COUCH_DIRECTORY_PORT_5984_TCP_ADDR
- IP of the directory couchdb, defaults to'localhost'
;COUCH_DIRECTORY_PORT_5984_TCP_PORT
- Port of the directory couchdb, defaults to5984
;COUCH_DIRECTORY_DB_NAME
— name of couch database, defaults to'ganomede_directory_test'
;COUCH_DIRECTORY_VIEW_NAME
— name of couch db design to use (source only needs 1 design atm, but in case multiple are needed, we'll need to rethink this);COUCH_DIRECTORY_SYNC
— sync design document, trigger view recalculation and exit:- on process start, we check that design document in database matches the one source code expects. In case this isn't true, app fails to start. To fix the situation, set this env var to any value, start process as usual, wait for it to exit cleanly and restart with this env var unset.
REDIS_AUTH_PORT_6379_TCP_ADDR
- IP of the AuthDB redisREDIS_AUTH_PORT_6379_TCP_PORT
- Port of the AuthDB redisAPI_SECRET
- Give access to private APIsLOG_LEVEL
- See bunyan levels (default: info)
A user has:
- a single, static user id
- a list of aliases, each containing:
- date created
- a type
- a value (spaces are ignored)
- a public status
- a hash encoded password (pbkdf2 or bcrypt)
- a set of authentication tokens
- each with an expiry date
- it's not possible remove an alias from a user.
- it is forever reserved and linked with the user.
- id, individual aliases and individual tokens have to be globally unique.
- here, by aliases I mean tuples (type, value).
Whereas the directory contains the history of all aliases linked to a user, this shouldn't be a public information. Moreover, we wouldn't want some of the aliases, storing things like user emails or facebook ids, to be visible to anyone but the system and the user itself.
As such:
- aliases with public property !== true will only be exported to:
- calls requiring the api secret.
- calls requiring the auth token.
- all public calls (i.e. those not used for administration purpose) will expose the aliases as a map type ⇒ value.
- the value exposed for each type is the last one that was added (based on the created property).
On another note, keep in mind that all aliases values' spaces are removed.
- For password hashing:
- CouchDB:
- One document per user (using the user's id)
- Views to map aliases to a user.
- AuthDB:
- For authentication tokens (a map token ⇒ {username: id})
- Because implementing expiry with Redis is nice and easy.
- Also to keep compatibility with the existing services who expect direct access to a Redis authDB database.
- For authentication tokens (a map token ⇒ {username: id})
{
"secret": "api-secret",
"id": "hrry23",
"password": "user-password",
"aliases": [{
"type": "email",
"value": "harry123@email.com"
}, {
"public": true,
"type": "name",
"value": "HariCo"
}]
}
When:
BadUserId
missing or anything other than non-empty string;BadPassword
password is missing or too short (less than 8 characters);BadAliases
invalid aliases format (type
andemail
are not non-empty strings,public
present but not boolean).
When:
UserAlreadyExistsError
user id is already takenAliasAlreadyExistsError
one of the provided aliases is not available
{
"id": "hrry23"
}
The user with the given id
.
There cannot be more than 1 match (because user ids are globally unique).
{
"id": "hrry23",
"aliases": {
"name": "Harry"
}
}
BadUserId
missing or anything other than non-empty string;
UserNotFoundError
no user with such id
note: this call only exposes public aliases
To add aliases:
{
"secret": "api_secret",
"aliases": [{
"type": "email",
"value": "harry123@email.com"
}]
}
To change the password:
{
"secret": "api_secret",
"password": "my-new-password"
}
NotAuthorized
Invalid / missing secret.
-
BadUserId
missing or anything other than non-empty string; -
when chaning password:
BadPassword
password is missing or too short (less than 8 characters);
-
when adding alias:
-
BadAliases
invalid aliases format (type
andemail
are not non-empty strings,public
present but not boolean). -
BadEditMethod
missingpassword
oraliases
, or both are present at the same time.
UserNotFoundError
no user with such id
Or, like some people call this, login.
{
"id": "happrr",
"password": "my-password"
}
Notes:
API_SECRET
is also considered a valid password- it's possible to specify your own value for
token
: add atoken
field in the request body
{
"id": "hrry23",
"token": "an-authentication-token"
}
InvalidCredentialsError
Invalid user id + password pair.
UserNotFoundError
no user with such id
BadUserId
missing or anything other than non-empty string;BadPassword
password is missing or too short (less than 8 characters);
Return the user for which auth_token
is in user.auth_tokens
. Their should be at most 1 match.
There cannot be more than 1 match (auth tokens are globally unique).
{
"id": "hrry23",
"aliases": {
"name": "Harry",
"email": "harry123@email.com",
"facebook": "12012484843"
}
}
InvalidAuthTokenError
InvalidAuthTokenError
missing / invalid token
UserNotFoundError
token resolved to user id which was not found.
BadUserId
missing or anything other than non-empty string;
note: this call exposes both public and private aliases
Return the user for which (type, value)
is in user.aliases
.
There cannot be more than 1 match (aliases are contrained to be globally unique).
{
"id": "hrry23",
"aliases": {
"name": "Harry"
}
}
UserNotFoundError
alias resolved to user id which was not found.
BadAlias
type or value, or both are something other than non-empty string;
note: this call exposes only public aliases