通过jquery.couch.js或其他方式在Couchapp/CouchDB中进行用户注册 [英] User Signup in Couchapp/CouchDB through jquery.couch.js or Otherwise
问题描述
背景
现在,我正在尝试使用ouchDB/couchapp构建一个应用程序,该应用程序将存储来自用户的持久性和重要信息,并停留在使用ouchapp进行用户注册所需的步骤上.
Right now, I'm trying to build an app with couchDB/couchapp that would store persistent and crucial information from the user, and am stuck on the steps required for user signup with couchapp.
本质上,我要做的是拥有一个简单的注册表单,用户可以使用该表单来注册一个使用我的应用程序的帐户.这将需要在ouchdb _users数据库中创建一个新用户,并创建一个新数据库,并为新用户分配数据库管理员角色.
Essentially, what I want to do is to have a simple signup form that users can use to register an account for using my app. This would entail creation of a new user in the couchdb _users database, and the creation of a new database, with the new user assigned the role of database admin.
所有需要服务器管理员凭据的地方.
All that requires server admin credentials.
理想情况下,我希望能够使用jquery.couch.js函数之一进行通话,但是似乎没有一种安全的方法可以做到这一点. (或者在那里?)
Ideally, I'd love to be able to make a call using one of the jquery.couch.js functions, but there doesn't seem to be a secure way to do that. (or is there??)
问题
将此任务卸载到中间层软件或其他方面的最有效,最安全的方法是什么?
What is the most efficient yet secure way to offload this task to a middle-layer software or otherwise?
高效是指用户需要最少的步骤,而对我来说则不一定是最少的麻烦.
By efficient, I mean needing the least amount of steps for the user, not necessarily the least amount of hassle for me.
截至目前,我已经设置了一个单独的node.js服务器来接收注册请求.我的bedDB服务器管理员凭据作为假定的私有变量存储在节点server.js文件中.然后,我使用 couch-client 将任何数据库创建请求回发到benchDB.
As of right now, I've set up a separate node.js server that receives signup requests. My couchDB server admin credentials are stored as supposed private variables on the node server.js file. I then POST any db creation request back to couchDB using couch-client.
我在这里跳了太多(潜在的不安全)箍吗?有没有更好的方法来确保安全的注册过程?
Am I jumping through too many (potential insecure) hoops here? Is there a better way to ensure a secure signup process?
谢谢.
推荐答案
需要管理员用户才能创建数据库并分配数据库管理员.
An admin user is required to create a database and assign database admins.
多米尼克的回答很好.但是,另一种方法是保留直接的ouchapp体系结构,并在用户沙发链之外运行您的管理代码 external .
Dominic's answer is great. However an alternative is to keep the direct couchapp architecture and run your admin code external, outside the user-couch chain.
例如,在NodeJS中,以管理员身份连接到CouchDB.查询/_users/_changes?feed=continuous&include_docs=true.创建用户时,您会实时收到一个数据事件.当您看到新用户时,请创建数据库并将其分配为管理员.
For example, in NodeJS, connect to CouchDB as an admin. Query /_users/_changes?feed=continuous&include_docs=true. You will receive a data event in real-time when users are created. When you see a new user, create the database and assign them as the admin.
客户端代码可以轮询其新数据库.或者,客户端也可以通过_changes COMET提要查询/_users.无论哪种方式,一旦浏览器知道已设置帐户,您都可以在UI中向用户显示该帐户.
The client code can poll for their new database. Or, the client can also query /_users via the _changes COMET feed too. Either way, once the browser knows that the account is set up, you can show it to the user in the UI.
代理(三层体系结构)很棒.他们无能为力.但是,出于两个原因,我通常更喜欢带有外部代理的CouchDB"的体系结构:
Proxies (3-layer architecture) are great. There's nothing they can't do. However, I often prefer the architecture of "CouchDB with an external agent" for two reasons:
- 这很简单.一台Web服务器.用户连接到CouchDB.您连接到CouchDB.一切都在数据库中.配置和维护问题更少.
- 它很灵活.您可以从任何服务器运行的任何语言编写外部客户端.您可以编写一个大型应用程序来完成所有工作,或者编写许多小型应用程序来专注于一项任务(例如,创建新数据库,向用户发送电子邮件以获取丢失的密码,在数据库过大时通知您等).
这篇关于通过jquery.couch.js或其他方式在Couchapp/CouchDB中进行用户注册的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
