我的目标是能够读取一个数据库而无需对用户进行身份验证,应该需要对编辑此数据库进行身份验证。所有其他数据库应该只对有效用户可读/可写。而且我不想为将来创建的每个数据库都设置它,读/写所需的身份验证应该是默认设置。
我想我可以通过设置require_valid_user来做到这一点true,但现在 CouchDB 总是要求输入用户名和密码,所以我需要一种方法来排除一个数据库。这个数据库应该对公共可读并且对有效用户是可写的。
问问题
766 次
1 回答
4
I get around this problem by authenticating all users through one single database (i.e. /login). That database is public, and contains a design document with an HTML file as an attachment. The user is served this file, fills out their credentials on a form, and I use jQuery.couch.js to authenticate and store a cookie in their browser. Once they've got a valid login, I inspect the userCtx object to check their role, and redirect them to the appropriate database.
It's a hack, but until CouchDB is able to serve a login page instead of a JSON error message whenever you're not logged into a database, it's the only reliable method I've found.
Make sure to protect your public login database with a validate_doc_update key in the design document, so nobody but admins can overwrite anything in it.
Hope this helps.
于 2013-07-06T21:21:20.433 回答