PouchDB authentication/user sign-up

537 views
Skip to first unread message

Keepiit

unread,
Jul 2, 2020, 4:01:59 AM7/2/20
to PouchDB
Hey all, I apologize in advance if this isn't the correct place to ask this question.

To keep things short and to the point:

1. I set up a CouchDB instance (I'm running v3.1.0) with the default admin

2. I want to allow a basic signup process (e.g. users type username/password into an html field, submit and they get their own database)

3. I enable couch_peruser in CouchDB settings so that new users get a matching database and 'require_valid_user" is set to false for httpd settings in Fauxton

4. I check out PouchDB and the pouchdb-authentication module which has a .signUp() function. Great! exactly what I'm looking for.

5. I use the example to create a PouchDB() instance directly attached to a remote database like so:

var db = new PouchDB('http://localhost:5984/dummy', {skip_setup: true});

6. I then call .signUp() like so:

db.signUp('batman', 'brucewayne', function (err, response) {
...
}

7. I get a 401 "You are not authorized to access this db." error message.

8. The only way I can fix this is by appending my admin credentials when I initialize the PouchDB() instance like so:

var db = new PouchDB('http://admin:adminPass@localhost:5984/dummy', {skip_setup: true});

which obviously is completely insecure and a non-starter since anyone viewing the html or javascript source
would get the server admin level login and could do anything they wish with my CouchDB instance.

Is it possible to allow users to signup--without admin credentials of course--and CouchDB creates a database for them? I understand that bad actors
could take advantage and spam-create tons of user databases but I'll worry about that as the next step ;)

Any help, insight or suggestions are greatly appreciated, thanks!

Jan L

unread,
Jul 9, 2020, 11:23:37 AM7/9/20
to pou...@googlegroups.com
Heya,

the db-per-user databases all start with a `user-` prefix, so `dummy` won’t work.

Best
Jan

--
You received this message because you are subscribed to the Google Groups "PouchDB" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pouchdb+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pouchdb/c3c4c7dd-6e34-49ca-9f11-448013c261ado%40googlegroups.com.

Sinan Gabel

unread,
Jul 10, 2020, 2:56:17 AM7/10/20
to PouchDB
There is a change starting with couchdb 3.x, and I guess this is your problem, for a solution see:

Reply all
Reply to author
Forward
0 new messages