PouchDB authentication/user sign-up

Skip to first unread message


Jul 2, 2020, 4:01:59 AM7/2/20
to PouchDB
Hey all, I apologize in advance if this isn't the correct place to ask this question.

To keep things short and to the point:

1. I set up a CouchDB instance (I'm running v3.1.0) with the default admin

2. I want to allow a basic signup process (e.g. users type username/password into an html field, submit and they get their own database)

3. I enable couch_peruser in CouchDB settings so that new users get a matching database and 'require_valid_user" is set to false for httpd settings in Fauxton

4. I check out PouchDB and the pouchdb-authentication module which has a .signUp() function. Great! exactly what I'm looking for.

5. I use the example to create a PouchDB() instance directly attached to a remote database like so:

var db = new PouchDB('http://localhost:5984/dummy', {skip_setup: true});

6. I then call .signUp() like so:

db.signUp('batman', 'brucewayne', function (err, response) {

7. I get a 401 "You are not authorized to access this db." error message.

8. The only way I can fix this is by appending my admin credentials when I initialize the PouchDB() instance like so:

var db = new PouchDB('http://admin:adminPass@localhost:5984/dummy', {skip_setup: true});

which obviously is completely insecure and a non-starter since anyone viewing the html or javascript source
would get the server admin level login and could do anything they wish with my CouchDB instance.

Is it possible to allow users to signup--without admin credentials of course--and CouchDB creates a database for them? I understand that bad actors
could take advantage and spam-create tons of user databases but I'll worry about that as the next step ;)

Any help, insight or suggestions are greatly appreciated, thanks!

Jan L

Jul 9, 2020, 11:23:37 AM7/9/20
to pou...@googlegroups.com

the db-per-user databases all start with a `user-` prefix, so `dummy` won’t work.


You received this message because you are subscribed to the Google Groups "PouchDB" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pouchdb+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pouchdb/c3c4c7dd-6e34-49ca-9f11-448013c261ado%40googlegroups.com.

Sinan Gabel

Jul 10, 2020, 2:56:17 AM7/10/20
to PouchDB
There is a change starting with couchdb 3.x, and I guess this is your problem, for a solution see:

Reply all
Reply to author
0 new messages