Couchbase node.js view query password required
I'm running couchbase server CE 2.0.0 on windows. Using node.js with https://github.com/couchbase/couchnode sdk. Basic operations like get/set/inc going well. But when I try to query view through
couchbase.view("mydesign","myview", options , function(err, resp, view) { ... });it return error:
err { [Error: unauthorized] code: 9999, reason: 'password required' }Cocuhbase config looks like:
{
"debug" : false,
"user" : "Administrator",
"password" : "password",
"hosts" : [ "localhost:8091" ],
"bucket" : "mybucket"
}It seems that user and pass not send to rest api url:
http://localhost:8092/mybucket/_design/mydesign/_view/myview
like this way:
http://Administrator:password@localhost:8092/mybucket/_design/mydesign/_view/myview
Lib versions (installed from npm):
├─┬ couchbase@0.0.11 │ ├── bindings@1.0.0 │ └─┬ request@2.11.4 │ ├─┬ form-data@0.0.3 │ │ ├── async@0.1.9 │ │ └─┬ combined-stream@0.0.3 │ │ └── delayed-stream@0.0.5 │ └── mime@1.2.7 Libcouchbase Windows, 64-bit MSVC 10 2.0.3
Here is code from bucket.js from this lib:
var url = restHost() +
[config.bucket, "_design", ddoc,
"_view", name].map(encodeURIComponent).join('/') +
'?' + qs.stringify(query);
return request(url, function(err,resp,body) {
restHandler(callback,err,resp,body);
});Here
url cames without any auth params.
Here is code of restHost():
function restHost()
{
// distribute queries across the cluster randomly
return viewHosts[Math.floor(Math.random() * viewHosts.length)];
}Also no auth. So if apply dirty hack with user and pass it will work well:
function restHost()
{
// distribute queries across the cluster randomly
return (viewHosts[Math.floor(Math.random() * viewHosts.length)]).replace("http://","http://Administrator:password@");
}As I see code on github differs from npm package. Is this bug already fixed or it will be fixed in near future?
Yes, mybucket uses password "password". I've tried such config:
{
"debug" : false,
"hosts" : [ "localhost:8091" ],
"bucket" : "mybucket",
"password" : "password"
}But with this conf couchbase client fails to start:
couchbase.connect(require(__dirname + '/conf/couchbase.json'), function onCBConnect(err, cb){
if (err){
console.log("Couchbase: error", err);
}
});Error:
{ [Error: Connect Error]
code: 'HTTP/1.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm="Couchbase Server Admin / REST"\r\nServer: Couchbase Server 2.0.0-1976-rel-community\r\nPragma: no-cache\r\nDate: Fri, 22 Mar 2013 09:22:07 GMT\r\nContent-Length: 0\r\nCache-Control: no-cache'Even if I try to access view via rest api in browser
http://localhost:8092/mybucket/_design/mydesign/_view/myview?stale=false&connection_timeout=60000&limit=10&skip=0
it also requires login and password (http auth). If I cancel that auth it also throws error:
{"error":"unauthorized","reason":"password required"}As far as I remember in CB 2.0 DP4 there was no requirements for auth via rest api (you could acces to url, mentioned above, witout any passwords). Then it became required in beta.
And another thing. After applying that *hack* to restHost() function
function restHost()
{
// distribute queries across the cluster randomly
return (viewHosts[Math.floor(Math.random() * viewHosts.length)]).replace("http://","http://Administrator:password@");
}It works almost well. In your example app http://tugdualgrall.blogspot.com/2012/11/building-chat-application-using... you accessing to view.rows in this code:
socket.on('showhistory', function(limit,startkey) {
limit = (limit == undefined || limit == 0)? 5 : limit;
var options = {"descending": "true", "limit" : limit, "stale" : "false"};
if (startkey > 0) {
options.startkey = startkey-1;
}
couchbase.view("chat","message_hisory", options , function(err, resp, view) {
var rows = view.rows;
var keys = new Array();
for( var i = 0; i < rows.length ; i++ ) {
keys.push( rows[i].id );
}
couchbase.get(keys,function(err, doc, meta) {
socket.emit('updateChatWindow', doc, true);
});
});
})But in my case view variable is undefined and data cames in resp variable as array:
resp [ { id: 'chat:umsg:10',
key: [ 1, 2, 1363877170115 ],
value: 'piw15' },
{ id: 'chat:umsg:9',
key: [ 1, 2, 1363877155267 ],
value: 'piw14' } ]I'm having the same issue. There is a password set for my bucket and in order to make the initial connection, both "user" and "password" need to be set using the bucket name for the "user" value. It will not connect when only providing the password.
var couchConfig = { hosts: ["localhost:8091"], user: "myBucket", password: "foobar", bucket: "myBucket" }
Other operations like get(), add() and touch() work fine, but I get the same error as SkeLLLa when trying to call view().
Oh.. I've discovered something (at least it's new for me). While accessing to the bucket via rest api url should look like http://username:password@api_url:8092/bucket_name ...
Here pair username:password could be Admin login and pass (that's used for loggin in to web interface) or it could be bucket_name:bucket_pass.
So to make this config less confusing it should be like:
{
"hosts": ["localhost:8091"],
"user": "Admin",
"password": "Admins_pass",
"bucket": {"name":"myBucket", "password":"bucket_pass"
} In code that lies on github I can't see function that respond for querying view (may be it's moved to libcouchbase bindings).
But for couchnode v0.0.11 (lastest from npm) here is fixed function for bucket.js:
function updateClusterMap(callback) {
var uiHost = connection.getRestUri();
request("http://" + uiHost + "/pools/"+encodeURIComponent(config.bucket),
function(err, resp, clusterMap) {
if (err) {
throw(err);
}
viewHosts = clusterMap.nodes.map(function(info) {
return info.couchApiBase.replace("http://", "http://" + config.bucket + ":" + config.bucket_password + "@");
});
if (callback) {
callback();
}
});
}Here couchApiBase var comes like 'http://IP:8092/', so we need to pass bucket name and password here.
Config should look like:
{
"hosts": ["localhost:8091"],
"user": "Admin",
"password": "Admins_pass",
"bucket": "myBucket",
"bucket_password":"bucket_pass"
} This issue seems to be fixed in couchnode version 0.0.12 (though I couldn't find anything in the github commit history to prove this).
In any case, after installing the latest via npm, I am now able to use bucket.view on sasl protected buckets.
The correct configuration for SASL protected buckets is shown in my first post. The admin user and password combo should only be used for administrative rest api operations like changing ram quotas, creating buckets, etc. The bucket name and bucket password should be used for app level operations.
Think of the admin credentials as a MYSQL login with root privileges and the bucket name / bucket password combo as a MYSQL application user with limited privileges. There is no reason to give developers administrative permissions if all they are doing is storing and retrieving data.
Hello,
The Administrator user and password are used usually only for "administration" tasks. (for example if you want to create buckets, views, ... from your application)
When you are coding your application, you should only use :
- the Bucket password (or no password)
Do you have a password on your bucket ("mybucket")?
- if not password you should just connect with
{ "debug" : false, "hosts" : [ "localhost:8091" ], "bucket" : "mybucket" }- if you have a password use
{ "debug" : false, "hosts" : [ "localhost:8091" ], "bucket" : "mybucket" "password" : "password" }This should be enough.
Let me know
Regards
Tug
@tgrall