I am starting a project and after reading a lot I have come to the conclusion that I should use Sync Gateway REST API calls from mobile AND server (backend) apps, instead of bucket shadowing. However, Sync Gateway is obviously pretty annoying when it comes to doing querying, especially dynamic querying. My idea is to write a little module for backend applications that will use Sync Gateway for writes and the NodeJS SDK for reads. This way I have the ability to use N1QL, views, etc. for gets/queries (instead of doing awkward things with Sync Gateway) and I can be sure that my data is synced properly when writing.
Is my thinking flawed here? Can anyone foresee any issues with this approach?
What’s your reasoning for not using Couchbase Lite on mobile/client apps? If you make REST calls directly to SG you lose the benefit of offline access.
You can definitely implement your own querying by using Couchbase Server views or N1QL. The only thing to keep in mind is that queries will return data from all documents, not just those that should be accessible to the user making the request. This could obviously be a big privacy/security problem, depending on your data model.
The fix for that, which SG’s own public querying API uses, is to preprocess the map function (or query string) to limit the results to documents that are in channels the user has access to. However, I think the only way you can do that check efficiently is to use one of SG’s internal views, which is probably not a good idea…
Thanks for quick response. Sorry if I wasn’t clear. The mobile clients would use Couchbase Lite and the backend server apps would use REST API calls to sync gateway. But both will ultimately go through the gateway so that changes made from the backend are reflected on mobile devices. This would help to avoid the security problems I think? And maybe the backend apps would only have access to certain databases?
Oh! Yes, that’s a better plan than what I thought you said!
Queries made on a mobile device will of course only show data that the user has access to, because the server only sends the client the documents it can access.