Search code examples
javascriptnode.jsenvironment-variablesexpress-session

Have multiple production environment for multiple customers in NodeJS Server

After researching a lot I can't find anything similar to help me solve this problem.

I have a Node server, with several environments (dev, test, demo, prod). This server is deployed in production on a Linux server, via a service.

I need to be able to have several production environments for several different customers.

Example: I have 2 urls: https://customer1.com and https://customer2.com. The code of these two clients are identical, only the url changes.

For the server, it must be able to recognize which client is sending it a request, because the data to be sent back to the client is not the same. The customer1 will have its database on a different url than that of customer2. The server will therefore have to make the distinction in order to return only the data concerning the client making the request.

My question: how to achieve this? I would like to avoid deploying 1 server per client, which I know would be simpler, but less maintainable.

Currently, I am using Express-Session to define environments. In fact, I have a middleware which will look in mysql for the environment variables of each client:

 con.connect(function(err) {
      if (err) throw err;
      con.query(`SELECT * FROM environments WHERE CLIENT_URL = '${req.headers.origin}'`, function(err, result) {
        if (err) throw err;
        delete result[0].ID;
        for (var prop in result[0]) {
          req.session[prop] = result[0][prop];
        }
        next();
      });
      con.end();
    });

It seems to work but it doesn't seem very stable or very reliable to me, am I wrong?

What better can I use to separate the data so that there is no customer1 that can receive the data from customer2?

Thank you for your help!

Solution

  • Following all comments under your original post, you need to do something like this:

    SELECT * FROM environments WHERE CLIENT_URL = '${req.headers.origin}' AND CUSTOMER_NAME 
LIKE yourUserCustomerFromSession

    Before, any user could query data for any customer as long as they use the URL for that customer, now this is no longer possible.

    Even better way of doing it, if you don't want to hold the Client name in the session, you can do 2 queries - the first one to get the Client name for the logged in User and the second one similar to the code above:

    SELECT * FROM environments WHERE CLIENT_URL = '${req.headers.origin}' AND 
CUSTOMER_NAME LIKE theClientNameYouJustGotForTheLoggedInUser