Jul 06, 2017


Blog Categories

How to Build Secure Database-Driven Applications on Neocities

Neocities’ mission is to “make the web fun again by giving you back control of how you express yourself online.” Their user-friendly platform for creating and hosting web content provides a crucial first step for aspiring designers and programmers. Neocities hosts millions of simple HTML sites, so we thought we would demonstrate how easy it is to use FaunaDB with a single page application deployed to Neocities.

With a secure database that scales from the smallest experiments on the free plan, to powering global brands on the web, the door is open for both beginning and experienced developers to build zero-maintenance apps that can seamlessly transition from “Hello, World!” to worldwide popularity.

FaunaDB Cloud is a great companion for HTML app development, because it has a JavaScript driver that is also available via CDN for browser usage. FaunaDB’s object-level security and user authentication allow you to connect to the cloud database directly from your browser app. Since mobile clients call the same API, no backend changes are required when you add native app support. With pay-as-you-go pricing, you’re only ever charged for actual usage with no upfront investment. Your small experiments can run for free and when one becomes popular, FaunaDB will scale up (and down) for you, remaining fast under pressure. You don’t even need to manually add nodes or other capacity. It’s automatic and continuous.

Getting Started with FaunaDB and Neocities

This example series will show you how a social collaboration app is built with FaunaDB and then deployed to Neocities. We’ll start by installing it locally and running it, then move on to putting it up on Neocities. Or just skip the installation and use our copy running on Neocities here.


In future blog posts, we’ll extend the security model by adding support for inviting others to collaborate on your lists. By doing so, we’ll demonstrate FaunaDB’s native fine-grained access control.

To run your own copy of the app:

1. Start a free trial of FaunaDB by providing your email.
2. Create a database in the dashboard:

  1. Click Create a Database.
  2. Enter the name todomvc-fauna-spa in the text box.
  3. Click Create Database again.

3. Set up two database keys, one for with the server role which is used for setting up the schema, and one with the client role which is used by the browser code for creating new users:

  1. Click ** / ** in the upper left side of the screen.
  2. Click Manage Keys and Create a Key.
  3. Name your key, assign it a server role, and choose the todomvc-fauna-spa database.
  4. Click Create Key.
  5. Your key’s secret will be displayed. Immediately copy it to schema.js
  6. Then repeat the process, assigning this second key the client role and copying the key’s secret into Login.js.

4. Clone the project’s repo here:

git clone https://github.com/fauna/todomvc-fauna-spa.git
cd todomvc-fauna-spa

5. Then install the dependencies:

npm install

6. Run schema.js locally:

node schema.js

7. Build the app bundle for uploading:

npm run build

8. Set up a Neocities site.
9. Upload the project to your new Neocities site by using their Upload button or their command line tool. With the command line tool, run:

cd build/
neocities push .

The neocities command will prompt you to login to your Neocities account and then to upload your site.

Then you’re ready to browse to your new app, sign up, and start tracking your to-dos, all of which are securely stored in a strongly consistent, globally replicated, multi-cloud database: FaunaDB!

We encourage you to tinker with the app! Just make sure to run npm run build after any code changes before updating your Neocities site. If you want to preview your changes, just run npm start for a local server.

Conclusion

We’ll talk more about security in the next few blog posts. The FaunaDB security model is designed for connecting to the database directly from mobile apps and web browsers. All user authentication and fine-grained, object-level access control can be managed by FaunaDB. In some circumstances, this can actually be more secure than relying on middleware for authentication authorization. A native security model is especially useful for applications that directly use the cloud database, and it can also enhance existing security mechanisms through defense-in-depth, where access control can be enforced at all layers of the stack.