CouchDB Fauxton Web Interface: how to not require login to create/edit documents

0
votes

I am trying to set up a CouchDB instance to:

  • Not require login at web user interface when to create/edit/delete documents for random people who go to http://my_couchdb:5984
  • Prevent random people from making admin level changes
    • Ex: modify design docs, add users or remove pre-existing users

Basically, I would like random people to be something like the members described here: https://docs.couchdb.org/en/2.3.1/api/database/security.html#api-db-security

What settings are necessary to make this happen? Do they live in etc/local.ini?

I would not like to use cookies or individual user databases.

How I Set It Up

I configured CouchDB to have an admin user, boss.

I also made a database bananas: http://my_couchdb:5984/_utils/#database/bananas/_all_docs

What I've Tried So Far

Manipulating require_valid_user in both httpd and chttpd inside etc/local.ini (source) did not work for me, maybe I didn't quite do it right

Per this answer, I tried adding the admin user boss to Permissions --> Admins --> Users of both _users db and bananas db, and it failed to achieve my desired result.

I then removed both of these, and the response of curl $HOST/bananas/_security is now {}.

This answer talks about creating a low-permissions user, but doesn't talk about how to bypass log in.

The below authentication_handler works, but I don't want an Admin Party, so I need a better method.

[chttpd]
authentication_handlers = {couch_httpd_auth, null_authentication_handler}

**Update**

As pointed out by @uminder, out of the box it seems to be possible to make documents without credentials. I ran the following command from a second machine:

curl -X PUT http://my_couchdb:5984/bananas/test -d '{ "name": "test document" }'

And can then view (but not edit) the document by going here:

http://my_couchdb:5984/bananas/test

Going to URL direct

(Please ignore that the hostname is not actually my_couchdb)

What I need is to use a web UI, without login, to edit that document. Currently, the UI is Fauxton. Here is what I do:

  1. Go here: http://my_couchdb:5984/_utils/#database/bananas/test
  2. It redirects to login page here: http://my_couchdb:5984/_utils/#login

Redirect to login page

How can I not get redirected to login, and just be able to edit the document using the Web UI?

What I Want

Setup Information

  • CouchDB Version: 2.3.1
  • OS: Ubuntu 16.04.3 LTS

Please let me know what other information is needed to arrive at a solution! I am new to configuring CouchDB.

1
authenticationcouchdbcouchdb-2.0fauxton

1 Answers

2
votes

I just locally installed CouchDB (Single Node Setup) on Windows 10. Then I created an admin user and a bananas database in Fauxton.

Using curl, I was able to create, update and delete documents in bananas database without providing any credencials.

curl -X PUT http://127.0.0.1:5984/bananas/1 -d '{ "name": "doc 1"  }' 
curl -X PUT http://127.0.0.1:5984/bananas/1 -d '{ "name": "doc 2", "_rev": "1-5cd56a944d3d59a44613269396365431" }'
curl -X DELETE http://127.0.0.1:5984/bananas/1?rev=3-2b34329467970cc792cee5931a68ca2e

When trying to create a design document (an index) in bananas however, I got an "unauthorized" error with reason "You are not a db or server admin." 

curl -X PUT http://127.0.0.1:5984/bananas/_design/name_idx -d '{ "index": { "fields": ["name"] } }

The result was exactly the same when I installing CouchDB on another computer within the same subnet. It seems that in these cases, a newly installed CouchDB with default settings just behaves the way you wish, at least when referring to the tile of your answer.

If I had to make my CouchDB accessible through a public URL, I would try to change the default security object and enable CORS in the local.ini file.

[couchdb]
default_security = everyone 

[httpd]
enable_cors = true

[cors]
origins = *
methods = GET,POST,PUT,DELETE
credentials = false

Bypassing Web-Interface Login

I don't think Fauxton can be configured to bypass the login page in order to allow anonymous users to directly create, update or delete documents. You would have to create a fork of the couchdb-fauxton project and change the code to fit your needs.

Alternatively you could write you own web-interface (Angular, React, Vue.js ...) that internally uses an existing user for authentication but hides this to the end user.