CouchApps and user authentication

Question

I posted a variation of this question to the CouchDB user list and haven't received a response yet.

I'm curious to know if anyone else has built a so-called "CouchApp"; a pure HTML/JavaScript application hosted directly within CouchDB. If so, how did you handle user authentication? I'd like to be able to create a typical login form (username, password) and then use those credentials either against a view or some other mechanism before passing the user along to the application (while storing their (encrypted) user ID in a cookie, presumably).

I'm used to simply proxying through something like couchdb-python and a normal web server, but would like to know any best practices with respect to authenticating users in these kinds of CouchApps.

Edit: A year later, and this is now built into CouchDB. This video is a great demonstration. (Thanks Daniel!)

Answer 1

CouchDB has released a simple authentication api but has no in built authentication mechanisms as of yet. The simplest and easiest way to do this is to use an http proxy for authentication. However this has limitations on how much you can restrict access on a per document basis. When CouchDB gets some more support for built-in authentication modules then it should be easier.

If you want to try your hand at coding an authentication module then you can check out the source for the javascript security_validation tests in this file: http://svn.apache.org/repos/asf/couchdb/trunk/share/www/script/couch_tests.js

and the default_authentication_handler in this file here: http://svn.apache.org/repos/asf/couchdb/trunk/src/couchdb/couch_httpd.erl

that would get you started anyway.

Answer 2

This question has been around for a while (1.5 years!) and things have matured quite a bit since it was answered. Watch the video above, but it doesn't explain how to build it into your app. It looks like most of the answers are now found here: Security Features Overview and at the end of this document: CouchDB Security.