Building secure Multi-tenant applications in Elixir
slab.comThis obscure little feature in Ecto/Elixir is something we've been using at Slab.com for about a year. While the blog post only covers the feature itself, I wanted to give a better overview of *WHY* we're using it.
Slab is a multi-tenant Phoenix app where all tables in our database, including pivot tables, have an `org_id` foreign key that references the team the data belongs to. Using association defaults enforces that the correct `org_id` value is automatically set for all resources.
We combine this with an `OrgRepo` module that wraps around our default `Repo`, which can only write or read other resources with the same `org_id`, ensuring that data for one team has no possibility of accidentally leaking to another team (using `Repo` is forbidden in our codebase).
An added bonus is; when we eventually have to scale our databases via something like sharding and have to vertically partition the data based on `org_id`, we would already have this system in place to support us.
I'd be curious how this compares to Ecto.Repo.prepare_query/3 at https://hexdocs.pm/ecto/multi-tenancy-with-foreign-keys.html... which sets you up for foreign key based multi-tenancy that can be enforced automatically in most common cases.
Is your strategy meant to be an alternative to prepare_query?
Not an alternative, but as a companion to it. In our use-case we use a custom `OrgRepo` wrapper around `Repo` which handles a lot more read/write scenarios.