Re: Project description
On 28 Jul 2009, at 05:29, Mark Hammond wrote: On 28/07/2009 4:20 AM, Jan Lehnardt wrote: and is queryable and indexable using a table-oriented view engine with JavaScript acting as the default view definition language. Something like: and is queryable and indexable using a table-oriented JavaScript view engine. A pluggable view engine architecture is used so third parties are able to provide alternative language implementations. I think we want to get rid of table oriented, too. no? Bike-shed, Bike-shed! :) Cheers Jan --
[jira] Commented: (COUCHDB-420) OAuth authentication support (2-legged initially) and cookie-based authentication
[ https://issues.apache.org/jira/browse/COUCHDB-420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12736012#action_12736012 ] eric casteleijn commented on COUCHDB-420: - Great work, Jason! I've gotten the newest version of the patch working (which I'm sure will be attached soon.) Getting things to work still required a lot of hand holding, so I would love to have (and help write) some detailed setup documentation. In particular: 1. An example oauth.ini and an elaborate description of all the steps it takes to authenticate against that. 2. An example replication session from the command line (using curl, or python + python-oauth or somesuch.) using the credentials created in 1. 3. A description of the process to add new (oauth) authenticated users to a running couchdb. (If that is currently possible, I think Jan suggested it was.) OAuth authentication support (2-legged initially) and cookie-based authentication - Key: COUCHDB-420 URL: https://issues.apache.org/jira/browse/COUCHDB-420 Project: CouchDB Issue Type: New Feature Components: HTTP Interface Reporter: Jason Davies Fix For: 0.10 Attachments: oauth.1.diff This patch adds two-legged OAuth support to CouchDB. 1. In order to do this, a couple of changes have been made to the way auth handlers are used. Essentially, the patch allows multiple handlers to be specified in a comma-separated list in the following in the [httpd] section of your .ini config e.g. authentication_handlers = {couch_httpd_oauth, oauth_authentication_handler}, {couch_httpd_auth, default_authentication_handler} The handlers are tried in order until one of them successfully authenticates and sets user_ctx on the request. Then the request is passed to the main handler. 2. Now for the OAuth consumer keys and secrets: as Ubuntu need to be able to bootstrap this i.e. add tokens without a running CouchDB, I have advised creating a new config file in $PREFIX/etc/couchdb/default.d/ called oauth.ini or similar. This should get read by CouchDB's startup script when it loads its config files (e.g. default.ini and local.ini as well). There are three sections available: i. [oauth_consumer_secrets] consumer_key = consumer_secret ii. [oauth_token_secrets] oauth_token = oauth_token_secret iii. [oauth_token_users] oauth_token = username The format I've used above is [section name] followed by how the keys and values for that section will look on subsequent lines. The secrets are a way for the consumer to prove that it owns the corresponding consumer key or access token. The mapping of auth tokens to usernames is a way to specify which user/roles to give to a consumer with a given access token. In the future we will also store tokens in the user database (see below). 3. OAuth replication. I've extended the JSON sent via POST when initiating a replication as follows: { source: { url: url, auth: { oauth: { consumer_key: oauth_consumer_key, consumer_secret: oauth_consumer_secret, token_secret: oauth_token_secret, token: oauth_token } } }, target: /* same syntax as source, or string for a URL with no auth info, or string for local database name */ } 4. This patch also includes cookie-authentication support to CouchDB. I've covered this here: http://www.jasondavies.com/blog/2009/05/27/secure-cookie-authentication-couchdb/ The cookie-authentication branch is being used on a couple of live sites and the branch has also been worked on by jchris and benoitc. As well as cookie auth it includes the beginnings of support for a per-node user database, with APIs for creating/deleting users etc. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Created: (COUCHDB-438) Add per database (OAuth) authentication to couchdb
Add per database (OAuth) authentication to couchdb -- Key: COUCHDB-438 URL: https://issues.apache.org/jira/browse/COUCHDB-438 Project: CouchDB Issue Type: New Feature Affects Versions: 0.10 Reporter: eric casteleijn Fix For: 0.10 In set-ups where a couchdb node holds databases for many different users that are not allowed to see each other's data, it is vital that it is possible to give users separate roles for each database. It would be best if adding new users, and assigning roles to users for specific databases could be done through the http interface, as modifying .ini files becomes unwieldy for large numbers of users. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (COUCHDB-288) couch_js.c:1217: error: 'JSOPTION_NATIVE_BRANCH_CALLBACK' with spidermonkey tip
[ https://issues.apache.org/jira/browse/COUCHDB-288?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12736016#action_12736016 ] Stuart Langridge commented on COUCHDB-288: -- Using spidermonkey from Ubuntu karmic and xulrunner 1.9.1 and Firefox 3.5, this patch fixes the Expression does not evaluate to a function issue, and all tests but one pass: show_documents failure 360ms 1. Run with debuggerAssertion failed: xhr.getResponseHeader(Content-Type) == application/xml 2. Assertion failed: xhr.responseText.match(/plankton/) couch_js.c:1217: error: 'JSOPTION_NATIVE_BRANCH_CALLBACK' with spidermonkey tip --- Key: COUCHDB-288 URL: https://issues.apache.org/jira/browse/COUCHDB-288 Project: CouchDB Issue Type: Bug Components: Build System Environment: linux-x86 latest erlang/otp spidermonkey from http://hg.mozilla.org/mozilla-central/ Reporter: Richard Brown Attachments: couchdb_spidermonkey_tip.diff libtool: link: ( cd .libs rm -f couch_erl_driver.la ln -s ../couch_erl_driver.la couch_erl_driver.la ) i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../.. -D_XOPEN_SOURCE -L/usr/local/lib -L/opt/local/lib -I/usr/lib/erlang/usr/include -I/usr/lib/erlang/usr/include -I/usr/local/lib/erlang/usr/include -I/opt/local/lib/erlang/usr/include -I/usr/include -I/usr/include/js -I/usr/include/mozjs -I/usr/local/include -I/opt/local/include -I/usr/local/include/js -I/opt/local/include/js -DXP_UNIX-DMUDKIPZ -march=native -pipe -O2 -MT couchjs-couch_js.o -MD -MP -MF .deps/couchjs-couch_js.Tpo -c -o couchjs-couch_js.o `test -f 'couch_js.c' || echo './'`couch_js.c couch_js.c: In function 'main': couch_js.c:1217: error: 'JSOPTION_NATIVE_BRANCH_CALLBACK' undeclared (first use in this function) couch_js.c:1217: error: (Each undeclared identifier is reported only once couch_js.c:1217: error: for each function it appears in.) make[2]: Leaving directory `/var/tmp/paludis/build/dev-db-couchdb-scm/work/couchdb-scm/src/couchdb' make[2]: *** [couchjs-couch_js.o] Error 1 make[1]: Leaving directory `/var/tmp/paludis/build/dev-db-couchdb-scm/work/couchdb-scm' make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 Patching with Index: src/couchdb/couch_js.c === --- src/couchdb/couch_js.c(revision 752552) +++ src/couchdb/couch_js.c(working copy) @@ -1213,8 +1213,8 @@ if (!context) return 1; JS_SetErrorReporter(context, PrintError); -JS_SetBranchCallback(context, BranchCallback); -JS_ToggleOptions(context, JSOPTION_NATIVE_BRANCH_CALLBACK); +//JS_SetBranchCallback(context, BranchCallback); +//JS_ToggleOptions(context, JSOPTION_NATIVE_BRANCH_CALLBACK); JS_ToggleOptions(context, JSOPTION_XML); global = JS_NewObject(context, NULL, NULL, NULL); compiles and works in so far as I can talk to futon I think it might me related to http://markmail.org/search/?q=JS_SetBranchCallback#query:JS_SetBranchCallback%20list%3Aorg.apache.couchdb.commits+page:1+mid:kgc3bx6rclmlpkvb+state:results -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (COUCHDB-435) Build against spidermonkey in xulrunner-1.9.1
[ https://issues.apache.org/jira/browse/COUCHDB-435?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12736017#action_12736017 ] Stuart Langridge commented on COUCHDB-435: -- Alessandro's COUCHDB-288 patch may obsolete this. Build against spidermonkey in xulrunner-1.9.1 - Key: COUCHDB-435 URL: https://issues.apache.org/jira/browse/COUCHDB-435 Project: CouchDB Issue Type: Bug Components: Database Core Affects Versions: 0.10 Environment: Ubuntu 9.10, may apply to other Firefox 3.5 platforms Reporter: Stuart Langridge Attachments: native_js_callback.patch JSOPTION_NATIVE_BRANCH_CALLBACK doesn't exist in newer spidermonkeys. Minor patch to handle this properly against both older and newer codebases. Changelog data: Patch by Alexander Sack a...@ubuntu.com -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
Re: First iteration on Authentication and Authorization Wiki
Hi Curt, I just skimmed the page, but it looks good so far. Great job, thanks a lot! Cheers Jan -- On 28 Jul 2009, at 05:49, Curt Arnold wrote: I've spent some time trying to collect resources related to authentication and authorization in CouchDB and to try to get my mind around what is currently in CouchDB. Would appreciate any feedback, comments or corrections. Will try to start on some use cases tomorrow. http://wiki.apache.org/couchdb/Authentication_and_Authorization
Re: Native Erlang view server
Hi. 2009/7/28 Paul Davis paul.joseph.da...@gmail.com Hey, I zoned out a bit and finished getting the native Erlang view server passing all of the rspec tests. The code can be found online at [1] and I'll also attach a patch. I can't see [1] :) If anyone wants to play with it, that'd be pretty cool. There's probably a bit of weakness in error reporting right now, but I think it should work other than that. Sounds interesting. What are the benefits of using the erlang view server compared to the native javascript dito? Does it still use javascript at the bottom? //Rickard Paul
[jira] Updated: (COUCHDB-420) OAuth authentication support (2-legged initially) and cookie-based authentication
[ https://issues.apache.org/jira/browse/COUCHDB-420?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jason Davies updated COUCHDB-420: - Attachment: oauth.2.patch Latest patch with code cleanups and a couple of bug fixes. OAuth authentication support (2-legged initially) and cookie-based authentication - Key: COUCHDB-420 URL: https://issues.apache.org/jira/browse/COUCHDB-420 Project: CouchDB Issue Type: New Feature Components: HTTP Interface Reporter: Jason Davies Fix For: 0.10 Attachments: oauth.1.diff, oauth.2.patch This patch adds two-legged OAuth support to CouchDB. 1. In order to do this, a couple of changes have been made to the way auth handlers are used. Essentially, the patch allows multiple handlers to be specified in a comma-separated list in the following in the [httpd] section of your .ini config e.g. authentication_handlers = {couch_httpd_oauth, oauth_authentication_handler}, {couch_httpd_auth, default_authentication_handler} The handlers are tried in order until one of them successfully authenticates and sets user_ctx on the request. Then the request is passed to the main handler. 2. Now for the OAuth consumer keys and secrets: as Ubuntu need to be able to bootstrap this i.e. add tokens without a running CouchDB, I have advised creating a new config file in $PREFIX/etc/couchdb/default.d/ called oauth.ini or similar. This should get read by CouchDB's startup script when it loads its config files (e.g. default.ini and local.ini as well). There are three sections available: i. [oauth_consumer_secrets] consumer_key = consumer_secret ii. [oauth_token_secrets] oauth_token = oauth_token_secret iii. [oauth_token_users] oauth_token = username The format I've used above is [section name] followed by how the keys and values for that section will look on subsequent lines. The secrets are a way for the consumer to prove that it owns the corresponding consumer key or access token. The mapping of auth tokens to usernames is a way to specify which user/roles to give to a consumer with a given access token. In the future we will also store tokens in the user database (see below). 3. OAuth replication. I've extended the JSON sent via POST when initiating a replication as follows: { source: { url: url, auth: { oauth: { consumer_key: oauth_consumer_key, consumer_secret: oauth_consumer_secret, token_secret: oauth_token_secret, token: oauth_token } } }, target: /* same syntax as source, or string for a URL with no auth info, or string for local database name */ } 4. This patch also includes cookie-authentication support to CouchDB. I've covered this here: http://www.jasondavies.com/blog/2009/05/27/secure-cookie-authentication-couchdb/ The cookie-authentication branch is being used on a couple of live sites and the branch has also been worked on by jchris and benoitc. As well as cookie auth it includes the beginnings of support for a per-node user database, with APIs for creating/deleting users etc. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
Re: First iteration on Authentication and Authorization Wiki
Curt Arnold wrote: I've spent some time trying to collect resources related to authentication and authorization in CouchDB and to try to get my mind around what is currently in CouchDB. Would appreciate any feedback, comments or corrections. Will try to start on some use cases tomorrow. http://wiki.apache.org/couchdb/Authentication_and_Authorization I've added an example OAuth session to the oauth authentication section. All feedback on that very welcome! -- - eric casteleijn https://launchpad.net/~thisfred http://www.canonical.com
Re: Native Erlang view server
Rickard, The biggest improvement is speed. The native view server able to sneak all the way into the same OS process as the HTTP request so that there isn't even message passing overhead (except for lists). And its Erlang in case you prefer that flavor. Link is: http://github.com/davisp/couchdb/tree/native_proc/ Sorry for forgetting that. Paul On Tue, Jul 28, 2009 at 6:45 AM, Rickard Cardellkptz...@gmail.com wrote: Hi. 2009/7/28 Paul Davis paul.joseph.da...@gmail.com Hey, I zoned out a bit and finished getting the native Erlang view server passing all of the rspec tests. The code can be found online at [1] and I'll also attach a patch. I can't see [1] :) If anyone wants to play with it, that'd be pretty cool. There's probably a bit of weakness in error reporting right now, but I think it should work other than that. Sounds interesting. What are the benefits of using the erlang view server compared to the native javascript dito? Does it still use javascript at the bottom? //Rickard Paul
Re: Native Erlang view server
Hi again So if I understand it right, by using this view server, it is possible to totally avoid the javascripting? There seems to be a lot of overhead when using javascript, e.g converting erlang terms to json, message passing and so forth And its Erlang in case you prefer that flavor. It sure is my flavor though i'm a beginner :) Link is: http://github.com/davisp/couchdb/tree/native_proc/ Sorry for forgetting that. np, I found it and it looks neat. Haven't had time to try it out yet though //Rickard - Original Message - From: Paul Davis paul.joseph.da...@gmail.com To: dev@couchdb.apache.org Sent: Tuesday, July 28, 2009 6:45 PM Subject: Re: Native Erlang view server Rickard, The biggest improvement is speed. The native view server able to sneak all the way into the same OS process as the HTTP request so that there isn't even message passing overhead (except for lists). And its Erlang in case you prefer that flavor. Link is: http://github.com/davisp/couchdb/tree/native_proc/ Sorry for forgetting that. Paul On Tue, Jul 28, 2009 at 6:45 AM, Rickard Cardellkptz...@gmail.com wrote: Hi. 2009/7/28 Paul Davis paul.joseph.da...@gmail.com Hey, I zoned out a bit and finished getting the native Erlang view server passing all of the rspec tests. The code can be found online at [1] and I'll also attach a patch. I can't see [1] :) If anyone wants to play with it, that'd be pretty cool. There's probably a bit of weakness in error reporting right now, but I think it should work other than that. Sounds interesting. What are the benefits of using the erlang view server compared to the native javascript dito? Does it still use javascript at the bottom? //Rickard Paul
Re: Native Erlang view server
On Tue, Jul 28, 2009 at 3:56 PM, Rickard Cardellkptz...@gmail.com wrote: Hi again So if I understand it right, by using this view server, it is possible to totally avoid the javascripting? There seems to be a lot of overhead when using javascript, e.g converting erlang terms to json, message passing and so forth Yep. This avoids JSON serialization as well as stdio transfers. And its Erlang in case you prefer that flavor. It sure is my flavor though i'm a beginner :) Link is: http://github.com/davisp/couchdb/tree/native_proc/ Sorry for forgetting that. np, I found it and it looks neat. Haven't had time to try it out yet though //Rickard - Original Message - From: Paul Davis paul.joseph.da...@gmail.com To: dev@couchdb.apache.org Sent: Tuesday, July 28, 2009 6:45 PM Subject: Re: Native Erlang view server Rickard, The biggest improvement is speed. The native view server able to sneak all the way into the same OS process as the HTTP request so that there isn't even message passing overhead (except for lists). And its Erlang in case you prefer that flavor. Link is: http://github.com/davisp/couchdb/tree/native_proc/ Sorry for forgetting that. Paul On Tue, Jul 28, 2009 at 6:45 AM, Rickard Cardellkptz...@gmail.com wrote: Hi. 2009/7/28 Paul Davis paul.joseph.da...@gmail.com Hey, I zoned out a bit and finished getting the native Erlang view server passing all of the rspec tests. The code can be found online at [1] and I'll also attach a patch. I can't see [1] :) If anyone wants to play with it, that'd be pretty cool. There's probably a bit of weakness in error reporting right now, but I think it should work other than that. Sounds interesting. What are the benefits of using the erlang view server compared to the native javascript dito? Does it still use javascript at the bottom? //Rickard Paul
[jira] Commented: (COUCHDB-434) 500 error when working with deleted bulk docs
[ https://issues.apache.org/jira/browse/COUCHDB-434?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12736387#action_12736387 ] Chris Anderson commented on COUCHDB-434: relevant log output: [error] [0.1898.0] Uncaught error in HTTP request: {error,{badmatch,error}} [info] [0.1898.0] Stacktrace: [{couch_db,'-update_docs/4-fun-4-',2}, {lists,map,2}, {couch_db,update_docs,4}, {couch_httpd_db,db_req,2}, {couch_httpd_db,do_db_req,2}, {couch_httpd,handle_request,5}, {mochiweb_http,headers,5}, {proc_lib,init_p_do_apply,3}] 500 error when working with deleted bulk docs - Key: COUCHDB-434 URL: https://issues.apache.org/jira/browse/COUCHDB-434 Project: CouchDB Issue Type: Bug Components: Database Core Reporter: Mark Hammond Attachments: bulk_save_500.patch, bulk_save_500.patch When upgrading our app from 0.9 to trunk, I encountered a 500 error attempting to update previously deleted documents. I've hacked together a patch to the test suite which demonstrates an almost identical error, but note: * The test code is misplaced due to that test otherwise failing for me when attempting to compact. It should go either at the end of the test, or into its own test. * As the comments note, the attempt to delete the documents appears to fail with conflict errors - which it probably shouldn't. * If you ignore these conflicts (as the test does), the next attempt to 'resurrect' these docs causes a 500 error with a badmatch exception. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Assigned: (COUCHDB-434) 500 error when working with deleted bulk docs
[ https://issues.apache.org/jira/browse/COUCHDB-434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Chris Anderson reassigned COUCHDB-434: -- Assignee: Damien Katz I've looked into the bug and it seems for some reason _deleted docs aren't coming back in the IdRevs ++ CommitResults ++ PreCommitFailures result set for some reason. In couch_db:update_docs(Db, Docs, Options, interactive_edit), the call to dict:find currently only matches {ok, Result} For some reason this test makes dict:find return the atom error instead of {ok, Result} (eg the dict doesn't have the key). I'm guessing it's to do with deterministic revs and deletion. Assigning to Damien. 500 error when working with deleted bulk docs - Key: COUCHDB-434 URL: https://issues.apache.org/jira/browse/COUCHDB-434 Project: CouchDB Issue Type: Bug Components: Database Core Reporter: Mark Hammond Assignee: Damien Katz Attachments: bulk_save_500.patch, bulk_save_500.patch When upgrading our app from 0.9 to trunk, I encountered a 500 error attempting to update previously deleted documents. I've hacked together a patch to the test suite which demonstrates an almost identical error, but note: * The test code is misplaced due to that test otherwise failing for me when attempting to compact. It should go either at the end of the test, or into its own test. * As the comments note, the attempt to delete the documents appears to fail with conflict errors - which it probably shouldn't. * If you ignore these conflicts (as the test does), the next attempt to 'resurrect' these docs causes a 500 error with a badmatch exception. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Created: (COUCHDB-439) Fix bogus $(INSTALL) of couchspawnkillable.exe on Windows
Fix bogus $(INSTALL) of couchspawnkillable.exe on Windows - Key: COUCHDB-439 URL: https://issues.apache.org/jira/browse/COUCHDB-439 Project: CouchDB Issue Type: Improvement Components: Build System Environment: Windows Reporter: Mark Hammond There is a bogus $INSTALL in src/Makefile.am which needs to be fixed once a work around is determined. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (COUCHDB-439) Fix bogus $(INSTALL) of couchspawnkillable.exe on Windows
[ https://issues.apache.org/jira/browse/COUCHDB-439?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12736430#action_12736430 ] Mark Hammond commented on COUCHDB-439: -- From IRC: (10:11:07 AM) nslater: markh: I'm not happy with this: (10:11:09 AM) nslater: $(INSTALL) priv/.libs/couchspawnkillable.exe $(DESTDIR)$(couchprivdir)/. (10:11:20 AM) markh: me either :( (10:11:29 AM) nslater: markh: can you post to the automake list with a description of the problem, to see what they come up with? they're usually pretty helpful (10:11:49 AM) markh: I think it is more libtool related (10:12:00 AM) markh: as the comments say, I end up with *2* executables - one broken, one working (10:12:21 AM) markh: the broken one is what gets copied by default. That line overwrites the broken one with the good one :( (10:12:48 AM) nslater: yeah, dunno. its usual to end up with two, with one under .libs - but I dunno why one would work, and one wouldn't. perhaps something is done to the one under .libs after it is copied into the regular place (10:12:59 AM) markh: and 'libtool related' is also hard - we are using the frankenstein .sh scripts from erlang for the compiler and linker (10:13:09 AM) markh: they are linked differently (10:13:23 AM) nslater: the automake list is probably the best place to start... even if it just means they bounce you off some place else Fix bogus $(INSTALL) of couchspawnkillable.exe on Windows - Key: COUCHDB-439 URL: https://issues.apache.org/jira/browse/COUCHDB-439 Project: CouchDB Issue Type: Improvement Components: Build System Environment: Windows Reporter: Mark Hammond There is a bogus $INSTALL in src/Makefile.am which needs to be fixed once a work around is determined. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Created: (COUCHDB-440) Fix windows libname_spec hacks in configure.ac
Fix windows libname_spec hacks in configure.ac -- Key: COUCHDB-440 URL: https://issues.apache.org/jira/browse/COUCHDB-440 Project: CouchDB Issue Type: Improvement Components: Build System Environment: Windows Reporter: Mark Hammond Priority: Minor The windows build process has a hack at the end of configure.ac, which runs sed over libtool to fix the libname_spec option and remove the -link option. I suspect this is related to attempting to combine usage of libtool with erlang's cc.sh script we use; erlang's build process doesn't use libtool. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.