Can Realm Web SDK be used on the server?

Can Realm Web SDK be used on the server?
We have concerns that realm-web exposes the data in the straightforward way that looks similar to MongoDB query including database and collection names in request payload when used on the client.

Hi Ruslan,

Welcome to the forum.

Short answer is yes - see the README for information on two additional peer dependencies that you need to install to use Realm Web from a Node.js process.

The question is if you want to do this. The main incentive for Realm Web being able to run in a Node.js process is to make it easier to write SSR React apps and to make your components testable. If you want to simply access the data stored in your MongoDB cluster, you have multiple alternatives available for you (besides Realm Web):

Hope this helps.

Hi Kræn,

Thank you for your response! We are aware of different ways to access MonogDB data. However, Realm JS Node SDK is not an option in case of using Next.js/AWS Lambda or similar functions as Realm Node SDK seems to be requiring file system access.

We like the simplicity of Realm Web SDK, but thinking to run it on the server. In this case we do not expose the database details and this seems more secure.

Apologies, if this is a different question and I am happy to edit my answer here and create a new question.
Do you have recommendation on how to set up authentication with Realm App Users in this case? Is it an option to run Realm Web SDK on the client to authenticate and then pass credentials to server requests and use Realm Web on the server to read the data from MongoDB?

Thanks,

Ruslan

I am curious why you see it this way. Realm JS does require fille system access when storing an authenticated users access and refresh tokens. To my knowledge AWS Lambda does provide an ephemeral file system and using Realm JS should be possible in that case too.

Just to make it clear, Realm JS also includes a MongoDB client which allows accessing data without having to use its sync capabilities (which would store data on the filesystem) with an API that should be equivalent to Realm Web.

Generally speaking, a strength of the MongoDB Realm platform, is that it doesn’t need a server component. Not that it wouldn’t work with in a combination with a server component, but it’s not its primary use case.

The Realm Web SDK doesn’t provide a public (dehydrate & hydrate) APIs enabling transferring the access and refresh tokens of an authenticated user from the client to a server. Is this what you’re thinking of?
One alternative might be to enable the API key authentication provider, create an API key on the client-side and pass that to the server which can then authenticate on behalf of the user and make requests.

We are using Realm with NextJS and realm-web seems to work fine. However, realm does not work. Locally I can see that it creates a number of files like sync_metadata.realm, etc in the project folder. It must be doing the same on the server causing this error in Next.js logs:

ERROR Error: make_dir() failed: Read-only file system Path: /var/task/mongodb-realm/

Yes, on the server, we are looking to use just MongoDB access.

Yes, something like that.

Thanks, we will investigate this further.

@kraenhansen

I am trying to experiment with this, but I am not sure how to create an apiKey on the client:

// client
const app = new Realm.App({ id: '<ID>' });
await app.logIn(Realm.Credentials.emailPassword('user@domain.com', 'password'));
await app.currentUser?.apiKeys.create('testKey');
await app.currentUser?.apiKeys.enable('testKey');
const apiKey = await app.currentUser?.apiKeys.fetch('testKey');
// pass apiKey to the server?
// server
const clientKey = getKeyFromClient();
await app.logIn(Realm.Credentials.apiKey(clientKey));
 // invalid API key (status 401)

What is the right way to do that?