giusdp
Ash multi-tenant umbrella app project
I was wondering if it’d make sense and how feasible it is to have a multi-tenant project composed of 2 phoenix apps.
One app is just an API with ash_json_api to serve the end-users, and the other is a dashboard on top of the same database, for the tenants.
The dashboard app with a AshAuthentication set up for the main users (magic link login) and the API app another AshAuthentication setup with email/password.
Both apps use the same database with schema-based multitenancy, but the dashboard also operates on the public schema for the main users (for user creation and login).
This way I could cleanly separate the 2 sides of the system, but then it’d be a mess having to keep in sync the shared domain and resources. In one I’d have to put json api routes and in the other no.
I bet there is something I’m missing and I could be able to derive the 2 apps from the same resources. Right now it’s one single otp_app that offers both json api routes and html dashboard routes. One problem is that Ash authentication is picking up both the main-user and end-user resources when accessing the dashboard (it shows both magic link and email/pass at login, and the conn has both current_user and current_end_user).
I’d like to avoid that. Also what if I need to start scaling and replicate the API? The dashboard side won’t need to scale up, probably , while the api side might receive a lot of traffic. For instance I could have 1 single user that in turn has 1 million end-users. The dashboard is used by 1 and the api is used by 1 million.
So, my question is basically how to organize such project. Would it be possible to separate the project into a multi app monorepo project or an umbrella project where I have:
- 1 otp_app with all the shared domain and resource (with both dashboard-specific actions and json api routes);
- 1 app for the dashboard with the router for the dashboard routes + the main accounts domain and resource with ash authentication on top;
- 1 app for the API which has a very simple router to just redirect to the AshJsonApi Router in the shared app, plus its own end-user domain+resource with another ash authentication.
I didn’t try anything yet and it might be a silly idea that won’t work. I’d like to know from more experienced people how to organize a project like that with ash.
Most Liked
zachdaniel
We often don’t tend to split Ash apps up in that way, but there shouldn’t be any reason you can’t do it ![]()
As for the question about it displaying bot h user resources, IIRC there is an option you can use to restrict which user resources get their authentication strategies displayed. pretty sure its an option in the router code.
zachdaniel
Looks like you’re right, and there is not a way to manually select the resources. I don’t have time to fully test this out myself, but I’ve pushed the changes required to support this to a branch, the PR is here: improvement: allow setting a subset of resources on sign in by zachdaniel · Pull Request #593 · team-alembic/ash_authentication_phoenix · GitHub
You would use this as sign_in_route ...., resources: [A.Specific.Resource]
giusdp
Awesome! I think it will be a nice addition. I believe I saw around the forum other people needing something like this, too. I’ll try the branch out as soon as I can
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








