
req.conn.flush(req.tx, function() {
res.send({status: 'ok'});
});
});
});
app.listen(process.env.VCAP_APP_PORT
|| 3303);
console.log('--
Server running at http://127.0.0.1:3303/
--');
The Client-Side - Pointing to the
allowed server
Below is
a sample persistence client configured to sync to the crossed domain server.
The example below shows the client-side script changes required to set to a cross domain
server (as highlighted in YELLOW).
Todo.enableSync('http://localhost:3303/todoUpdates');
In Conclusion
By
allowing cross domain access to a persistence data store, constraint on
web-platform to use only the data store within the same site is eliminated.
Thus, all your other web application will be able to use the data store in the web server. This will impact on your web application design (example, single page
application or web-portal). On the other hand, there will be needs to properly secure the web server from unwanted attacks.
The
example of this tutorial can be downloaded here