On Tue, May 12, 2009 at 1:13 AM, Scott Shumaker <[email protected]> wrote: > Not ideal, but it works. I'd love for validate_doc_update to take > HTTP headers - especially an additional JSON parameter, like a custom > userCtx. >
The problem with this approach is that the validation functions are run at replication time as well as at initial update time. This is why we need to abstract the http information into a userCtx, because the full request object won't be available for replay later (and the replicating userCtx is used at rep time, not the original Ctx, so replay wouldn't be appropriate anyway.) Both concerns in this thread (custom http auth & using user creds from a db) are best addressed by writing another authentication handler or two. I believe there is work underway to do this but I'm not sure the current state. We are very open to patches in the auth handler section of the code. Please inquire on dev@ (or drop a patch on https://issues.apache.org/jira/browse/COUCHDB) if you'd like to help here. Chris -- Chris Anderson http://jchrisa.net http://couch.io
