Can Realm Web SDK be used on the server?

rkazakov · January 21, 2021, 12:53pm

Can Realm Web SDK be used on the server?
We have concerns that realm-web exposes the data in the straightforward way that looks similar to MongoDB query including database and collection names in request payload when used on the client.

kraenhansen · January 21, 2021, 1:24pm

Hi Ruslan,

Welcome to the forum.

Short answer is yes - see the README for information on two additional peer dependencies that you need to install to use Realm Web from a Node.js process.

The question is if you want to do this. The main incentive for Realm Web being able to run in a Node.js process is to make it easier to write SSR React apps and to make your components testable. If you want to simply access the data stored in your MongoDB cluster, you have multiple alternatives available for you (besides Realm Web):

Realm JS (the official Node.js SDK for MongoDB Realm)
The Node.js MongoDB driver connecting directly to the cluster
or the driver connecting via the Realm Application services (which ensures the access rules of the user requesting is applied).

Hope this helps.

rkazakov · January 22, 2021, 12:53pm

Hi Kræn,

Thank you for your response! We are aware of different ways to access MonogDB data. However, Realm JS Node SDK is not an option in case of using Next.js/AWS Lambda or similar functions as Realm Node SDK seems to be requiring file system access.

We like the simplicity of Realm Web SDK, but thinking to run it on the server. In this case we do not expose the database details and this seems more secure.

Apologies, if this is a different question and I am happy to edit my answer here and create a new question.
Do you have recommendation on how to set up authentication with Realm App Users in this case? Is it an option to run Realm Web SDK on the client to authenticate and then pass credentials to server requests and use Realm Web on the server to read the data from MongoDB?

Thanks,

Ruslan

kraenhansen · January 22, 2021, 2:21pm

I am curious why you see it this way. Realm JS does require fille system access when storing an authenticated users access and refresh tokens. To my knowledge AWS Lambda does provide an ephemeral file system and using Realm JS should be possible in that case too.

Just to make it clear, Realm JS also includes a MongoDB client which allows accessing data without having to use its sync capabilities (which would store data on the filesystem) with an API that should be equivalent to Realm Web.

Generally speaking, a strength of the MongoDB Realm platform, is that it doesn’t need a server component. Not that it wouldn’t work with in a combination with a server component, but it’s not its primary use case.

The Realm Web SDK doesn’t provide a public (dehydrate & hydrate) APIs enabling transferring the access and refresh tokens of an authenticated user from the client to a server. Is this what you’re thinking of?
One alternative might be to enable the API key authentication provider, create an API key on the client-side and pass that to the server which can then authenticate on behalf of the user and make requests.

rkazakov · January 26, 2021, 12:41pm

We are using Realm with NextJS and realm-web seems to work fine. However, realm does not work. Locally I can see that it creates a number of files like sync_metadata.realm, etc in the project folder. It must be doing the same on the server causing this error in Next.js logs:

ERROR Error: make_dir() failed: Read-only file system Path: /var/task/mongodb-realm/

Yes, on the server, we are looking to use just MongoDB access.

Yes, something like that.

Thanks, we will investigate this further.

rkazakov · January 28, 2021, 11:12am

@kraenhansen

I am trying to experiment with this, but I am not sure how to create an apiKey on the client:

// client
const app = new Realm.App({ id: '<ID>' });
await app.logIn(Realm.Credentials.emailPassword('user@domain.com', 'password'));
await app.currentUser?.apiKeys.create('testKey');
await app.currentUser?.apiKeys.enable('testKey');
const apiKey = await app.currentUser?.apiKeys.fetch('testKey');
// pass apiKey to the server?

// server
const clientKey = getKeyFromClient();
await app.logIn(Realm.Credentials.apiKey(clientKey));
 // invalid API key (status 401)

What is the right way to do that?

Jesse_Beckton · May 26, 2022, 5:11am

I realize this topic is over a year old but trying to use Realm with an app that requires SSR does not work. Even after installing the additional packages in order to use realm-web in node. The only way I can get Realm to work with Next.js is to use a wacky architecture that makes it difficult for me to reuse code between web and node executions. In a world where everyone is doing SSR, Realm is alienating developers because of the need for separate SDK’s. Look at all the successful JAMStack databases available today, they all have one js SDK for both node and browser.

I’m just about ready to punt on this MongoDB idea and switch to something that is more friendly to modern tech. I’ve wasted way too much time on this already.

As for any Angular developers looking to use Realm in your SSR app, don’t even bother.

Alexandru_Tocar · June 11, 2022, 7:48pm

Have you managed to find a solution? I have tried to follow your path, but unfortunately, no progress. It seams that you can obtend the key secret only at time of creating. It is, however, solvable. You can delete the key and create it again. But does it make sense? I think it is easier to implement the authentication from ground with sessions approach, then setting up crutches.

Alexandru_Tocar · June 11, 2022, 9:26pm

Hello, I am currently trying to solve the authentication for a Remix app that will be hosted via Cloudflare Pages. As such, I have no choice, but to use the Realm Web SDK. And it is perfectly fine, until the very essential part of the application: user authentication. The thing with Remix is that, after the principles of SSR, it pre-fetches data on the server side, and sends the user already hadryted html page. It means that everything database related must happen on the server “on behalf of user”. Well, I get it, whenever there is something on behalf of user, we use API Keys Authentication. With previous answers I got so far. Now, because I switched to Realm Authentication for the very reason of not having to deal with complicated authentication flows, I have a consideration about how I proceed with the idea of User API Keys.

Let’s say, I have logged in my user via Web SDK on the front end. How do I communicate my user authentication to my server-side function? Is it even possible?

work_state · February 5, 2024, 3:44pm

@rkazakov If you’ve found a solution or workaround to communicate user authentication from the client-side to server-side effectively, could you share your insights? It seems many of us are navigating similar issues

I’ve been experimenting with a use case to handle auth in SSR mode for my app, but encountered an issue where logging in on one device causes an automatic login on a completely separate device. If you’ve discovered any solutions or methods to manage user authentication across client and server sides without this cross-device session sharing, could you share your approach? Your insights could be incredibly valuable for those of us facing similar hurdles. Thank you.

For context, here’s my auth implementation with realm-web on GitHub:

and you can see the live behavior here:
https://realm-app-git-master-gamingmab.vercel.app/

work_state · February 5, 2024, 3:47pm

@Alexandru_Tocar
Hello, have you discovered a method using only the Realm SDK to seamlessly share user session information between the client-side and server-side, without implementing custom solutions outside of Realm’s capabilities?