What if I run my matrix server as something behind a hidden server and just talk to postgres directly? I can skip pretending like I acre about anything other than the database. Http apis are just
in the way compared to raw SQL
@mauve Yeah this thing where we put a web server in front of every database and just use it to make database queries is ridiculous. There is a similar problem where you want to use an API, but you have to pass it through your own web server first in order to preserve your secrets. What we really need is something more akin to an authentication-injecting proxy. Web servers also often do other stuff like validation, but the db could do that.
@brandon Yeah! Also a lot of DBs already have fancy access control features in place which could be used. I think couch db was made for the "access the db directly" use case but I think it ended up not being as fine grained as I'd like, especially for sparse replication use cases.
Really not a fan of needing servers for APIs. Lately I find it especially annoying when ActivityPub impls have CORS.
