commit | 16bd1f92b94d87e8f69a09988674c8be72652097 | [log] [tgz] |
---|---|---|
author | Bob Ippolito <bob@redivi.com> | Mon Dec 01 14:17:59 2014 -0800 |
committer | Bob Ippolito <bob@redivi.com> | Mon Dec 01 14:17:59 2014 -0800 |
tree | b281384ff7a02324a6073853966093b96322f4c8 | |
parent | 7cf8d935c15f11cc5cbc81fcfc13ea5869281d0c [diff] |
fix #8 security issue, add end-to-end testing script
couchperuser is a CouchDB daemon that ensures that a private per-user database exists for each document in _users. These databases are writable only by the corresponding user.
Currently this is very much purpose-built for CodeCosmos. Databases are in the form:
userdb-{hex encoded username}
For example, the user bob
will have a database named userdb-626f62
.
The reason for hex encoding is that CouchDB usernames have no restrictions, but CouchDB databases have restrictions. Hex encoding the UTF-8 representation of the username is a transformation that's easy to correctly implement in just about any language, especially JavaScript and Erlang. Other encodings would be possible, but would require additional client and server-side code to support that encoding. This is the simplest scheme that is obviously correct.
Install any dependencies. couchperuser
requires rebar
, e.g.
$ brew install rebar
Ensure the plugins
directory exists, e.g.
$ mkdir /usr/local/Cellar/couchdb/1.6.0_1/lib/couchdb/plugins
Clone (download) the repo:
$ git clone https://github.com/etrepum/couchperuser.git
Move the plugin files:
$ mv couchperuser /usr/local/Cellar/couchdb/1.6.0_1/lib/couchdb/plugins
Build the plugin files:
$ cd /usr/local/Cellar/couchdb/1.6.0_1/lib/couchdb/plugins/couchperuser $ make
Restart couchdb