37

I posted a variation of this question to the CouchDB user list and haven't received a response yet.

I'm curious to know if anyone else has built a so-called "CouchApp"; a pure HTML/JavaScript application hosted directly within CouchDB. If so, how did you handle user authentication? I'd like to be able to create a typical login form (username, password) and then use those credentials either against a view or some other mechanism before passing the user along to the application (while storing their (encrypted) user ID in a cookie, presumably).

I'm used to simply proxying through something like couchdb-python and a normal web server, but would like to know any best practices with respect to authenticating users in these kinds of CouchApps.

Edit: A year later, and this is now built into CouchDB. This video is a great demonstration. (Thanks Daniel!)

asked Feb 5, 2009 at 20:14
5
  • 1
    There have been some recent developments with user authentication - check out jchrisa.net/drl/_design/sofa/_show/post/CouchDB-Accounts Commented Jan 28, 2010 at 1:55
  • Cool, I'll definitely check it out. Thanks! Commented Jan 28, 2010 at 15:57
  • 3
    I've done a working demo too that might help some get started - it's based heavily on Chris Anderson's work with Futon: github.com/danielalexiuc/CouchApp-User-Authentication-Demo Commented Feb 1, 2010 at 5:10
  • 2
    +1 For updating us over a year later. Thanks! Commented Apr 2, 2010 at 14:01
  • @Daniel Alexiuc: Thx for the demo. Although it is not doing anything in my browsers:) Commented Apr 13, 2011 at 15:17

2 Answers 2

10

CouchDB has released a simple authentication api but has no in built authentication mechanisms as of yet. The simplest and easiest way to do this is to use an http proxy for authentication. However this has limitations on how much you can restrict access on a per document basis. When CouchDB gets some more support for built-in authentication modules then it should be easier.

If you want to try your hand at coding an authentication module then you can check out the source for the javascript security_validation tests in this file: http://svn.apache.org/repos/asf/couchdb/trunk/share/www/script/couch_tests.js

and the default_authentication_handler in this file here: http://svn.apache.org/repos/asf/couchdb/trunk/src/couchdb/couch_httpd.erl

that would get you started anyway.

answered Feb 8, 2009 at 2:36
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks, I think I'm going to have to try to create my own authentication module at this point.
Is this response still valid?
I don't think this is valid anymore actually. But I haven't run a couchdb server in a while so I'm not 100% certain. You can always check the couchdb website to verify.
8

This question has been around for a while (1.5 years!) and things have matured quite a bit since it was answered. Watch the video above, but it doesn't explain how to build it into your app. It looks like most of the answers are now found here: Security Features Overview and at the end of this document: CouchDB Security.

answered Oct 19, 2011 at 19:04

1 Comment

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.