couchbase
Table of Contents
CouchBase
CouchBase Lite
Authentication
Registration of new users
Creating a User is done via the Admin Port of the REST API:
http://developer.couchbase.com/mobile/develop/guides/sync-gateway/administering-sync-gateway/authorizing-users/index.html
curl -X POST http://localhost:4985/${db}/_user/ -d '{"name":"foo", "password":"bar"}'
Restrict reading the document
Channels legitimate a user to read documents. A user is legitimated to access a channel. User's documents are marked by channels.
Restrict writing the document to it's owner
This is done inside the Sync function, which is defined during the start of the Sync Gateway
# this required the currently logged in user - to be the sam as mentioned in oldDoc's user property requireUser(oldDoc.user)
The write restriction may be defined by:
- rolename
- channel
- username
Manual Authentication
- Your app prompts user for credentials
- Your app directly contacts your app server with these credentials
- Your app server creates a session on the Sync Gateway, which returns a cookie
- Your app server returns this cookie to your app
http://wiki.nginx.org/Modules NGinx may be used
- to implement a reverse Proxy, to protect the connection with SSL
- with embedded PERL
- provide the user registration API
CouchBase
The NoSQL Server. Stores data as documents.
Sync Gateway
Glossary
| DataBase | The database maps to a bucket. A single Sync Gateway may publish buckets as databases. Below the DB gw points to the bucket sync_gateway |
| Server | The server is the storage, where the Sync Gateway will put hte data in. It may be a Couchase Server or a Walrus Server (File System DB) “server”:“C:\Couchbase\Walrus\default.walrus” |
{
"log": ["CRUD", "CRUD+", "HTTP", "HTTP+", "Access", "Cache", "Changes", "Changes+"],
"interface":":4984",
"adminInterface":":4985",
"facebook":{
"register":true
},
"databases":{
"gw":{
"server":"http://localhost:8091",
"bucket":"sync_gateway",
"sync":`function(doc) {
if (doc._deleted) {
requireUser(oldDoc.writers);
return;
}
if (!doc.title || !doc.creator || !doc.writers) {
throw({forbidden: "Missing required properties"});
} else if (doc.writers.length == 0) {
throw({forbidden: "No writers"});
}
if (oldDoc == null) {
requireUser(doc.creator);
} else {
requireUser(oldDoc.writers);
if (doc.creator != oldDoc.creator) {
throw({forbidden: "Can't change creator"});
}
}
// add channel with the username to the doc
channel ("channel_" + doc.creator);
// add access to the channel username to the user
access (doc.creator, [doc.creator, "*"]);
}`,
"users": {
"GUEST": {"disabled": true, "admin_channels": ["*"] }
}
}
},
"persona" : {
"origin" : "http://example.com/",
"register" : true
}
}
Create user, assign channel
User has to have access to it's own channel, in order to have the ability to read docs.
# Sync Gateway request: Create a new user via a direct Sync Gateway request
$method = "PUT"
$resource = "http://192.168.191.210:4985/gw/_user/skipxxx"
$body = "{
""name"":""skipxxx"",
""password"":""pass"",
""admin_channels"":[""channel_skipxxx""],
""admin_roles"":[""editor""],
""disabled"":false
}"
echo $body;
Invoke-RestMethod -Method $method -Uri $resource -Body $body -ContentType 'application/json'
Create a doc which is assigned to user's channel
Assigning is done automatically, by the sync_funcion, when a user creates a document. see
// add channel with the username to the doc
channel ("channel_" + doc.creator);
Alternatively the doc may be added by powershell
# create a document by REST API
$now = $(get-date);
$resource = "http://192.168.191.210:4985/gw/"
$method = "POST"
$body = "{
""type"":""FromConsoleType3"",
""title"":""Document from Console3"",
""checked"":""true"",
""created_at"":""$now"",
""creator"":""skipxxx"",
""writers"":[""skipxxx""]
}"
$securepassword = ConvertTo-SecureString "pass" -AsPlainText -Force
$credentials = New-Object System.Management.Automation.PSCredential("skipxxx", $securepassword)
Invoke-WebRequest -Uri $resource -Method POST -Credential $credentials -Body $body -ContentType application/json
This is how the document may look like
{
"_sync": {
"rev": "1-ec4f884fae1ded971b5fbd18f9c07060",
"sequence": 7,
"history": {
"revs": [
"1-ec4f884fae1ded971b5fbd18f9c07060"
],
"parents": [
-1
],
"bodies": [
""
],
"channels": [
[
"channel_skipxxx"
]
]
},
"channels": {
"channel_skipxxx": null
},
"access": {
"skipxxx": {
"skipxxx": 7
}
},
"time_saved": "2015-06-21T11:55:23.1276655-07:00"
},
"checked": "true",
"created_at": "06/21/2015 20:55:17",
"creator": "skipxxx",
"title": "Document from Console3",
"type": "FromConsoleType3",
"writers": [
"skipxxx"
]
}
The channels which this doc is assigned to is listed here:
"channels": {
"channel_skipxxx": null
},
Now the docs may be synced
The docs may be synced, without setting any channel. Then all available docs will be pulled
pullReplication = database.createPullReplication(syncUrl);
pullReplication.setContinuous(true);
pushReplication = database.createPushReplication(syncUrl);
pushReplication.setContinuous(true);
pushReplication.start();
pullReplication.start();
couchbase.txt · Last modified: 2020/12/27 20:35 by 127.0.0.1