pouchdb / pouchbase Goto Github PK

Hello.js provides OAuth 2 based login in the browser. I've only just found it/skimmed it, but it seemed of interest here.

FOAF uses it, so mixing user profile data there would be simpler and may also open the door to WebID support (FOAF+SSL).

This is a really cool project but I'm just wondering if we should be supporting hoodie for these kinds of things?

call /logout, it return 'bad request 400'
Error: invalid json
at parse (/home/dir/pouch.host/node_modules/body-parser/lib/types/json.js:72:15)
at /home/dir/pouch.host/node_modules/body-parser/lib/read.js:98:18
at IncomingMessage.onEnd (/home/dir/pouch.host/node_modules/body-parser/node_modules/raw-body/index.js:136:7)
at IncomingMessage.g (events.js:175:14)
at IncomingMessage.EventEmitter.emit (events.js:92:17)
at _stream_readable.js:920:16

If there are no credentials and we are in admin party, should run

for https://github.com/daleharvey/pouchdb/issues/1575

If people make multiple apps on the same server, which will be the case with the tutorial, any person who uses 2 different apps with the same persona login will have 2 sets of different applications data syncing

We should add the simplest possible api token type thing for applications

Shouldn't there be a LICENSE document to allow people to work on and use this project?

So to get this first working version up I am going to skip review and just use this as a global issue to just get a demo working, It will be easier to get something up and running then we can go back to review systems when it works

Since we use pouchdb-server on the backend, it doesnt request the timeout option in long poll changes so pouchdb things replication has failed, need to fix in express-pouchdb but tracking here

userDoc.password = uuid.v1();
userDoc.thepassword = userDoc.password;

This means the password is stored in plaintext in the user document and is readable, at least, to the user himself? Is this a good practice?

Perhaps if the _id of the user document was something like a hash of the user's email, not the email itself, no one would know anyone's password?

I think we should add a few simple regression tests. It would make the development faster, because after making some (especially small) changes there would not be a need to check if everything still works by hand.

Workaround:
Create the dist folder manually.
e.g. mkdir dist

https://github.com/daleharvey/couch-persona/blob/master/couch-persona.js#L188 is the wrong way to do proxies, its going to break if people do / requests (replication)

In fact it may be broken already

We should proxy application/json request and avoid ever rewriting urls

So on the back of the wireframe, I think theres a decent idea of what we need the initial rest api to look like

We use the default session handling in express, I assumed this wouldnt persist across restarts, I wrote a test that checks that it does and passes, but I still get logged out when restarting the server occasionally, need to figure out whats wrong with the test + use persistent sessions

An upgrade to express broke everything

Right now if error occurs during authentication we return 400 status code. I don't think it's the best choice, sometimes we should probably use 5XX.

CN dale.pouch.host

All automatically deployed so when we merge it goes live

Now that we proxy everything, there is no need to use couchdb users system, we can store tokens for users in any plain databases that only we have acccess to.

This has the added benefit of meaning we dont need to use couchdb, pouchdb-server will work fine too (in fact, use pouchdb instead of request in the client and we dont need an additional server)

I would like to keep couchdb being the default option for now though

The best part of any project