Closed maxkfranz closed 3 years ago
I did some testing and have noticed two issues:
If I do a PUT statement via a REST client like Insomnia, I noticed that there was an error when the cytoscape-syncher
tried to close the secrets database. This appears to be because the secrets database wasn't initialized. I added this to cytoscape-syncher
to get it to work:
import { COUCHDB_URL } from '../server/env';
...
//line 81
this.secretsDb = new PouchDB(`${COUCHDB_URL}/secrets`);
In the response JSON for creating a new network url
and privateUrl
don't resolve without alteration. Currently the return values are all of this format: http://localhost:3000/document/cyac5bb915-d70c-4f53-9deb-16824da9030e/secret
. I normally expect them to contain the secret included in the response, like so: http://localhost:3000/document/cyac5bb915-d70c-4f53-9deb-16824da9030e/e4cd6eec-9885-4ba2-9e4b-a0bf4c5f7bdc
This is a simplified edit of a previous comment. The previous comment also discussed the editor, which was out of scope for this PR.
I've pushed the two revisions re. POST /api/document
.
Re. the editor: It's not going to show a read-only view until we add that. That would require a complete UI to create/import new networks . It would also require an editable
flag in the editor to disable editing components: While you can't edit a document without the proper secret anyway, we wouldn't want to throw all those errors or give the impression that you can edit at a read-only link.
I added basic read-only view support for our discussion later today
@dotasek, @mikekucera, I've added the restriction we talked about on our call. Users can not access data in the DB outside of documents via /db/*
/db/*
are handled with secrets middleware before being handed off to the HTTP proxy (to CouchDB).next(err)
to stop the progression to the proxy.secrets
DB in CouchDB.X-Secret
HTTP header.demo
and secretdemo
.COUCHDB_USER
andCOUCHDB_PASSWORD
to be set as environment variables for CouchDB server auth. This allows us to use CouchDB in non-admin-party mode, as in v3. IfUSE_COUCH_AUTH
is unset or false, then server assumes CouchDB is in party mode (e.g. for local dev.)