We plan web project (accounting software) using PHP for web frontend and MongoDB as database. Also, there will be probably mobile aps for iPhone and Android, possible REST API and more. We need to write middle layer over raw database ("model" in desing pattern MVC or MVP) with as much shared functionality as possible. What is smart way to write middle layer in such a scenario ?
Options we are considering:
1) Write middle layer as PHP library. Plus: super easy connection to PHP frontend, but not so great for other use-cases (mobile aps, REST API...). Edit: also not so great for security and isolation.
2) Write middle layer as server-side executed code on MongoDB server. But they are too many limits limits (db.eval() write lock, one shard only) as well as it seems it not recommended usage of this MongoDB functionality. I was looking for MongoDB extensions which would extend server-side code execution capabilities, but found none.
3) Write middle layer as independent web service, for example in PHP, python or Node.js. Main problem which I see - MongoDB communicate in BSON. Many middle layer functions would do simple MondoDB query. Than they would have to re-encode result in some other serialization standard (since BSON is MongoDB specific) and then send results to client - which seems to me like big waste.
Unless we find better solution, we will probably go for variant 1), but any advice would be really appreciated.
I'll put the answer here that I put on Google Groups.
The second point is not really server-side but more that it runs within the inbuilt JS engine that comes with MongoDB. As you state this would be a terrible way to do this.
The third point wouldn't be so bad, making a single point of entry using PHP or something you would just communicate to it using JSON and the PHP driver to MongoDB would do the hard work for you, no need to worry about BSON. However there are massive security flaws with it, one being that you would need to open an interface which accepts MongoDB queries directly, as such this interface immediately is a black hole in security even if "secured".
In my opinion your not even better off going with the first point since that determines that you must write your own library. Instead I would go for a PHP framework like Kohona or Lithium or Yii. Something like that would probably be your best bet.
I'm writing this is an answer because it's too long for a comment.
With regards to point 1), clearly you don't have an idea of how PHP works, otherwise you would have known that:
$someOtherDbPackage.