How to authenticate using php and javascript

Question

I have been at this for weeks and need some direction. I am not using MongoDB or Phoenix, etc. I am using php (Laravel) and the core of my data is JSON. I want to save data right from javascript. So user's data is saving locally in pouchdb, one database per user solution, and synced to a remote pouchdb on a couchdb Bitnami AWS (Amazon Web Server). However, I need authentication to reference that remote pouchdb. There is proxy authentication. I use Curl on Windows to confirm it works so I must have configured it correctly:

curl -X GET "http://127.0.0.1:5984/userdb-7374657665" -H "X-Auth-CouchDB-UserName:steve" -H "X-Auth-CouchDB-Roles:users" -H "X-Auth-CouchDB-Token:a615eaf122de48804df2e554ec63cb6b3014eb4d" -H "Content-Type: application/json; charset=utf-8"

I didn't find this in the API documentation and I understand it can't work due to how security controlled in javascript. The person who posted this referred to "Rails or Phoenix":

    remoteDb = new PouchDB("http://localhost:5984/userdb-7374657665", {
    skipSetup: true, //Database is created when user is created
    ajax: {
        headers: {
            'X-Auth-CouchDB-UserName':'steve',
            'X-Auth-CouchDB-Roles':'users',
            'X-Auth-CouchDB-Token':'a615eaf122de48804df2e554ec63cb6b3014eb4d',
            'Content-Type':'application/json; charset=utf-8'
        }
    }
})
    .on('error', function (err) {
        console.log('error', err);
    });

Note I used php to get the database name that was created when the user is created: $user_db = "userdb-" . bin2hex($user_name); I also figured out the Token using php:

$hash = hash_hmac("sha1", $user_name, $secret);

I ended up using pouchdb.authentication.js library. Good enough for now. Also Alex, what else could I format? — J Chadwick, Jul 18 '18 at 22:24
It's formatted better now but the first version you posted needed severe formatting, that's why I left the comment — Alexander Lallier, Jul 19 '18 at 12:26

score 0 · Answer 1 · answered Jul 19 '18 at 08:55

0

I am not clear what you mean about a remote PouchDB - you do not need PouchDB remotely if you have CouchDB. To authenticate you do not need the PouchDB plugin, you just need to include the username and password when you define the remote database in Javascript like this:

var remotedb = new PouchDB('https://username:password@server/dbname');

This is covered in the PouchDB API documentation for "create database" here.

answered Jul 19 '18 at 08:55

IanC

865
8
11

My bad, that works. I'm not going to worry about proxy authentication. In the pouchdb documentation at [here](https://pouchdb.com/api.html#create_database) they refer to "Options for remote databases", which I take to mean couchdb. – J Chadwick Jul 21 '18 at 14:40
Ok glad it works! Could you accept my answer please? – IanC Jul 22 '18 at 16:22

How to authenticate using php and javascript

1 Answers1