CODEWITHSUNDEEP
javascriptnode.jsmongodbdatabase
Yogev Levy
Yogev Levy

Reputation: 335

What is the right way to manage connections to mongoDB, using node?

I'm using node.js and mongoDB. Right now, for my test app, the connection to the db is in the main node file, but I guess this is a wrong practice. What I want/need: a secure way (i.e. not storing password on files users can access) to connect to the db just when needed.

For example: I want several admin pages (users, groups, etc..). Each page should connect to the db, find some data, and display it. It also have a form for adding a document to the db and a delete option.

I thought maybe to create some kind of a connection function - send it what you want to do (add, update, find, delete), to where (collection name) and whatever it needs. But I can't just include this function, because then it'll reveal the password to the db. So what can I do?

Thanks!

Upvotes: 0

Views: 201

Answers (1)

Avaq
Avaq

Reputation: 3031

I'm going to answer your question bit by bit.

Right now, for my test app, the connection to the db is in the main node file

This is fine, though you might want to put it in a separate file for easier reuse. NodeJS is a continuesly running process, so in theory you could serve all of your HTTP responses using the same connection to the database. In practice you'd want to create a connection pool, but the Mongodb driver for NodeJS already does this automatically.

Each page should connect to the db, find some data, and display it.

When you issue a query on the MongoDB driver, it will automatically use a connection from its internal connection pool, as long as you gave it the credentials when your application was starting up.

What I want/need: a secure way (i.e. not storing password on files users can access) to connect to the db just when needed.

I would advice to keep your application configuration (any variables that depend on the environment in which the app is running) in a separate file which you don't commit to your VCS. A module like node-config can help a great deal with that.

The code you will end up with, using node-config, is something like:

config/default.json:

{
  "mongo": null
}

This is the default configuration file which you commit.

config/local.json:

{
  "mongo": "mongo://user:pass@host:port/db"
}

The local.json should be ignored by your VCS. It contains secret sauce.

connection.js:

var config = require('config');
var MongoClient = require('mongodb').MongoClient;
var cache;

module.exports = function(callback){
  if(cache){
    return callback(cache);
  }
  MongoClient.connect(config.get('mongo'), function(err, db){
    if(err){
      console.error(err.stack);
      process.exit(1);
    }
    cache = db;
    callback(db);
  });
}

An incomplete example of how you might handle reusing the database connection. Note how the configuration is gotten using config.get(*). An actual implementation should have more robust error handling and prevent multiple connections from being made. Using Promises would make all that a lot easier.

index.js:

var connect = require('./connection');
connect(function(db){
  db.find({whatever: true})
});

Now you can just require your database file anywhere you want, and reuse the same database connection, which handles pooling for you and you don't have your passwords hard-coded anywhere.

Upvotes: 2

Related Questions