This would be nice but not every replication request happens through the HTTP layer. Local replications have no notion of a request so I'm not sure what you'd put in there.
On Mon, May 28, 2012 at 4:26 PM, Luca Matteis <[email protected]> wrote: > Yes, I already use update handlers for the voting, but as you said, > someone could easily bypass it by directly updating the document. > > I mean, validate_doc_update's already contain logic that restrict > certain actions based on the userCtx (which is some information > contained in the request), so why not give the IP address of the > request as well? This would allow the creation of even more powerful > Couchapps. > > On Mon, May 28, 2012 at 5:46 PM, Robert Newson <[email protected]> wrote: >> You can achieve this with an update handler >> (http://wiki.apache.org/couchdb/Document_Update_Handlers) but it could >> be bypassed by a savvy user. I don't see why a validate_doc_update >> function couldn't enforce this it if had access to the req object. I'm >> +1. >> >> B. >> >> On 28 May 2012 16:06, Luca Matteis <[email protected]> wrote: >>> Sure. For example I'm allowing my users to vote on certain "items" in >>> my database. This will allow me to understand the amount of >>> satisfaction of these items. I can easily validate and make sure each >>> user is commenting only once, however, someone might simply create a >>> new account and re-vote for that item. This defeats the purpose of the >>> voting system. >>> My solution would be to check based on the IP of the voter, no matter >>> what user they're logged in with. >>> >>> Does this make sense? Thanks. >>> >>> On Mon, May 28, 2012 at 3:50 PM, Robert Newson <[email protected]> wrote: >>>> I fear I've derailed this thread, so let's shelve the [email protected] >>>> idea for another time and thread. >>>> >>>> To address the original question; >>>> >>>> "I have a scenario where I'm building a CouchApp that needs to deny >>>> certain behavior from happening based on the user's IP address. >>>> Would it be good to consider this as a new feature to be implemented?" >>>> >>>> Being able to build richer applications within the 2-tier couchapp >>>> model is a project goal so I'm generally for the proposal to expose >>>> the req object in VDU (since you can access it in show and list and it >>>> seems to break nothing). I suspect the full feature set required for >>>> your application to not require a proxy or firewall has not been >>>> spelled out in detail and, I further suspect, some of it will be >>>> better done with a firewall. >>>> >>>> Could you expand on the 'certain behavior' that should be restricted >>>> based on IP? A few examples would help. >>>> >>>> B. >>>> >>>> On 28 May 2012 14:38, Simon Metson <[email protected]> wrote: >>>>> Hi, >>>>> >>>>> >>>>> On Monday, 28 May 2012 at 14:12, Robert Newson wrote: >>>>> >>>>>> The other proposal might be to allow the granting of >>>>>> rights by IP address, much as MySQL does. In fact, I believe this idea >>>>>> is part of the Summit proposal to enhance our security model. I should >>>>>> be able to grant _admin rights to a user if and only if they come from >>>>>> 127.0.0.1, for example. >>>>> >>>>> We wrote something like this for our deployment at CERN. I thought it had >>>>> been contributed back to the trunk, but maybe it got lost along the way. >>>>> I'll see if I can find out the status of it. >>>>> Cheers >>>>> Simon
