Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

CouchApps and user authentication

Tags:

couchdb

I posted a variation of this question to the CouchDB user list and haven't received a response yet.

I'm curious to know if anyone else has built a so-called "CouchApp"; a pure HTML/JavaScript application hosted directly within CouchDB. If so, how did you handle user authentication? I'd like to be able to create a typical login form (username, password) and then use those credentials either against a view or some other mechanism before passing the user along to the application (while storing their (encrypted) user ID in a cookie, presumably).

I'm used to simply proxying through something like couchdb-python and a normal web server, but would like to know any best practices with respect to authenticating users in these kinds of CouchApps.

Edit: A year later, and this is now built into CouchDB. This video is a great demonstration. (Thanks Daniel!)

like image 554
Ryan Duffield Avatar asked Feb 05 '09 20:02

Ryan Duffield


2 Answers

CouchDB has released a simple authentication api but has no in built authentication mechanisms as of yet. The simplest and easiest way to do this is to use an http proxy for authentication. However this has limitations on how much you can restrict access on a per document basis. When CouchDB gets some more support for built-in authentication modules then it should be easier.

If you want to try your hand at coding an authentication module then you can check out the source for the javascript security_validation tests in this file: http://svn.apache.org/repos/asf/couchdb/trunk/share/www/script/couch_tests.js

and the default_authentication_handler in this file here: http://svn.apache.org/repos/asf/couchdb/trunk/src/couchdb/couch_httpd.erl

that would get you started anyway.

like image 169
Jeremy Wall Avatar answered Sep 24 '22 18:09

Jeremy Wall


This question has been around for a while (1.5 years!) and things have matured quite a bit since it was answered. Watch the video above, but it doesn't explain how to build it into your app. It looks like most of the answers are now found here: Security Features Overview and at the end of this document: CouchDB Security.

like image 27
Mike McKay Avatar answered Sep 26 '22 18:09

Mike McKay