couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pascal Dennerly <>
Subject Re: Enforcing creating documents using an update handler in a CouchApp
Date Fri, 28 Feb 2014 21:57:08 GMT
The specific problem I'm trying to solve is requiring that a creation
timestamp is put in the document when it is created in the database. Yes
yes, it's a fairly trivial thing that I was hoping to keep server side. But
it does suggest that there could be other instances where you might want
to do something similar. And it got me thinking.

As the document being stored can't be modified in validate_doc_update I
obviously looked to the update handler. Good if for some reason you don't
trust the client to add the correct data.

Rewrite handlers are good for restricting access to a design document but
I'm not sure it will suffice to restrict updates to other documents. I
would definitely use validate_doc_update for enforcing
user/replication/model constraints once the data is created - it's just
restricting access.

I could use a proxy in front of my Couch instance - but I was hoping for
something handled by CouchDB itself.

On 28 February 2014 08:56, James Dingwall <>wrote:

> Pascal Dennerly wrote:
>> I've been struggling with how I might lock down PUT and POST to a DB so I
>> can enforce a model. Now using an update handler would be ideal, but I'm
>> struggling to find a way of preventing changes to documents directly.
>> If validation_doc_update had context about the request, I could block any
>> requests that didn't come through an update handler there.
>> Does anyone have any ideas how to do this? Am I missing something?
> With a proxy in front of CouchDB you can limit the HTTP verbs which will
> be passed through therefore preventing PUTs.  To restrict POST you could
> force everything through a _rewrite on the design document and only allow
> POST requests when the url matches ^/<db>/_design/<ddoc>/_rewrite/<stuff>.
> James

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message