Storing sensitive information in a database without encryption is not a good thing, but have you ever done in on accident due to bugs in your application code or a misconfiguration in your database? What if there was a way to receive notifications anytime something sensitive was detected so that immediate action could be taken?
We’re going to see how to leverage the Couchbase Eventing service to write JavaScript functions that will detect changes in documents as they happen. In particular, we’re going to see if social security numbers are popping up in documents, when they shouldn’t be.
Going forward, it is important to note that this is just one of many possible use cases when it comes to eventing in 카우치베이스. The Eventing service is available as of 카우치베이스 서버 5.5 which has just been released.
Please note, the N1QL construct is still in Development. This feature is intended for Development purposes only and should not be used in Production environments.
Creating a RESTful API with Node.js and Express Framework
In this example we won’t actually be sending notifications. That is a whole new can of worms. Instead we’re going to create a sample API that the database will ping every time a function is triggered. This API will print out a message, but in reality you’d have it send out a push notification or email.
Create a new directory somewhere on your computer and execute the following from within that directory:
|
1 |
npm init -y |
The above command will create a new Node.js project, more specifically a package.json file. Our API won’t need to use Couchbase for this example, but we will need a framework for receiving HTTP requests.
Within the project, execute the following command:
|
1 |
npm 설치 express body-파서 --저장 |
The above command will install Express as well as a middleware for accepting request bodies in JSON format.
Now create an app.js file within your project and include the following JavaScript code:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
const Express = require("express"); const 바디파서 = require("body-parser"); var 앱 = Express(); 앱.사용(바디파서.json()); 앱.사용(바디파서.urlencoded({ 확장: true })); 앱.post("/notify", (요청, 응답) => { 콘솔.로그("POST /notify"); 에 대한(키 in 요청.body) { 만약(요청.body.hasOwnProperty(키)) { 콘솔.로그(JSON.parse(키)); } } 응답.보내기("sent"); }); var 서버 = 앱.듣기(3000, () => { 콘솔.로그("듣기..."); }); |
The emphasis of this tutorial is not creating an API with Node.js so I won’t go too much into it. Essentially we’re setting up a single API endpoint, parsing the data that comes in, and are printing it out to the console. This can be done with any technology, not specific to Node.js and in reality you’d probably be sending out some kind of message when the endpoint is triggered.
Now we can focus on what matters, the functions for Couchbase Server.
Creating a Function to Listen for NoSQL Document Changes
Like I said previously, the Eventing service is available as of Couchbase 5.5, which has just been released.
To be successful with the Eventing service as of now, you’ll need two Buckets.
In my example, I have an 예제 Bucket and an example-eventing Bucket. Both are standard Buckets, but one will be used to store metadata.
Since we’ll be making requests from Couchbase Server to our notification API, we need to configure a whitelist because by default, no requests can leave Couchbase Server for security reasons.
에서 설정 area of the Couchbase dashboard, look for the Advanced N1QL Settings section. I’m running both Couchbase and the API locally, so I would just need to add the host and port. Your settings might be slightly different.
Now we can go ahead and create the function that will keep an eye out for sensitive data.
When adding a new function, fill out the information to match your Bucket details. The logic to drive the function will come next.
With the function available, we want to edit the JavaScript. By default, you should see something similar to the following:
|
1 2 3 4 5 |
함수 온업데이트(doc, 메타) { 로그('document', doc); } 함수 OnDelete(메타) { } |
Our goal is to trigger a function when a document is updated, rather than deleted. A number of things will need to happen.
- Check to see if we’ve created or altered a
사람문서. - Look at the
ssnproperty of the document and see if a regular expression can validate it as a social security number. - Send out a cURL request to an API.
The code explaining the above steps can be seen below:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
함수 온업데이트(doc, 메타) { 로그('document', doc); 만약(doc.유형 == 'person') { var isSSN = /^(?:\d{3}-\d{2}-\d{4}|\d{2}-\d{7})$/; 만약(isSSN.테스트(doc.ssn)) { var http = 선택 CURL( "http://localhost:3000/notify", { "요청": "POST", "header": "application/json", "데이터": $메타 } ); http.실행 쿼리(); 로그('ssn', 'sending notification for raw ssn') } } } |
Notice that we are using a N1QL query to issue the cURL request. It isn’t the only way, but it is an option which can be read about in the N1QL documentation.
In our example, rather than sending the document itself to our API and further exposing the social security number, we send the meta information which includes the document key. Then the recipient can just look for the document based on the key.
결론
You just saw how to use the Couchbase Eventing service to create functions and detect sensitive information such as social security numbers. You can create functions to alter data within the database or to send notifications like demonstrated in this example.
If you’re interested in learning more about the Eventing service, check out the documentation via the 카우치베이스 개발자 포털 또는 new service announcement here. Learn about other features available in the Couchbase Server 5.5 release.
