From 5db3c03ee944d410dd53a8308ca2fdead9ed1514 Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Sun, 18 Oct 2020 21:40:54 +0100 Subject: [PATCH 1/4] couchdb security doc --- packages/server/src/api/controllers/instance.js | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/packages/server/src/api/controllers/instance.js b/packages/server/src/api/controllers/instance.js index fbee2f72f5..e9c39bde66 100644 --- a/packages/server/src/api/controllers/instance.js +++ b/packages/server/src/api/controllers/instance.js @@ -17,6 +17,17 @@ exports.create = async function(ctx) { const { clientId } = await masterDb.get(appId) const db = new CouchDB(instanceId) + await db.put({ + _id: "_security", + admins: { + names: [], + roles: [], + }, + members: { + names: [], + roles: [], + }, + }) await db.put({ _id: "_design/database", metadata: { From cdf82cf479ef08139996444c2e08e16c275eaa9e Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Mon, 19 Oct 2020 00:05:25 +0100 Subject: [PATCH 2/4] cookie based auth for deployment --- .../server/src/api/controllers/deploy/index.js | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/packages/server/src/api/controllers/deploy/index.js b/packages/server/src/api/controllers/deploy/index.js index 327f820a7e..afbe62454f 100644 --- a/packages/server/src/api/controllers/deploy/index.js +++ b/packages/server/src/api/controllers/deploy/index.js @@ -16,7 +16,7 @@ function replicate(local, remote) { }) } -async function replicateCouch({ instanceId, clientId, credentials }) { +async function replicateCouch({ instanceId, clientId, session }) { const databases = [`client_${clientId}`, "client_app_lookup", instanceId] const replications = databases.map(localDbName => { @@ -24,10 +24,16 @@ async function replicateCouch({ instanceId, clientId, credentials }) { const remoteDb = new CouchDB( `${process.env.DEPLOYMENT_DB_URL}/${localDbName}`, { - auth: { - ...credentials, + fetch: function(url, opts) { + opts.headers.set("Cookie", `${session};`) + return CouchDB.fetch(url, opts) }, } + // { + // auth: { + // ...credentials, + // }, + // } ) return replicate(localDb, remoteDb) @@ -92,7 +98,7 @@ exports.deployApp = async function(ctx) { await replicateCouch({ instanceId: ctx.user.instanceId, clientId, - credentials: credentials.couchDbCreds, + session: credentials.couchDbSession, }) await updateDeploymentQuota(credentials.quota) From 7843f544c9ff4fd5385caed838a30362a14af34c Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Mon, 19 Oct 2020 13:30:15 +0100 Subject: [PATCH 3/4] cookie based couchdb auth --- packages/server/src/api/controllers/deploy/index.js | 5 ----- 1 file changed, 5 deletions(-) diff --git a/packages/server/src/api/controllers/deploy/index.js b/packages/server/src/api/controllers/deploy/index.js index 34e237da42..e895a173cd 100644 --- a/packages/server/src/api/controllers/deploy/index.js +++ b/packages/server/src/api/controllers/deploy/index.js @@ -30,11 +30,6 @@ async function replicateCouch({ instanceId, clientId, session }) { return CouchDB.fetch(url, opts) }, } - // { - // auth: { - // ...credentials, - // }, - // } ) return replicate(localDb, remoteDb) From 734fb2c5439a47aad6a7dd725c8a0ba7c9f226e6 Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Mon, 19 Oct 2020 13:31:13 +0100 Subject: [PATCH 4/4] remove security doc --- packages/server/src/api/controllers/instance.js | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/packages/server/src/api/controllers/instance.js b/packages/server/src/api/controllers/instance.js index e9c39bde66..fbee2f72f5 100644 --- a/packages/server/src/api/controllers/instance.js +++ b/packages/server/src/api/controllers/instance.js @@ -17,17 +17,6 @@ exports.create = async function(ctx) { const { clientId } = await masterDb.get(appId) const db = new CouchDB(instanceId) - await db.put({ - _id: "_security", - admins: { - names: [], - roles: [], - }, - members: { - names: [], - roles: [], - }, - }) await db.put({ _id: "_design/database", metadata: {