login ui from a couchapp

[Nick]

I've been researching how one should secure a "couch-served app", in 
particular allowing the user to log in but disallowing anonymous reads 
and writes.

Seems like the most useful information I can find is five years old:
https://stackoverflow.com/questions/7389379/how-does-a-user-login-to-a-couchapp-that-has-a-reader-role-defined

Has there been any advance since then, or is a "welcome mat" DB still 
the (only) way to do it within couchdb  without adding a proxy?

Cheers!

Nick