Cloud database is one of the core features provided by CloudBase, offering basic read and write, aggregation search, database transactions, real-time push, and other features.
Basic Concept
<Record / Document>
Cloud database is a document-oriented database, where each record in the database is an object similar to JSON format, for example:
{"name": "Tom","age": 18,"location": {"country": "China","province": "Guangdong","city": "Shenzhen"}}
Collection
A collection consists of multiple records, and any record must belong to a collection.
A collection is the main object of read and write operations, and each collection has a collection name, such as users, articles, etc.
Database
Each TCB environment has one and only one database instance, and multiple collections can be created within the database instance.
Call Method
Cloud database can be called from the user end (e.g., web pages, mini programs) or from the Server-side (e.g., servers, Serverless Cloud Function).
User End Call
When calling from the user end, you need to first perform login authentication for cloud development, and then perform read and write operations on the database as the user.
Note:
Code at the user end, such as web pages, can be exposed to the outside. Attackers might capture, forge requests to unauthorizedly use or consume your CloudBase resources. Therefore, we provide a Login Authentication mechanism at the user end to protect the security of your resources.
const cloudbase = require("@cloudbase/js-sdk");const app = cloudbase.init({env: "xxxx"});/**Login authentication process, code omitted, please refer to:https://cloud.tencent.com/document/product/876/41728*/// 1. Obtain a database referencevar db = app.database();// 2. Construct a query statementdb// The collection() method obtains a reference to a collection.collection("books")// The where() method takes a query object, and the database returns JSON documents in the collection where the field equals the specified value..where({name: "The Catcher in the Rye"})// The get() method triggers a network request to fetch data from the database.get().then(function (res) {console.log(res);// Output [{ "name": "麦田里的守望者", ... }]});
// 1. Obtain a database referenceconst db = wx.cloud.database();// 2. Construct a query statementdb// The collection() method obtains a reference to a collection.collection("books")// The where() method takes a query object, and the database returns JSON documents in the collection where the field equals the specified value..where({name: "The Catcher in the Rye"})// The get() method triggers a network request to fetch data from the database.get().then(function (res) {console.log(res);// Output [{ "name": "The Catcher in the Rye", ... }]});
Server-Side Call
When calling from the Server-side, you need to fill in the Tencent Cloud keys (SecretID and SecretKey) in the SDK initialization parameter, and then perform read and write operations on the database as an admin.
Note:
When using the Server-side SDK within CloudBase SCF, developers do not need to enter Tencent Cloud keys to use the service.
const cloudbase = require('@cloudbase/node-sdk')const app = cloudbase.init({})// 1. Obtain a database referencevar db = app.database();exports.main = async (event, context) => {// 2. Construct a query statementconst res = await db// The collection() method obtains a reference to a collection.collection("books")// The where() method takes a query object, and the database returns JSON documents in the collection where the field equals the specified value..where({name: "The Catcher in the Rye"})// The get() method triggers a network request to fetch data from the database..get()return {res}}
Permission Control
As mentioned above, the user end and Server-side call the cloud database with different identities and permissions.
Server-Side Call
On the Server-side, the cloud database is called as an admin, with permissions to read, write, modify, and delete any data. Therefore, the Server-side is also called the management end.
User End Call
On the user end, after performing login authentication, the cloud database is called as the current user, controlled by database permissions.
The cloud database supports four basic database permissions as follows:
Permissions | Description | Use Cases |
Only the creator can write, everyone can read | Data is writable only by the creator, readable by everyone | Culture and entertainment, public comments |
Readable and writable only by the creator | Data is readable and writable only by the creator, not readable or writable by other users | Private albums, private user data |
Writable only by the management end, readable by everyone | This data is writable only by the management end, readable by everyone | Product information, configuration information |
Readable and writable only by the management end | This data is readable and writable only by the management end | Data not exposed externally |
For example, when the database permission is set to Only the creator can write, everyone can read, calls from the user end can only modify or delete data of the current user identity, but can read data created by other users.
Note:
In some complex scenarios, if Basic Permission Control does not meet your needs, you can use Custom Security Rules to set permissions by writing rule statements.
Special Fields
_id Field
In the cloud database, each record has an
_id field as the unique identifier of the data, which will be automatically generated when inserting a record. You can also use a custom _id, but it must ensure global uniqueness._openid Field
Each record possibly contains an
_openid field to identify the creator of the record, which will be automatically generated based on the user identity when inserting a record.Call Source | _openid Meaning |
WeChat Mini Program | User's WeChat OpenID |
Web SDK | User's cloud development Uid |
Note:
Records created on the server-side (e.g., SCF) or management end (e.g., console) will not automatically generate the
_openid field, as these are records created by Admins and do not belong to any specific user.