incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen Bartell <snbart...@gmail.com>
Subject Re: database per user architecture couchapp
Date Sat, 23 Feb 2013 17:14:00 GMT

On Feb 22, 2013, at 1:55 PM, Jeff Charette <iomatix@yahoo.com> wrote:

> So this would force me to host my own couch as opposed to using iris couch?

If you can't use externals in Iris, then yes.  

If it helps, heres a quick rundown on how Im doing it.  I use a database per role.  Then a
role is assigned to users based on their level of access to certain databases.  The documents
in the databases represent "rentable" pieces of hardware on a network.  There are a number
of apps which we host which utilize these databases to provide status and control of the elements.
 These apps provide authenticated users a view into the network based on their assigned roles.
The trick was to seamlessly redirect user requests to their appropriate databases.  For this
there is a proxy which is entirely independent of couchdb.  This proxy will sniff user auth
from the request headers, whether it is basic or cookie, and ask _sessions for this users
roles. The proxy then rewrites the url to the appropriate database.  If the user doesn't exist,
then he gets routed to the main database where his auth is going to fail.  The other half
of the beast are the replicators for moving docs from the main database to the users databases.
 Depending on your number of users, replication becomes a burden in itself.  It would be real
nice to offload this burden to someone like iris couch. I know, its a big song and dance,
but its an approach.

In your case, you might need to, at a minimum, host a proxy which routes to iris.

Best
Stephen Bartell

> 
> Jeff Charette | Principal 
> We Are Charette
> web / identity / packaging
> 
> m  415.298.2707
> w  wearecharette.com
> e   jeffrey@wearecharette.com
> 
> On Feb 22, 2013, at 3:58 PM, Jan Lehnardt <jan@apache.org> wrote:
> 
>> 
>> On Feb 22, 2013, at 21:46 , Jeff Charette <iomatix@yahoo.com> wrote:
>> 
>>> Does anyone know how setup database per user in a couch app?  Wouldn't this just
give admin access to the main db?
>> 
>> People use background processes to create databases on demand. You can manage them
with CouchDB’s “Externals” system. Listening on the _users db’s _changes feed and
acting on that is common pattern.
>> 
>> Cheers
>> Jan
>> -- 
>> 
>> 
>>> 
>>> I am trying to setup up a basic user signup, then give them protected docs. 
I have it working for a whole database, but ran into trouble with attachments.  Many have
also warned of the security issues of protecting your docs with secure_rewrites.
>>> 
>>> I'm stuck and thanks for all your time.
>>> 
>>> Jeff Charette | Principal 
>>> We Are Charette
>>> web / identity / packaging
>>> 
>>> m  415.298.2707
>>> w  wearecharette.com
>>> e   jeffrey@wearecharette.com
>> 
> 


Mime
View raw message