I create a simple couchapp and deployed it into my CouchDB instance. However, i'm noticing an anomaly. The view created (via couchapp generate view ...) returns data when I view it in CouchDB's Futon administrative interface (logged in as admin), but not when I run the couchapp I wrote. Here's an example of my code:
$.CouchApp(function(app) {
app.view("wine_list", { success: function(json) {
json.rows.map(function(row) {
alert(row.key);
});
}});
});
The result I get out of alert() above is 'null'.
And when I navigate to: http://localhost:5984/winedb/_design/wineapp/_view/wine_list I get:
{"rows":[
{"key":null,"value":null}
]}
But, If I open Futon admin interface and navigate to the design doc/view, I can see records. Now, in Futon i'm logged in as admin. So, my guess is I should specific auth credentials in my couchapp javascript code? If so, how?
If your view has both a map and reduce component, then this might be a user interface bug in Futon.
By default, CouchDB will supply map and reduce results to queries. To see only the map results, you must provide a ?reduce=false parameter.
By default, Futon provides the ?reduce=false parameter, and you have to check the "reduce" checkbox to get the "default" behavior.
In other words, add reduce=false to your query. Does that help?
Related
I've just started using loopback4 and I would like to protect the /explorer from being public. The user would initially see a page where username and password must be entered. If successful, the user is redirected to /explorer where he can see all API methods (and execute them). If user is not authenticated, accessing the path /explorer would give a response of "Unauthorized". Is there a way to easily implement this?
There is issue talking about a GLOBAL default strategy is enabled for all routes including explorer in https://github.com/strongloop/loopback-next/issues/5758
The way is to specify a global metadata through the options:
this.configure(AuthenticationBindings.COMPONENT).to({
defaultMetadata: {
strategy: 'JWTStrategy'
}
})
this.component(AuthenticationComponent);
registerAuthenticationStrategy(this, JWTAuthenticationStrategy)
But in terms of enabling a single endpoint added by route.get(), it's not supported yet, see code of how explorer is registered. #loopback/authentication retrieves auth strategy name from a controller class or its members, but if the route is not defined in the controller, it can only fall back to the default options, see implementation
I have created a node/feathers project using this chat application guide as a base. It's working great, but now I would like to filter the results the api is giving. For example, when user makes GET request to /messages I would like the response to include only the messages that the authorized user has created, not anyone else's messages. Auth is working correctly in the api and message items have the userId who created the message, but I just don't understand what and where I'm supposed to do to filter the messages according to the user id. After hours of googling I couldn't find anything related to this or anyone even asking the question, so what am I missing here?
You can do a manual filtering. Both on before and after hooks. How to use hooks.
In before hooks you can create a function that update your query object to only get/find data it owns.
hook.params.query = { ... , ownedBy: hook.params.user._id }
Or do result filtering in after hooks, you have the hook.result which is the only thing you can manipulate in the after hooks. Then you can use Array.prototype.filter() to filter the results the user gets.
Along with the thumbnail photo, I may want to display other properties in my master pages that are imported from AD such as "company" using User Profile sync
If I use SPServices.SPGetCurrentUser() (https://spservices.codeplex.com/documentation), I can get selected properties held in user profile settings. However, I can't make this call since the property does not exist here (yet).
var company = $().SPServices.SPGetCurrentUser({
fieldName: "Company",
debug: false
});
It is however, is displayed both in http://mysite.mydomain.com/_layouts/EditProfile.aspx when in Mysite and _layouts/ProfAdminEdit.aspx (Edit user properties in Central Admin). I guess my question is then to be able to use SPServices, do I somehow edit the default properties and include my "Company" attribute held in the user' mysite profile? Alternatively, is there another way to access the properties held in the user profile with JavaScript ?
Thanks
Daniel
$().SPServices.SPGetCurrentUser calls this page : http://you.site.com/_layouts/userdisp.aspx?Force=True&1376982818371. For me the function is not able to parse the page correctly, but you could simply use jQuery (or pure JS or whatever) to get by yourself the same page, and then parse it to find the data you want.
Otherwise you can use $SP().people() to query the User Profile Service and gets the info for the user. See the example from the provided link. In theory that should return you the same information or even more info.
I'm having trouble finding documentation on the request object argument used in replication filters ('req' in the sample below):
function(doc, req) {
// what is inside req???
return false;
}
This old CouchBase blog post has a little code snippet that shows the userCtx variable being a part of the request object:
What is this userCtx? When you make an authenticated request against
CouchDB, either using HTTP basic auth, secure cookie auth or OAuth,
CouchDB will verify the user’s credentials. If they match a CouchDB
user, it populates the req.userCtx object with information about the
user.
This userCtx object is extremely useful for restricting replication of documents to the owner of the document. Check out this example:
function(doc, req) {
// require a valid request user that owns the current doc
if (!req.userCtx.name) {
throw("Unauthorized!");
}
if(req.userCtx.name == doc.owner) {
return true;
}
return false;
}
But the problem now is that CouchDB requires the filter method to be explicitly chosen by the initiator of the replication (in this case, the initiator is a mobile user of my web app):
curl -X POST http://127.0.0.1:5984/_replicate \
-d '{"source":"database", \
"target":"http://example.com:5984/database", \
"filter":"example/filtername"
}'
The Question
Is there a way to enforce a specific filter by default so that users are restricted to replicating only their own data? I'm thinking the best way to do this is to use a front end to CouchDB, like Nginx, and restrict all replication requests to ones that include that filter. Thoughts? Would love a way to do this without another layer in front of CouchDB.
Data replication stands right with user ability to read data. Since if your users shares data within single database all of them has right to replicate all of them to their local couches. So you couldn't apply any documents read restriction unless you've split single shared database into several personal ones - this is common use case for such situations.
There is no any way to enforce apply changes feed filter or other parameters like views has. However, you can use rewrites to wraps requests to some resources with predefined query parameters or even with dynamic ones. This is a little not solution that you'd expected, but still better that nginx and some logic at his side: probably, you'd to allow users to specify custom filters with custom query parameters and enforce you're own only if nothing specified, right?
P.S. Inside req object is very useful about current request. Partially it was described at wiki, but it's a little out of date. However, it's easily to view it with simple show function:
function(doc, req){
return {json: req}
}
"user_ctx": {
"name": "adminuser",
"role": "[\"_admin\"]"
},
"_replication_state": "error",
"_replication_state_time": "2011-08-30T15:09:03+00:00",
"_replication_id": "08fd9d6dcc5a0882fc9fd0d971b05938"
}
For some reason, I can't get my replicator to work. The log continues to show "unauthorized to access database", referring to my localhost. I know I need to have user_ctx set, but for some reason it just doesn't like to work. I copied the info out of my source. I even created new admin users to try and fix the problem, none worked. Do I need to specify more roles for the user?
The other has a good resource https://gist.github.com/832610, but the user_ctx he set's in the example isn't the admin user, the appear to just be random roles.
Anyone have any experience with the CouchDB replicating to the localhost?
If you create the document as the server admin, then you do not need this field. I think omitting it completely will work.
If you create the document as a normal user, then it should match your name and roles which you can get by querying /_session. In fact, I think you can copy the userCtx field from the session response directly into the user_ctx field of the replication document.
Found out what I did thanks to the CouchDB Apache Mailing Lists. Should have had "roles" instead of "role".