How we developed domain-based access for Basedash

March 14, 2022

Dalyan Parker
Full Stack Developer

As Basedash grows and moves toward serving larger teams and enterprise-level organizations, we found that our customers need a highly secure, yet quick and seamless way to gain authorization to their workspaces.

Here’s that flow:

  1. An Admin user would specify an email domain for their workspace
  2. All users with that domain and with verified emails would automatically be added to the workspace as a member

First, we created a simple UI component that would allow an Admin user to set the email access domain for their workspace. We also ensured that an Admin user could disable domain-based access and remove their saved email access domain, through this same UI component.

With this, a user can simply navigate to the settings page of their workspace, and if they are an Admin of that workspace, this component, which is showed above, would be displayed. We tested all the edge cases and form validation issues, to make sure nothing funky could happen.

After this was complete, we needed to create a simple endpoint that would update the workspace’s access domain, and provide the necessary validations. Below is an example with explanations, leveraging utility functions you can implement with any ORM and tooling.

const updateWorkspaceAccessDomain = async (req: Request, res: Response) => {
	const { userId, workspaceId, accessDomain } = req.body;

	// Get user
	const user = await getUserById(userId);
	// Get workspace
	const workspace = await getWorkspaceById(workspaceId);

	// Check that the accessDomain is valid, otherwise return an Error
	if (!isValidAccessDomain(accessDomain)) {
		return res.status(400).json({ title: 'Access domain is invalid' });
	}

	try {
		// If the access domain is null, this means that the user
		// requested to Remove the access domain / email domain
		if (accessDomain === null) {
			// Remove the access domain
			await removeAccessDomain(workspace);
			// If all goes well return a status of 200!
			return res.sendStatus(200);
		}

		// Update the workspace's access domain
		await updateWorkspaceAccessDomain(workspace);

		// Find all users with the matching access domain
		const usersWithMatchingDomain = await getUsersWithMatchingDomain(
			accessDomain
		);

		// Filter out users who are not already members of the workspace
		const usersToAddToWorkspaces = await getUsersWhoAreNotMembers(
			usersWithMatchingDomain,
			workspace
		);

		// Iterate through array of users who are not already members
		for (const user of usersToAddToWorkspaces) {
			// Add the user as a collaborator member to the workspace
			await addUserAsCollaborator(user, workspace);

			// Send an email notification that they have been added to
			// the workspace as a collaborator member
			await sendAddedToWorkspaceEmailNotification(user);
		}

		// If all goes well return a status of 200!
		return res.sendStatus(200);
	} catch (error) {
		if (error instanceof Error) {
			// Catch and return any errors
			return res.status(400).json({ title: error.message });
		}
	}
};

Perfect! The only thing left to account for is to use this logic when a user verifies their email. This follows the same pattern as previously, but instead we find and iterate through all workspaces that have a matching domain instead of users. Let’s take a look!

const verifyEmail = async (req: Request, res: Response) => {
	const { userId } = req.body;
	const user = await getUserById(user.id);

	// ... verify email logic ...

	// Extract the domain from the user's email
	const accessDomain = extractDomain(user.email);

	try {
		// Get all workspaces with a matching access domain
		const workspacesWithMatchingAccessDomain =
			await getWorkspacesWithMatchingAccessDomain(accessDomain);

		// Filter out workspaces which user is already a member of
		const workspacesToAddUserAsMember = await getWorkspacesWhereUserIsNotMember(
			user,
			workspacesWithMatchingAccessDomain
		);

		// Iterate through array of workspaces to add user as new member to
		for (const workspace of usersToAddToWorkspaces) {
			// Add the user as a collaborator member to the workspace
			await addUserAsCollaborator(user, workspace);

			// Send an email notification that they have been added to
			// the workspace as a collaborator member
			await sendAddedToWorkspaceEmailNotification(user);
		}

		// If all goes well return a status of 200!
		return res.sendStatus(200);
	} catch (error) {
		if (error instanceof Error) {
			// Catch and return any errors
			return res.status(400).json({ title: error.message });
		}
	}
};

And there you have it! This is a high level overview of how built domain-based access ****for workspaces. Yes, there are a lot of validation and security issues we had to address, but those are details it would be unwise to post publicly on the internet, and more importantly, would probably be extremely boring to most readers!

I’ll leave you with something to think about, in the same vein of “if a tree falls in a forest...“ type thought puzzles :

If a workspace gives a team domain-based access but nobody from the team signs up for Basedash, does the team really have domain based access?

My answer is simple. Give Basedash a try for your team! Apart from striving to build well-designed and seamless software, it just breaks our hearts when a workspace gets lonely, especially if that means your databases get lonely—just like people working in tech, they need human friends too!

What is Basedash?

Basedash in 90 seconds

1:52

Get to know what Basedash can do and how it changes traditional internal tools.

5 minute app build

4:59

See a full app that connects to a Postgres database and external API made from scratch.

Basedash Actions

2:39

Extend your database data to interact with internal and external APIs.

Create a
 
app in minutes

Ship your product faster.
Worry about internal tools less.

No credit card required.

More posts like this

A simpler way to make flowcharts in Notion and Github

September 26, 2022

Jeremy Sarchet

Sooner or later in development work, there comes a time where you just need a flowchart. Recently we started using Mermaid, a markdown syntax supported by Notion and Github to document and share and annotate new features in-line rather than having to use a design tool or draw them out by hand.

How to recruit your own users as research participants

September 21, 2022

Tom Johnson

Doing user research is difficult in and of itself, but no matter how good your are at asking the right questions, gathering data, taking insights from research, and putting that data to use, one of the most important parts of user research is finding the right users to talk to in the first place.

Product analytics tools are failing startups

September 14, 2022

Max Musing

Product analytics tools are failing startups. At an early stage (pre-product-market fit), aggregate data is a distraction.The cure? Entity-level data.

Internal tools are a waste of time

September 1, 2022

Tom Johnson

Internal tools take time, resources, effort, and often get very little resources to build, and less to improve and grow over time. Learn how our designer, Tom Johnson, has seen and felt the pain of building internal tools over his career and how Basedash solves those issues.

Best Practices For Product Management of Internal Tools

August 29, 2022

Jordan Chavis

Internal tool product management is identifying a need for, creating, and managing internal tools that will fulfill the needs of multiple people at your company. It's one of the most intimidating product roles in tech startups, but it doesn’t need to be.