i implementing mobile app android , ios , using gae datastore persistance server side of app. app uses facebook login user authentication. 1 of key aspects of app users can interact each other through app want keep actual facebook-id secret user cannot discover facebook profile of user through app.
my original design using mysql , there had simple implementation of users table table primary key, auto-increment integer served user id app. safely send user id of other users client app, , did not give away information did not want give away. when user logs in, client app performs necessary facebook login procedures , sends facebook access token server. server extract facebook user information token chech if user id exists, if use user row, otherwise create new one.
on sql database works great since consistent, , there no way "miss" fact user in table. when using eventual consistent datastore same idea, ran problem if user logs in first time ever, entry added datastore, if user logs in again shortly after query performing check if "user" entity same facebook-id present query still return no results. leads same facebook id being assosiated 2 different users of app , bad.
(i know seems unlikely scenario, accidentally ran during development)
i thought of few ways mitigate this:
instead of using app user id entity key use facebook id, ensures consistency (since there no index involved in lookup now). imply need use facebook id id app , violates 1 of design principles (the facebook id of other users leak client app).
instead of relying on datastore generated entity key id user, specify id myself, performing sort of deterministic manipulation of facebook user id, such hashing or encrypting it. way can use key perform lookup , no matter how many times same user logs in user id generated same. seems heavy approach correctly. if hash need make sure use hashing algorithm prevent collisions. hash or encryption output long string user id, not bad, keep user id simple long integer value if possible.
accept fact consistent, during log in if find more 1 corresponding entity, delete them , stay one. bad, because if user has performed operations stored on previous entity? have run through data multiple user entities same user , perform sort of merging operation on them. require me run through other entities store user id , change them all.
use memcache store user, make scenario more unlikely, not eliminate entirely. memcache entries can evicted prematurely, , in case swaure one.
what best approach here? there missing? appropriate input.
Comments
Post a Comment