couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <...@apache.org>
Subject Re: PUT on _update/docid1 but create a new document with _id:docid2?
Date Fri, 19 Nov 2010 12:54:18 GMT
Hi Stefan,

On 19 Nov 2010, at 11:55, Stefan Klein wrote:

> Hi List,
> 
> i'm toying around with couchDB to create a couchapp to manage
> bookmarks (yes, i know there are already some).
> 
> I want to make sure to not have duplicate bookmarks, so i want to use
> the URL as the _id.
> With request parameters some URL with are diferent are basicly the
> same, for example youtube links:
> 
> http://www.youtube.com/watch?v=4jtBQf41Ppc
> http://www.youtube.com/watch?v=4jtBQf41Ppc&feature=channel
> 
> I would consider them as the same bookmark, but there is no generic
> way to tell which request parameters are relevant and which are not.
> Now one could write a document update handler which is aware of the
> URL format of youtube, vimeo, ... and everytime the URL format changes
> or you want to be able to handle an other side you have to edit the
> update handler.
> 
> I found another posibility:
> 
> I created a update handler like:
> 
> "updates": {
>     "createBM": "function(doc,req)
>     {
>         if(!doc && ! doc.getId){
>             getId = function(doc,req) {
>                 // some default way to create an _id
>             }
>             getId = eval(doc.getId);
>         };
>         nDoc = {};
>         nDoc._id=getId(doc,req);
>         nDoc.url=req.form.myUrl;
>         return[nDoc,\"shiny happy people\"]
>     }"
> }
> 
> and have on document per hostname which holds the logic to determine
> the relevant URL parameters
> 
> {
>   "_id": "www.youtube.com",
>   "getId": "function(doc,req) {
> 		ytID = // get youtube id (v=<ytID>) from the request
> 		return \"yt:\" + ytID
> 	    }"
> }
> 
> So if the bookmarklet send a PUT on
> http://....../_update/createBM/www.youtube.com
> 
> The update handler will create a document with an id like "yt:4jtBQf41Ppc".
> 
> Now i'm pretty unsure if this is an evil hack or even a bug in couchdb
> which get's fixed or if it's just a relay cool feature.

Looks like it is working as advertised :) — Beware though that if you allow
anyone to write to your database, people could run some arbitrary JavaScript
code. Worst that could happen though is making infinite loops that CouchDB
kills after 5 seconds and then make many of them concurrently, i.e. a
classical DoS situation.

If it's only you that talks to the database, this looks like a neat hack :)

Cheers
Jan
-- 


Mime
View raw message