Is there a pattern for implementing backend business logic with Thin? As in operations with decisions, more complex queries, input data validation etc. on the backend.
I could think of a couple of approaches/workarounds:
- Create records in a kind of queue table for commands, and have an external service connect to the Thin Postgres instance and processes the commands.
- Set up an external API which provides endpoints for the custom business logic, somehow authenticated as the user in Thin.
But maybe there’s a better way…
Edit: Just spotted the “RSA Private Key” section in the Auth settings page. Does that mean option 2 would work? Can I get hold of a JWT somehow and use that to authenticate against my own API?
The two ways you’ve mentioned are actually both the recommended options.
The first approach was initially a part of Thin. It was called Background Functions and was literally using a table as a queue for running jobs. It was removed as we figured out that a lot of people using Thin already have an API backend (e.g. with nextjs), and for these cases it’s easier to pick the second approach.
Yes, the JWT is using a private/public key pair for exactly that reason. Your API service can use the public key to verify that the JWT is correctly signed and then use the user id specified in the JWT, without needing to reach out to the thin auth service.
Thanks, that’s good to know.
I’m going to try with the first option as it means I don’t have to worry about the security of my own public API.
It does mean I’ll need to implement a mechanism for displaying failures to the user (since every user operation will be asynchronous), but I’ve wanted to try making a fully-asynchronous app for a while.