Geek Answers Handbook

User registration in Couchapp / CouchDB via jquery.couch.js or otherwise

Background

Now I am trying to create an application with couchDB / couchapp that will store constant and important information from the user, and I am stuck on the steps required to register the user using couchapp.

Essentially, I want me to have a simple registration form that users can use to register an account for my application. This entails creating a new user in the couchdb _users database and creating a new database, and the new user has appointed the database administrator role.

All that requires server administrator credentials.

Ideally, I wish I could make a call using one of the jquery.couch.js functions, but there seems to be no safe way to do this. (or is there?)

Question

What is the most efficient but safe way to offload this task to medium-sized software or otherwise?

By effective, I mean the need for the least number of steps for the user, not necessarily the least amount of hassle for me.

As of now, I created a separate node.js server that receives registration requests. My couchDB server admin credentials are stored as supposed private variables in the node server.js file. Then I send POST any request to create db to couchDB using couch-client .

Am I jumping through too many (potential unsafe) hoops here? Is there a better way to ensure a secure registration process?

Thanks.

+8
jquery couchdb couchapp
source share
2 answers

The administrator user must create the database and designate the database administrators.

The dominant answer is great. However, the alternative is to maintain the direct couchapp architecture and run your admin code outside, outside of the user couch.

For example, in NodeJS, connect to CouchDB as an administrator. Request /_users/_changes?feed=continuous&include_docs=true . You will receive a data strong> event in real time when you create users. When you see a new user, create a database and designate it as an administrator.

Client code can query its new database. Or, the client can also request /_users through the COMET _changes feed. In any case, as soon as the browser finds out that the account is configured, you can show it to the user in the user interface.

Proxies (three-layer architecture) are great. They can do nothing. However, I often prefer the CouchDB external agent architecture for two reasons:

  • It's simple. There is one web server. Users connect to CouchDB. You are connecting to CouchDB. Everything in the database. There are fewer configuration and maintenance issues.
  • He is flexible. You can write an external client in any language that works from any server. You write one large application to do everything, or many small applications to focus on one task each (for example, create new databases, send lost passwords to email users, notify you if the database is too large, etc. Etc.).
+4
source share

I used node.js the way you describe. This is no different than using middleware such as PHP to communicate with MySQL. As robust as the CouchDB API, it's still nice to use something else in the middle so you can get content without the need for AJAX. (especially if you need something more complex than a single entity or list of entities)

If you decide to continue working with CouchApp, you will need to use a proxy server to route HTTPS requests to CouchDB itself. ( Nginx and Apache are common examples of this use case) If you cannot use this, there is a wiki article about adding an encryption layer to the client side. I found out on the wiki that built-in SSL support will be added with v1.1 (and is supported in the source trunk)

(Btw, all of these articles I came across through the How-To Guides on the Wiki CouchDB)

+3
source share

More articles:


All Articles