Horizon - realtime javascript backend

What is Horizon?

Horizon is a product that contains NoSQL RethinkDB database, horizon console utility ( hz ), authorization and ACL, and horizon.js JS client library for working with the database on the client.

In other words: Horizon is a thin backend: the database and the rules for user access to the database at the query level.

What's inside?

RethinkDB

Convenient NoSQL database that can send notifications about changes in collections. On Habré already wrote about it: “ We build real-time web applications with RethinkDB ”.
')
In brief about NoSQL RethinkDB:

• Able to send change notifications via WebSoket (you can filter the list immediately at the database level)
• Able to scale
• Knows how to join
• Powerful query language
• It has a built-in web-interface for monitoring and quick access to data.

Console utility

After installing Horizon, the horizon (or hz ) utility becomes immediately available. With its help you can:

• Initialize a new horizon application
• Run a web server for a horizon application
• Generate SSL certificate for development
• Generate a token for the user
• Download or upload a schema for RethinkDB
• Migrate from old to new version

ACL (Access Control List)

In Horizon, out of the box supports OAuth authentication ( JSON Web Tokens standard), Facebook, Github, Google, Slack, Twitch, Twitter, Auth0 providers are available (the latter allows you to significantly expand this list).

There are several default user groups:

• Not authorized
• Anonymous
• Authorized
• Admin

For each group, you can set up a white list of read / write requests for each collection. In combat mode, each request to the database will be checked against this list, if one of the rules is correct - the request will be executed. The rule is a combination of the usual database query and substitution functions.

Examples of ACL Rules for Requests

Unauthorized users, reading user profiles:

 [groups.unauthenticated.rules.read_profile] template = "collection('users').anyRead()" 

Profile reading by an authorized user:

 [groups.authenticated.rules.read] template = "collection('posts').anyRead()" 

It should be noted that the anyRead() substitution function is used here, which means that you can read any records. The function is not used in real queries.

Updating user profile information:

 [groups.authenticated.rules.upadate_profile] template = "collection('users').upadate({id: userId(), username: any()})" 

It uses two substitution functions userId() and any() . userId() - sets the ID of the currently authorized user. any() - substitutes any data.

How does this work in theory? For example, you want to query the database: update({id: 1, username: 'Bob'}) ; on the database side, all rules are checked, the keys are checked. At the input, the database sees id=1 , according to the rule, the database builds an object with the key id=userId() , tries to compare 1 and userId() . The same operation happens with the username key: it checks “Bob” and any() . In the second case, the function any() allows you to skip any data - just here we checked that the username key is present in the input data. If all is well, the request will succeed.

horizon.js

After launching the web server of the application, the client library /horizon/horizon.js will become available. It allows you to do the following:

• Deploy a WebSoket connection to the RethinkDB database
• Create queries to the database and subscribe to changes in the collection or list of collections
• Perform OAuth authentication and get the current user

Look at the full list of methods here: horizon.io/api/horizon , horizon.io/api/collection .

How it works?

There are several official examples that demonstrate the work of Horizon on the example of a chat ( React , Vue , all examples ).

But these examples do not demonstrate authorization and setting permissions to records, so I collected my own example of Social Feed on Vanilla .

How to deploy?

Everything unfolds simply:

 npm install -g horizon hz init hz-app cd hz-app hz serve --dev 

All installation details can be found here: horizon.io/install and here: horizon.io/docs/getting-started .

For whom?

This product will definitely appeal to those who know JavaScript well and don’t want to waste time on the backend. Horizon is ideal for those who like to make prototypes.

If we talk about applications, then Horizon will probably be interesting:

• Mobile Application / Game Developers
• Developers for PhoneGap applications
• To create interactive SPA-applications (chat rooms, forums)

findings

pros

• Easy to install and get going
• Simple and clear documentation
• Clear API
• Subscribe to collection / aggregate query updates
• WebSoket
• The product is developing dynamically.

Minuses

• No successful examples from life
• Young enough, not much information and problems solved.
• Have questions to support older browsers

In the rest

A good product for prototyping and quick start. Convenient API access to the database. It is possible to configure access to records. Much attention is paid to HTTPS and protection, scaling. Yet it is not clear how Horizon works in real life, there are no successful examples. However, it is clear that the project managed to collect a lot of stars and positive feedback. Maybe you should try in the production?

» Horizon website: horizon.io
» Github: github.com/rethinkdb/horizon
» Horizon videos in English: www.youtube.com/watch?v=ajb_IeXcVw4

Thank you for reading!