top | item 14545869

(no title)

billygoat | 8 years ago

Nice things: simple tool that does one thing well. As mentioned above, it lets the database itself decide on permissions. If you want SSL support, just put it behind an NGINX reverse proxy. It lets you get creative with queries in the query-string part of your url.

Lacking: I didn't really find anything lacking; it was able to do everything I needed. I'm a pretty basic end-user, not an expert. At first I was confounded by the limitation of one schema per PostgREST instance; but that's easy to work with or work around. I created a single "api" schema which contained nothing but views of tables that lived in other places. You can also just run more than one instance of PostgREST if you want to expose more than one schema.

discuss

ruslan_talpa|8 years ago

For your next PostgREST based project you might want to try https://github.com/subzerocloud/postgrest-starter-kit with the aid of https://github.com/subzerocloud/devtools

ruslan_talpa|8 years ago

single schema was discussed before. the idea behind it is that it's a simple mental model (what's in the api schema is accessible to http) so it catches errors like exposing things you don't want to especially since the webdev community is not very big on strict database permissions per role.

One trick though, if you specify the schema as an empty string "" then entities in the query will not be fully qualified, so this will give the search_path the ability to do it's work

ruslan_talpa|8 years ago

Also, exposing ONLY views and stored procedures is the recommended way.