COUCH_DIRECTORY_PORT_5984_TCP_ADDR- IP of the directory couchdb, defaults to'localhost';COUCH_DIRECTORY_PORT_5984_TCP_PORT- Port of the directory couchdb, defaults to5984;COUCH_DIRECTORY_DB_NAME— name of couch database, defaults to'ganomede_directory_test';COUCH_DIRECTORY_VIEW_NAME— name of couch db design to use (source only needs 1 design atm, but in case multiple are needed, we'll need to rethink this);COUCH_DIRECTORY_SYNC— sync design document, trigger view recalculation and exit:- on process start, we check that design document in database matches the one source code expects. In case this isn't true, app fails to start. To fix the situation, set this env var to any value, start process as usual, wait for it to exit cleanly and restart with this env var unset.
REDIS_AUTH_PORT_6379_TCP_ADDR- IP of the AuthDB redisREDIS_AUTH_PORT_6379_TCP_PORT- Port of the AuthDB redisAPI_SECRET- Give access to private APIsLOG_LEVEL- See bunyan levels (default: info)
A user has:
- a single, static user id
- a list of aliases, each containing:
- date created
- a type
- a value (spaces are ignored)
- a public status
- a hash encoded password (pbkdf2 or bcrypt)
- a set of authentication tokens
- each with an expiry date
- it's not possible remove an alias from a user.
- it is forever reserved and linked with the user.
- id, individual aliases and individual tokens have to be globally unique.
- here, by aliases I mean tuples (type, value).
Whereas the directory contains the history of all aliases linked to a user, this shouldn't be a public information. Moreover, we wouldn't want some of the aliases, storing things like user emails or facebook ids, to be visible to anyone but the system and the user itself.
As such:
- aliases with public property !== true will only be exported to:
- calls requiring the api secret.
- calls requiring the auth token.
- all public calls (i.e. those not used for administration purpose) will expose the aliases as a map type ⇒ value.
- the value exposed for each type is the last one that was added (based on the created property).
On another note, keep in mind that all aliases values' spaces are removed.
- For password hashing:
- CouchDB:
- One document per user (using the user's id)
- Views to map aliases to a user.
- AuthDB:
- For authentication tokens (a map token ⇒ {username: id})
- Because implementing expiry with Redis is nice and easy.
- Also to keep compatibility with the existing services who expect direct access to a Redis authDB database.
- For authentication tokens (a map token ⇒ {username: id})
{
"secret": "api-secret",
"id": "hrry23",
"password": "user-password",
"aliases": [{
"type": "email",
"value": "harry123@email.com"
}, {
"public": true,
"type": "name",
"value": "HariCo"
}]
}When:
BadUserIdmissing or anything other than non-empty string;BadPasswordpassword is missing or too short (less than 8 characters);BadAliasesinvalid aliases format (typeandemailare not non-empty strings,publicpresent but not boolean).
When:
UserAlreadyExistsErroruser id is already takenAliasAlreadyExistsErrorone of the provided aliases is not available
{
"id": "hrry23"
}The user with the given id.
There cannot be more than 1 match (because user ids are globally unique).
{
"id": "hrry23",
"aliases": {
"name": "Harry"
}
}BadUserIdmissing or anything other than non-empty string;
UserNotFoundErrorno user with such id
note: this call only exposes public aliases
To add aliases:
{
"secret": "api_secret",
"aliases": [{
"type": "email",
"value": "harry123@email.com"
}]
}To change the password:
{
"secret": "api_secret",
"password": "my-new-password"
}NotAuthorizedInvalid / missing secret.
-
BadUserIdmissing or anything other than non-empty string; -
when chaning password:
BadPasswordpassword is missing or too short (less than 8 characters);
-
when adding alias:
-
BadAliasesinvalid aliases format (typeandemailare not non-empty strings,publicpresent but not boolean). -
BadEditMethodmissingpasswordoraliases, or both are present at the same time.
UserNotFoundErrorno user with such id
Or, like some people call this, login.
{
"id": "happrr",
"password": "my-password"
}Notes:
API_SECRETis also considered a valid password- it's possible to specify your own value for
token: add atokenfield in the request body
{
"id": "hrry23",
"token": "an-authentication-token"
}InvalidCredentialsErrorInvalid user id + password pair.
UserNotFoundErrorno user with such id
BadUserIdmissing or anything other than non-empty string;BadPasswordpassword is missing or too short (less than 8 characters);
Return the user for which auth_token is in user.auth_tokens. Their should be at most 1 match.
There cannot be more than 1 match (auth tokens are globally unique).
{
"id": "hrry23",
"aliases": {
"name": "Harry",
"email": "harry123@email.com",
"facebook": "12012484843"
}
}InvalidAuthTokenError
InvalidAuthTokenErrormissing / invalid token
UserNotFoundErrortoken resolved to user id which was not found.
BadUserIdmissing or anything other than non-empty string;
note: this call exposes both public and private aliases
Return the user for which (type, value) is in user.aliases.
There cannot be more than 1 match (aliases are contrained to be globally unique).
{
"id": "hrry23",
"aliases": {
"name": "Harry"
}
}UserNotFoundErroralias resolved to user id which was not found.
BadAliastype or value, or both are something other than non-empty string;
note: this call exposes only public aliases