Reputation: 2169
How back-end works with an Angular web app multi user
I am an Angular programmer and I'm approaching to back-end world. I'm curious to know, roughly, how does a back-end that manages application with multiple users, via JWT, works. When I have to retrieve something from database with angular is very simple because it is enough to make a Service in which I enter the url of rest-api... but what happens on the back end when you have many users? Let's say I have a web application with authentication, a TODO list with Date. I imagine that in the DB will be a list with all users. But then how does it work if a user adds, with a form, an event and a date? You create a DB table 'events', one for each user? Or a big 'event' table which contains ALL events of all users?
Upvotes: 0
Views: 932
Answers (2)
Reputation: 6254
Your question doesn't have to do with Angular, and not even about the backend service, so I'll ignore that part. So you are asking about designing multi-tenant data stores.
You create a DB table 'events', one for each user? Or a big 'event' table which contains ALL events of all users?
There is no right or wrong here. It all depends on your needs. Generally, it's a tradeoff between simplicity and isolation. If you talk about a relational database (I get from your wording it is), then you can have a separate DB for every tenant, or a separate schema for every tenant, or a single table with an indexed column. You might even do a separate server for every tenant. All are viable options. The separate DB option is the most isolated, but harder to program. The single table is easier, but data store is shared. I can say that I have worked with customers on designing these kind of solutions and most of the times they choose a separate DB per user.
I recommend reading this article that discusses multi tenant data in SQL Server (however will work for other relational DBs just as well). It is 10 years old but still very relevant.
Of course this decision can also be affected by your data store. If you aren't using RDBMS, then you will have different concepts and features to organize data for example: collections, roles, folders, containers, etc. Also - some data stores have build in tools to handle these requirements. In example - Azure SQL DB has a feature called Row Level Security which makes it easier to manage a single table with a tenant identification column. It also has a concept called Elastic DB Pool and Elastic DB Tools for managing the scenario of separate DB per tenant. I am sure that other products\technologies has comparable features but these are just examples to help me make the point.
Upvotes: 0
Reputation: 41
In the scenario that you described, you would typically have one "event" table that has events for all users. However, the table would also have a column containing the ID of the user that created that event.
When showing the events for a logged in user, you would first verify that the JWT token is valid (note that if even if this verification happens on the client-side, it must also happen on the server-side, for security reasons). If the token is valid, you would retrieve the user ID from the token claims. You'd then use this ID in your database query, so that you only retrieve events that belong to the logged in user.
Upvotes: 1
Related Questions
- JSON Web Token (JWT) : Authorization vs Authentication
- Refresh JWT expired token with Angular 11 interceptor from Spring Boot back end
- Authentication of React native app with express js back end
- Handler "ExtensionlessUrlHandler-Integrated-4.0" has a bad module "ManagedPipelineHandler" in its module list
- Cache invalidation and synchronisation Angular/back-end
- How do you change what gets displayed on a front-end (Angular) view based on properties in your JWT token?
- How to implement JSON web Token in Angular-Express app?
- How to bootstrap an Express / Angular app with a user object?