How does this skill handle aggregate pipelines?

It enforces a rule where the first stage of any aggregate pipeline must be a $match stage containing the communityId to filter data before any processing occurs.

What does the Tenancy Enforcer skill do?

It ensures that every MongoDB query, repository method, and service layer logic in the Aegis platform includes a communityId filter to maintain strict multi-tenant data isolation.

Does this skill help with database performance?

Yes, it provides specific index patterns requiring communityId to be the first field in compound indexes, which optimizes query efficiency and logical isolation.

Why is communityId taken from JWT tokens rather than the request body?

Extracting the communityId from a JWT token ensures the value is authenticated and hasn't been forged by an attacker, whereas request bodies can be easily manipulated to access other tenants' data.

Aegis Tenancy Enforcer

Name: Aegis Tenancy Enforcer
Author: muhammadcaeed

bymuhammadcaeed

0•

Gestión de Bases de Datos

Enforces strict multi-tenant data isolation by ensuring communityId filters are applied to all MongoDB operations.

The Aegis Tenancy Enforcer is a specialized security skill designed to prevent cross-tenant data leaks within the Aegis multi-tenant community platform. It provides developers with automated guidance and strict patterns for writing MongoDB queries, repository methods, and service logic, mandating that every database interaction includes a valid communityId. By enforcing the use of communityId from authenticated JWT tokens rather than untrusted request bodies, it ensures logical data isolation and helps maintain high security standards across the backend architecture, including specific requirements for compound indexing and aggregate pipelines.

Características Principales

01Mandatory communityId filtering for all CRUD operations

02JWT-based tenant context enforcement to prevent ID spoofing

03Aggregate pipeline validation ensuring $match stages are correctly placed

040 GitHub stars

05Compound index optimization rules for efficient tenant isolation

06Standardized repository patterns for find, update, and delete methods

Casos de Uso

01Auditing repository code for potential cross-community security breaches

02Designing database schemas and indexes for logical data isolation

03Building secure multi-tenant SaaS platforms with MongoDB and NestJS

Características Principales

01Mandatory communityId filtering for all CRUD operations

02JWT-based tenant context enforcement to prevent ID spoofing

03Aggregate pipeline validation ensuring $match stages are correctly placed

040 GitHub stars

05Compound index optimization rules for efficient tenant isolation

06Standardized repository patterns for find, update, and delete methods

Casos de Uso

01Auditing repository code for potential cross-community security breaches

02Designing database schemas and indexes for logical data isolation

03Building secure multi-tenant SaaS platforms with MongoDB and NestJS