broerse / ember-cli-blog

Tom Dale's blog example updated for the Ember CLI
86 stars 35 forks source link
authentication couchdb deploy ember ember-cli example filter pagination pouchdb

Myapp

Known Vulnerabilities

This README outlines the details of collaborating on this Ember application.

Working example

https://bloggr.exmer.com/

Prerequisites

You will need the following things properly installed on your computer.

Installation

To get up and running with this project:

Data will be stored in an in memory database and if configured, also replicated to a CouchDB instance.

Optional Installation

To setup CouchDB data replication, configure ENV.remote_couch inside ./config/environment.js to point to your CouchDB location.

To setup a CouchDB instance on your own machine:

Running

Running Tests

Building

Deploy

To deploy to your CouchDB cluster

Authentication

ember-simple-auth-pouch authenticator with custom data adapter to setup push replication after login. See /src/simple-auth/authenticators/pouch.js and /src/data/models/application/adapter.js for further details.

Authorization

CouchDB write protected database:

Registration required example for write permission: Add users in the normal CouchDB way. For example by adding the following document to the _users database:

{
  "_id": "org.couchdb.user:test",
  "name": "test",
  "password": "test",
  "roles": [
    "user"
  ],
  "type": "user"
}

After that you can protect your bloggr database from unauthorized writes by adding the following design document to the bloggr database.

{
  "_id": "_design/only_users_write",
  "validate_doc_update": "function (newDoc, oldDoc, userCtx) {\n\tif (userCtx.roles.indexOf(\"user\") == -1 && userCtx.roles.indexOf(\"_admin\") == -1) {\n\t\tthrow({unauthorized: \"Only registered users can save data!\"});\n\t}\n}"
}

For the free CloudStation you have to create an User and a Database and insert the userdocument from above. Make sure to update your config/environment.js remote_couch and rootURL to match your production settings. Typical rootURL values are / and /yourdb/_design/myapp/_rewrite/ If you run your own CouchDB you can use the Hoodie CouchDB User Management App to create users.

Secret route

There is one secret route setup to demonstrate how to use ember-simple-auth to protect routes. More instructions can be read there.

Further Reading / Useful Links