I am trying to set up a CouchDB instance to:
- Not require login at web user interface when to create/edit/delete documents for random people who go to
http://my_couchdb:5984 - Prevent random people from making admin level changes
- Ex: modify design docs, add users or remove pre-existing users
Basically, I would like random people to be something like the members described here: https://docs.couchdb.org/en/2.3.1/api/database/security.html#api-db-security
What settings are necessary to make this happen? Do they live in etc/local.ini?
I would not like to use cookies or individual user databases.
How I Set It Up
I configured CouchDB to have an admin user, boss.
I also made a database bananas: http://my_couchdb:5984/_utils/#database/bananas/_all_docs
What I've Tried So Far
Manipulating require_valid_user in both httpd and chttpd inside etc/local.ini (source) did not work for me, maybe I didn't quite do it right
Per this answer, I tried adding the admin user boss to Permissions --> Admins --> Users of both _users db and bananas db, and it failed to achieve my desired result.
I then removed both of these, and the response of curl $HOST/bananas/_security is now {}.
This answer talks about creating a low-permissions user, but doesn't talk about how to bypass log in.
The below authentication_handler works, but I don't want an Admin Party, so I need a better method.
[chttpd]
authentication_handlers = {couch_httpd_auth, null_authentication_handler}
**Update**
As pointed out by @uminder, out of the box it seems to be possible to make documents without credentials. I ran the following command from a second machine:
curl -X PUT http://my_couchdb:5984/bananas/test -d '{ "name": "test document" }'
And can then view (but not edit) the document by going here:
http://my_couchdb:5984/bananas/test
(Please ignore that the hostname is not actually my_couchdb)
What I need is to use a web UI, without login, to edit that document. Currently, the UI is Fauxton. Here is what I do:
- Go here: http://my_couchdb:5984/_utils/#database/bananas/test
- It redirects to login page here: http://my_couchdb:5984/_utils/#login
How can I not get redirected to login, and just be able to edit the document using the Web UI?
Setup Information
- CouchDB Version:
2.3.1 - OS:
Ubuntu 16.04.3 LTS
Please let me know what other information is needed to arrive at a solution! I am new to configuring CouchDB.
I just locally installed
CouchDB(Single Node Setup) on Windows 10. Then I created anadmin userand abananasdatabase inFauxton.Using
curl, I was able tocreate,updateanddeletedocuments inbananasdatabase without providing any credencials.When trying to create a design document (an index) in
bananashowever, I got an "unauthorized" error with reason "You are not a db or server admin."The result was exactly the same when I installing
CouchDBon another computer within the same subnet. It seems that in these cases, a newly installedCouchDBwith default settings just behaves the way you wish, at least when referring to the tile of your answer.If I had to make my
CouchDBaccessible through a public URL, I would try to change the default security object and enableCORSin thelocal.inifile.Bypassing Web-Interface Login
I don't think Fauxton can be configured to bypass the login page in order to allow anonymous users to directly create, update or delete documents. You would have to create a fork of the couchdb-fauxton project and change the code to fit your needs.
Alternatively you could write you own web-interface (Angular, React, Vue.js ...) that internally uses an existing user for authentication but hides this to the end user.