Mongalayer

Getting Started

Introduction

Mongalayer is a type-safe MongoDB access layer for TypeScript applications with role-based access control.

What is Mongalayer?

Mongalayer is an abstraction layer between a MongoDB database and a TypeScript (JavaScript) client. It consist of a server @mongalayer/server package and client @mongalayer/client. The server package is responsible for validating schemas, enforcing access rules, and executing MongoDB operations. The client package is a lightweight HTTP client that communicates with the server.

It was created as a self-hosted replacement after MongoDB Atlas App Services deprecation, specifically its Data Model / Data Access Permissions parts and the ability to query MongoDB collections from a client application as you would in a Node.js environment.

It provides:

  • Schema validation using Zod to ensure data integrity
  • Role-based access control at the document and field level
  • Full type safety from server to client
  • A client SDK with a familiar API that mirrors the server-side MongoDB methods

Use case

Mongalayer is designed for basic CRUD applications where access control and data integrity matter more than raw throughput. It is a good fit for admin panels, content management systems, multi-tenant platforms, and similar applications.

Mongalayer is not intended for high-performance write scenarios. All operations incur overhead due to access control checks. If you need maximum write throughput without access control, use the MongoDB driver directly via a custom implementation. Check out the performance section for tips on optimizing Mongalayer performance.

Architecture

Mongalayer utilizes the MongoDB Node.js driver to communicate with MongoDB. It does not handle authentication or authorization of incoming HTTP requests — that is your responsibility. Instead, Mongalayer focuses on data access control: once a request reaches Mongalayer, it determines what data the caller can read, create, update, or delete based on the access definitions you configure.

┌─────────────────────────┐       ┌──────────────────────────┐       ┌───────────┐
│  Client App             │ ────> │  API Endpoint            │ ────> │  MongoDB  │
│  (+ @mongalayer/client) │ <──── │  (+ @mongalayer/server)  │ <──── │           │
└─────────────────────────┘       └──────────────────────────┘       └───────────┘

Packages

Mongalayer is published under the @mongalayer scope with two packages:

General requirements

  • TypeScript 5+ (recommended)
  • Zod 4+

@mongalayer/server

The core server-side library. Initializes the Mongalayer instance, validates schemas, enforces access rules, and executes MongoDB operations.

Requirements

  • Node.js 22+
  • MongoDB Node.js driver 7+

@mongalayer/client

A lightweight HTTP client SDK that communicates with a Mongalayer server. Works in any JavaScript runtime with fetch.

Requirements

  • JavaScript environment supporting fetch

Installation

Install Mongalayer and its peer dependencies.

Copyright © 2026