O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Couchbase Mobile 102 – Couchbase Live New York 2015

930 visualizações

Publicada em

Bring your laptops! In this session, you will learn how to build a mobile app using Couchbase Sync Gateway with a live demo. Topics will include: authentication, data partitioning, data access control, and data validation. By the end of this session, you will understand how to add secure sync to your Couchbase Mobile app using Sync Gateway.

Publicada em: Software
  • Seja o primeiro a comentar

Couchbase Mobile 102 – Couchbase Live New York 2015

  1. 1. ©2015 Couchbase Inc. 1 Couchbase Mobile 102: Sync Gateway William Hoang | Mobile Developer Advocate | @sweetiewill
  2. 2. Couchbase Lite
  3. 3. 3 Sync Gateway Couchbase ServerCouchbase Lite
  4. 4. Couchbase Peer to Peer …will be introduced in Couchbase Mobile 103
  5. 5. Intro to Couchbase Sync Gateway
  6. 6. ©2015 Couchbase Inc. 6 Features: Introduction to Sync Gateway Key Mobile Data Security Concerns Security Solutions with Sync Gateway LIVE Demo Overview: How to Add Secure Sync to Mobile Apps
  7. 7. Couchbase Lite Sync Gateway Replication Authentication Data Partitioning Data Access Control
  8. 8. ©2015 Couchbase Inc. 8 Key Mobile Data Security Concerns User Authentication Data Read & Write Access DataTransport on the Wire Data Storage on Device & In the Cloud
  9. 9. ©2015 Couchbase Inc. 9 Key Mobile Data Security Concerns User Authentication Data Read & Write Access DataTransport on the Wire Data Storage on Device & In the Cloud
  10. 10. ©2015 Couchbase Inc. 10 Authentication - Pluggable Public Providers Custom Providers Anonymous Users
  11. 11. ©2015 Couchbase Inc. 11 Authentication – Public Providers Basic Auth Persona
  12. 12. ©2015 Couchbase Inc. 12 Authentication: Public Provider -Facebook { "facebook" : { "register" : false }, "databases": { "grocery-sync": { “server”:”http://cbserver:8091”, “bucket":"grocery-sync", "users": {"GUEST": {"disabled": true}}, "sync":`function(doc) {channel(doc.channels);}` } } }
  13. 13. ©2015 Couchbase Inc. 13 Authentication: Custom Provider [1]: -Authentication [2]: -Valid user Session [3]: -App to Sync Gateway
  14. 14. ©2015 Couchbase Inc. 14 Key Mobile Data Security Concerns User Authentication Data Read & Write Access DataTransport on the Wire Data Storage on Device & In the Cloud
  15. 15. Couchbase Lite Sync Gateway Security Policies Document Level Read Side Permissions Field LevelWrite Side Permissions JavaScript Policy Enforcement { … sync func. .. }
  16. 16. ©2015 Couchbase Inc. 16 Data Access: Sync Function -config file { “sync”:`function(doc,oldDoc) { channel(doc.channels); }` } } }
  17. 17. ©2015 Couchbase Inc. 17 Data Access: Sync Function -Write Permissions { … o requireUser (username) o requireRole (rolename) o requireAccess (channels) o throw() … }
  18. 18. ©2015 Couchbase Inc. 18 Data Access: Sync Function -Read Permissions • channel(…) For documents • access(…) For users -Special Channels • * • !
  19. 19. ©2015 Couchbase Inc. 19 Couchbase Lite Sync Gateway Couchbase Server
  20. 20. ©2015 Couchbase Inc. 20 Grocery Sync App Summary
  21. 21. ©2015 Couchbase Inc. 21 Grocery Sync App Summary
  22. 22. ©2015 Couchbase Inc. 22 Grocery Sync App Summary
  23. 23. ©2015 Couchbase Inc. 23 { "log" : [“*”], "databases": { "grocery-sync": { “server”:”walrus:”, “bucket":"grocery-sync", "users": { "GUEST": { "disabled": false, “admin_channels” : [“*”] } } } } } Sync Gateway: Configure-O -Default -All Channels
  24. 24. ©2015 Couchbase Inc. 24 { ”log" : [“*”], "databases": { "grocery-sync": { “server”:”walrus:”, “bucket":"grocery-sync", "users": { “alice”: { “disabled” : false, “password”: “password”, “admin_channels”:[“*”] }, “bob”: { “disabled” : false, “password”: “password”, “admin_channels”:[“*”] } } } } Sync Gateway: Configure-1 -Create Users -Remove Guest
  25. 25. ©2015 Couchbase Inc. 25 { ”log" : [“*”], "databases": { "grocery-sync": { “server”:”walrus:”, “bucket":"grocery-sync", "users": { “alice”: { “disabled” : false, “password”: “password”, “admin_channels”:[“*”] }, “bob”: { “disabled” : false, “password”: “password”, “admin_channels”:[“*”] } }, “sync” : ‘ function(doc, oldDoc) { //Add placeholder sync function, add custom read/write logic here } ‘ } } } Sync Gateway: Configure-2 -Sync Function -Owner Field
  26. 26. ©2015 Couchbase Inc. 26 { ”log" : [“*”], "databases": { "grocery-sync": { “server”:”walrus:”, “bucket":"grocery-sync", "users": { “alice”: { “disabled” : false, “password”: “password”, “admin_channels”:[“items-alice”] }, “bob”: { “disabled” : false, “password”: “password”, “admin_channels”:[“items-bob”] } }, “sync” : ‘ function(doc, oldDoc) { //Add placeholder sync function, add custom read/write logic here } ‘ } } } Sync Gateway: Configure-3 -Private Channel -Remove *
  27. 27. ©2015 Couchbase Inc. 27 { ”log" : [“*”], "databases": { "grocery-sync": { “server”:”walrus:”, “bucket":"grocery-sync", "users": { “alice”: { “disabled” : false, “password”: “password”, “admin_channels”:[“items-alice”] }, “bob”: { “disabled” : false, “password”: “password”, “admin_channels”:[“items-bob”] } }, “sync” : ‘ function(doc, oldDoc) { channel(“items-”+doc.owner); } //Add item document to owner’s items channel ‘ } } } Sync Gateway: Configure-4 -Document to Channel -Programmatic Access
  28. 28. ©2015 Couchbase Inc. 28 { ”log" : [“*”], "databases": { "grocery-sync": { “server”:”walrus:”, “bucket":"grocery-sync", "users": { “alice”: { “disabled” : false, “password”: “password”, “admin_channels”:[“items-alice”] }, “bob”: { “disabled” : false, “password”: “password”, “admin_channels”:[“items-bob”] } }, “sync” : ‘ function(doc, oldDoc) { requireUser(doc.owner); //The owner of the item document must be the authenticated user channel(“items-”+doc.owner); } ‘ } Sync Gateway: Configure-5 -requireUser -owner property
  29. 29. ©2015 Couchbase Inc. 29 { ”log" : [“*”], "databases": { "grocery-sync": { “server”:”walrus:”, “bucket":"grocery-sync", "users": { “alice”: { “disabled” : false, “password”: “password”, “admin_channels”:[“items-alice”] }, “bob”: { “disabled” : false, “password”: “password”, “admin_channels”:[“items-bob”] } }, “sync” : ‘ function(doc, oldDoc) { if (doc.type == “friends”) { //process new friends document requireUser(doc.owner); //The owner of the friends access(doc.friends, “items-”+doc.owner); channel(“private-”+doc.owner); access(doc.owner, “private-”+doc.owner) } else { requireUser(doc.owner) channel(“items-”+doc.owner); } } ‘ } } Sync Gateway: Configure-6 -DocumentType -Authentication
  30. 30. ©2015 Couchbase Inc. 30 { ”log" : [“*”], "databases": { "grocery-sync": { “server”:”walrus:”, “bucket":"grocery-sync", "users": { “alice”: { “disabled” : false, “password”: “password”, “admin_channels”:[“items-alice”] }, “bob”: { “disabled” : false, “password”: “password”, “admin_channels”:[“items-bob”] } }, “sync” : ‘ function(doc, oldDoc) { if (doc.type == “friends”) { //process new friends document requireUser(doc.owner); //The owner of the friends access(doc.friends, “items-”+doc.owner); channel(“private-”+doc.owner); access(doc.owner, “private-”+doc.owner); } else if (doc.type == “item”) { requireUser(doc.owner) channel(“items-”+doc.owner); } else{ throw({forbidden: “Invalid document type”}); } } ‘ } } Sync Gateway: Configure-7 -throw() -Other DocTypes
  31. 31. ©2015 Couchbase Inc. 31 { ”log" : [“*”], "databases": { "grocery-sync": { “server”:”walrus:”, “bucket":"grocery-sync", "users": { “alice”: { “disabled” : false, “password”: “password”, “admin_channels”:[“items-alice”] }, “bob”: { “disabled” : false, “password”: “password”, “admin_channels”:[“items-bob”] } }, “sync” : ‘ function(doc, oldDoc) { if (doc.type == “friends”) { //process new friends document requireUser(doc.owner); //The owner of the friends access(doc.friends, “items-”+doc.owner); channel(“private-”+doc.owner); access(doc.owner, “private-”+doc.owner); } else if (doc.type == “item”) { requireAccess(“items-”+doc.owner) channel(“items-”+doc.owner); } else{ throw({forbidden: “Invalid document type”}); } } ‘ } } Sync Gateway: Configure-8 -requireAccess -friends
  32. 32. ©2015 Couchbase Inc. 32 { ”log" : [“*”], "databases": { "grocery-sync": { “server”:”walrus:”, “bucket":"grocery-sync", "users": { “alice”: { “disabled” : false, “password”: “password”, “admin_channels”:[“items-alice”] }, “bob”: { “disabled” : false, “password”: “password”, “admin_channels”:[“items-bob”] } }, “sync” : ‘ function(doc, oldDoc) { if (doc.type == “friends”) { //process new friends document requireUser(doc.owner); //The owner of the friends access(doc.friends, “items-”+doc.owner); channel(“private-”+doc.owner); access(doc.owner, “private-”+doc.owner); } else if (doc.type == “item”) { requireAccess(“items-”+doc.owner) if (oldDoc == null) { if (doc.check == true) { throw( {forbidden: “new items cannot be checked”}); } channel(“items-”+doc.owner); } else { throw( {forbidden: “Invalid document type”}); } } ‘ } } Sync Gateway: Configure-9 -oldDoc -doc.check
  33. 33. ©2015 Couchbase Inc. 33 { ”log" : [“*”], "databases": { "grocery-sync": { “server”:”walrus:”, “bucket":"grocery-sync", "users": { “alice”: { “disabled” : false, “password”: “password”, “admin_channels”:[“items-alice”] }, “bob”: { “disabled” : false, “password”: “password”, “admin_channels”:[“items-bob”]} }, “sync” : ‘ function(doc, oldDoc) { if (doc.type == “friends”) { //process new friends document requireUser(doc.owner); //The owner of the friends access(doc.friends, “items-”+doc.owner); channel(“private-”+doc.owner); access(doc.owner, “private-”+doc.owner); } else if (doc.type == “item”) { requireAccess(“items-”+doc.owner) if (oldDoc == null) { if (doc.check == true) { throw( {forbidden: “new items cannot be checked”}); else { if (doc.check != oldDoc.check) { requireUser(doc.owner); } } } channel(“items-”+doc.owner); } else { throw( {forbidden: “Invalid document type”}); } } ‘ } } Sync Gateway: Configure-10 -doc vs oldDoc -requireUser
  34. 34. ©2015 Couchbase Inc. 34 { ”log" : [“*”], "databases": { "grocery-sync": { “server”:”walrus:”, “bucket":"grocery-sync", "users": { “alice”: { “disabled” : false, “password”: “password”, “admin_channels”:[“items-alice”] }, “bob”: { “disabled” : false, “password”: “password”, “admin_channels”:[“items-bob”]} }, “sync” : ‘ function(doc, oldDoc) { if (doc.type == “friends”) { //process new friends document requireUser(doc.owner); //The owner of the friends access(doc.friends, “items-”+doc.owner); channel(“private-”+doc.owner); access(doc.owner, “private-”+doc.owner); } else if (doc.type == “item”) { requireAccess(“items-”+doc.owner) if (oldDoc == null) { if (doc.check == true) { throw( {forbidden: “new items cannot be checked”}); else { if (doc.owner != oldDoc.owner) { throw({forbidden: “Quits Stealing Items”} if (doc.check != oldDoc.check) { requireUser(doc.owner); } } } channel(“items-”+doc.owner); } else { throw( {forbidden: “Invalid document type”}); } } ‘ } Sync Gateway: Configure-11 -doc vs oldDoc -Owner Property
  35. 35. ©2015 Couchbase Inc. 35 User Authentication Data Read & Write Access DataTransport on the Wire Data Storage on Device & In the Cloud Key Mobile Data Security Concerns
  36. 36. ©2015 Couchbase Inc. 36 Security Concerns: DataTransport -On the Wire SSL /TLS Sync Gateway Config
  37. 37. ©2015 Couchbase Inc. 37 Key Mobile Data Security Concerns User Authentication Data Read & Write Access DataTransport on the Wire Data Storage on Device & In the Cloud
  38. 38. ©2015 Couchbase Inc. 38 Security Concerns: Data Storage -On Device -In Cloud File System Encryption Secure Cloud Environment Configure for File System Encryption
  39. 39. ©2015 Couchbase Inc. 39 Getting Started  Documentations on Sync Gateway: bit.ly/sync_gateway  Grocery-Sync-iOS: https://github.com/couchbaselabs/Grocery-Sync-iOS  Sync Gateway Demo: https://github.com/couchbaselabs/  Download bit.ly/couchbase_downloads Sync Gateway
  40. 40. ©2015 Couchbase Inc. 40 Couchbase Peer to Peer – 103 Session
  41. 41. Thank you. @sweetiewill

×