Tohuwabohu excorcism

User Tools

Site Tools

Trace:
couchbase

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
couchbase [2015/05/07 19:16] – [CouchBase Lite] skipidarcouchbase [2020/12/27 20:35] (current) – external edit 127.0.0.1
Line 1: Line 1:
 +===== CouchBase =====
  
 +==== CouchBase Lite ====
 +
 +
 +=== Authentication ===
 +
 +== Registration of new users ==
 +Creating a User is done via the Admin Port of the REST API: \\
 +http://developer.couchbase.com/mobile/develop/guides/sync-gateway/administering-sync-gateway/authorizing-users/index.html
 +
 +<code>
 +curl -X POST http://localhost:4985/${db}/_user/ -d '{"name":"foo", "password":"bar"}'
 +</code>
 +== Restrict reading the document ==
 +Channels legitimate a user to read documents.
 +A user is legitimated to access a channel.
 +User's documents are marked by channels.
 +
 +== Restrict writing the document to it's owner ==
 +This is done inside the **Sync function**, which is defined during the start of the Sync Gateway 
 +<code>
 +# this required the currently logged in user - to be the sam as mentioned in oldDoc's user property
 +requireUser(oldDoc.user)
 +</code>
 +
 +The write restriction may be defined by:
 +  * rolename
 +  * channel
 +  * username
 +
 +http://developer.couchbase.com/mobile/develop/guides/sync-gateway/sync-function-api-guide/validation/index.html
 +
 +
 +
 +=== Manual Authentication ===
 +
 +     * Your app prompts user for credentials
 +     * Your app directly contacts your app server with these credentials
 +     * Your app server creates a session on the Sync Gateway, which returns a cookie
 +     * Your app server returns this cookie to your app
 +
 +http://wiki.nginx.org/Modules
 +NGinx may be used 
 +  * to implement a reverse Proxy, to protect the connection with SSL
 +  * with embedded PERL
 +  * provide the user registration API
 +
 +
 +==== CouchBase ====
 +The NoSQL Server. Stores data as documents.
 +
 +
 +==== Sync Gateway ====
 +
 +== Glossary ==
 +
 +|DataBase| The database maps to a bucket. A single Sync Gateway may publish buckets as databases. Below the DB **gw** points to the bucket **sync_gateway**|
 +|Server| The server is the storage, where the Sync Gateway will put hte data in. It may be a Couchase Server or a Walrus Server (File System DB)          "server":"C:\Couchbase\Walrus\default.walrus"|
 +
 +<code>
 +{
 +   "log": ["CRUD", "CRUD+", "HTTP", "HTTP+", "Access", "Cache", "Changes", "Changes+"],
 +   "interface":":4984",
 +   "adminInterface":":4985",
 +   "facebook":{
 +      "register":true
 +   },
 +   "databases":{
 +      "gw":{
 +         "server":"http://localhost:8091",
 +         "bucket":"sync_gateway",
 +         "sync":`function(doc) {
 + if (doc._deleted) {
 + requireUser(oldDoc.writers);
 + return;
 + }
 + if (!doc.title || !doc.creator || !doc.writers) {
 + throw({forbidden: "Missing required properties"});
 + } else if (doc.writers.length == 0) {
 + throw({forbidden: "No writers"});
 + }
 + if (oldDoc == null) {
 + requireUser(doc.creator);
 + } else {
 + requireUser(oldDoc.writers);
 + if (doc.creator != oldDoc.creator) {
 + throw({forbidden: "Can't change creator"});
 + }
 + }
 + // add channel with the username to the doc
 + channel ("channel_" + doc.creator);
 +
 + // add access to the channel username to the user
 + access (doc.creator, [doc.creator, "*"]);
 +
 + }`,
 + "users": {
 + "GUEST": {"disabled": true, "admin_channels": ["*"] }
 +   }
 +      }
 +   },
 +  "persona" : {
 +     "origin" : "http://example.com/",
 +     "register" : true
 +  }
 +}
 +</code>
 +
 +
 +== Create user, assign channel==
 +User has to have access to it's own channel, in order to have the ability to read docs.
 +
 +<sxh powershell>
 +# Sync Gateway request:  Create a new user via a direct Sync Gateway request
 +$method = "PUT"
 +$resource = "http://192.168.191.210:4985/gw/_user/skipxxx"
 +$body = "{
 +    ""name"":""skipxxx"",
 +    ""password"":""pass"",
 +    ""admin_channels"":[""channel_skipxxx""],
 +    ""admin_roles"":[""editor""],
 +    ""disabled"":false
 +}"
 +echo $body;
 +Invoke-RestMethod -Method $method -Uri $resource -Body $body -ContentType 'application/json'
 +</sxh>
 +
 +
 +== Create a doc  which is assigned to user's channel==
 +Assigning is done automatically, by the **sync_funcion**, when a user creates a document. see 
 +<code>
 +// add channel with the username to the doc
 +channel ("channel_" + doc.creator);
 +</code>
 +
 +Alternatively the doc may be added by powershell
 +<sxh powershell>
 +# create a document by REST API
 +$now = $(get-date);
 +$resource = "http://192.168.191.210:4985/gw/"
 +$method = "POST"
 +$body = "{
 +    ""type"":""FromConsoleType3"",
 +    ""title"":""Document from Console3"",
 +    ""checked"":""true"",
 +    ""created_at"":""$now"",
 +    ""creator"":""skipxxx"",
 +    ""writers"":[""skipxxx""]
 +}"
 +$securepassword = ConvertTo-SecureString "pass" -AsPlainText -Force
 +$credentials = New-Object System.Management.Automation.PSCredential("skipxxx", $securepassword)
 +Invoke-WebRequest -Uri $resource -Method POST -Credential $credentials -Body $body  -ContentType application/json
 +</sxh>
 +
 +This is how the document may look like
 +
 +<code>
 +{
 +  "_sync": {
 +    "rev": "1-ec4f884fae1ded971b5fbd18f9c07060",
 +    "sequence": 7,
 +    "history": {
 +      "revs": [
 +        "1-ec4f884fae1ded971b5fbd18f9c07060"
 +      ],
 +      "parents": [
 +        -1
 +      ],
 +      "bodies": [
 +        ""
 +      ],
 +      "channels": [
 +        [
 +          "channel_skipxxx"
 +        ]
 +      ]
 +    },
 +    "channels": {
 +      "channel_skipxxx": null
 +    },
 +    "access": {
 +      "skipxxx": {
 +        "skipxxx": 7
 +      }
 +    },
 +    "time_saved": "2015-06-21T11:55:23.1276655-07:00"
 +  },
 +  "checked": "true",
 +  "created_at": "06/21/2015 20:55:17",
 +  "creator": "skipxxx",
 +  "title": "Document from Console3",
 +  "type": "FromConsoleType3",
 +  "writers": [
 +    "skipxxx"
 +  ]
 +}
 +</code>
 +
 +The channels which this doc is assigned to is listed here:
 +<code>
 +    "channels": {
 +      "channel_skipxxx": null
 +    },
 +</code>
 +
 +
 +== Now the docs may be synced  ==
 +The docs may be synced, without setting any channel.
 +Then all available docs will be pulled 
 +<sxh java>
 +        pullReplication = database.createPullReplication(syncUrl);
 +        pullReplication.setContinuous(true);
 +
 +        pushReplication = database.createPushReplication(syncUrl);
 +        pushReplication.setContinuous(true);
 +                
 +        pushReplication.start();
 +        pullReplication.start();
 +</sxh>