apache / couchdb-nano Goto Github PK

Original issue

timwis
I'd like to pass a username and password to nano without storing it in the couchdb url string, so that the url string can be used in other parts of the application that require separate authentication. The documentation suggests I can pass an auth object into the requestDefaults property of the initialization object, like this:

var db = require('nano')({
url: 'http://localhost:5984',
requestDefaults: {
auth: { user: 'admin', pass: 'foo' }
}
})
But this seems to have no effect on the request, resulting in the standard 401 unauthorized error. Passing the same user/pass as part of the url (http://admin:foo@localhost:5984) works fine.

In the meantime, I'm getting around this using a function that deconstructs the url, adds in the user/pass, and reconstructs it. But I'd prefer this cleaner approach.

I also tried upgrading the version of request and I think I did it correctly... Am I doing it wrong or is this a bug?

timwis
may be related to #278

Original issue

The question is about supporting couchdb 2.0, see original issue.

Original issue.

jzaefferer
I'm trying to get nano to log all requests while running tests, which are supposed to stub all nano calls. The logging looks like it should do that by providing DEBUG=nano/logger as an env var. Yet it doesn't actually log anything. After some searching I found that lib/logger.js exports a function that returns the logEvent function which then returns a log function. Unfortunately all the log() calls, like this one, end up calling the logEvent function, ignoring the resulting function, causing nothing to be logged.

I can't tell what the intention of that inner log() function is, that seems unnecessary and could be removed. Usually I'd send a PR, but considering #265 I'll hold off on that for now. Maybe an existing contributor (and CLA signee) can just apply the fix (or tell me what I'm doing wrong).

Original issue

chrisfosterelli
CouchDB 2.0 has a _find route that accepts mango queries. We're using the developer preview of Couch 2 and it'd be great if nano could expose this route!

Currently we have to work around nano to use these.

chirsfosterelli
Something like this might work:

const couch = nano(url)
couch.use(db).mango.find({ ... }, (err, results) => {
  // do your thing
})

Original issue

fhahne
I may be missing something here, but it seems that nano is not handling ECONNRESET errors, or other sorts of socket hangups. I assume that one would want to attach an error listener to the request object in order to do so. Since that is all encapsulated in the module I am not quite sure how to archive that. Any suggestions?

bmiller59
+1 I am also getting similar errors. What is the correct strategy for adding an error handler to address these econnreset errors? Also, any suggestions what the cause could be?

0x1mason
can you do something like

require('nano')({
request: function () {
  // request wrapper with special handling
}
})

Typescript is a pretty popular programming language now and it is important to keep the type definitions up to date. I think it would be a lot easier to maintain the definitions if they are in the nano repo.

Would any of the original authors and contributors of the definitions be willing to send us a starting PR for the definitions from DefinitelyTyped

cc @timjacobi @vincekovacs @dsabanin @gyszalai @ccodin @domachine @andy-ms @smithsz

Consider a scenario when you want to upload a document and several attachments to a CouchDB in a single request - a typical example would be uploading a "Couchapp": a design doc with multiple HTML/JS/CSS attachments. This scenario is supported by CouchDB API using Content-Type: multipart/related request. Furthermore, you could expect to leverage Node Streams in order to avoid the necessity of buffering a bunch of files in memory. Unfortunately, the combination of issues in CouchDB and request prevents this.

1. CouchDB has a nasty bug which prevents from using Transfer-Encoding: chunked along with Content-Type: multipart/related. It won't be fixed until 1.7, and its status in 2.x branch is unknown.
2. request uses exactly the Transfer-Encoding: chunked to upload data from Streams. Uh-oh.
3. request could be told explicitly not to use chunked encoding - but then you can't give it any Streams! See docs for a multipart option in request(options, callback). Bummer.

Technically, it should be possible to stream a bunch of attachments, in case where one knows the length of the stream beforehand (which is not a problem when you upload files from a disk). I attempted to add the support for this case in apache/nano#300, but failed miserably because request rightfully thinks it's smarter than me.

Original issue

chrisfosterelli
Related to #dscape/nano/329

To create mango indices to query on, you have to POST http://couchdb/dbname/_index. This isn't possible right now, since nano's insert changes the method to PUT if a document ID is provided.

A temporary workaround is to call the relax method directly, but a better long term solution would be if nano added support for mango index creation.

Something like this might work:

const couch = nano(url)
couch.use(db).mango.createIndex({ ... }, err => {
  // handle err
})

Original issue

hellboy81
I should pipe attachment stream to response stream with correct error handling (missing attachment, etc..)

I am trying to check if attachment exists with db.attachment.head, but I am missing this method in nano

Ha

var attachment = db.attachment.get(documentName, attName, function (err) {
   if (err) {
        if (err.statusCode === 404) {
              // Handle attachment not found
       } else {
             // Handle other error
      }
   }
}

// Still executing even if attachment not found
// Original CouchDB error response is has been sended to client BEFORE callback with error is called
attachment.pipe(res)

hellboy81
As I mentioned db.attachment.get can not work simultaneously with pipe and error handling:

var attachment = db.attachment.get(documentName, attName, function (err) {
   if (err) {
        if (err.statusCode === 404) {
              // Handle attachment not found
       } else {
             // Handle other error
      }
   }

     // Throws error:
     // You cannot pipe after data has been emitted from the response.
     attachment.pipe(res)
}

I am running the official docker image for couchdb on Windows, and it starts right up with my app, the dashboard works, and everything seems fine. The issue is that in my app nano's create db calls do not actually create new databases in the instance. When I manually curl to create via the localhost URL, new databases are created without issue.

I don't get any errors or warnings about this, but the issue feels like some sort of config or auth issue where the lib is either writing to the wrong directory or can't write to the one it is supposed to. I can't really explain it, given I can issue commands directly and it works fine.

Expected Behavior

When I run create(), I should be able to create a new database and view it in the dashboard.

Current Behavior

Calls to create() report no errors, but fail to add a new db to the instance.

Possible Solution

Steps to Reproduce (for bugs)

I can provide the exact proj if you need it, but it is the most vanilla install possible:

Docker compose looks like this:

version: '2'
services:
  hub:
    build: .
    ports:
      - "3000:3000"
    environment:
      - ENVIRONMENT=dev
      - COUCHDB_URL="http://localhost:5984"
  couchdb:
    image: "couchdb"
    ports:
      - "5984:5984"

Nano include looks like this:

const nano = require('nano')(appConfig.dbURL); // dbURL is the localhost:5984

1. Docker-compose up
2. Run node proj
3. Run simple nano create()
4. No errors, just doesn't create a database

Context

Can't use couchdb/nano until this first step works.

Your Environment

• Version used: 1.6.1
• Browser Name and version: Node 8.3.0
• Operating System and version (desktop or mobile): Windows 10 desktop
• Link to your project: https://github.com/decentralized-identity/hubs/tree/master/implementations/node

Calling below function db.get with docname value either undefined, or, null, or empty string, it returns the information of db.
db.get(docname, [params], [callback])

Result:
{ db_name: 'alice',
update_seq: '9-g1AAAAEzeJzLYWBg4MhgTmHgzcvPy09JdcjLz8gvLskBCjMlMiTJ____PyuRAYeCJAUgmWQPVsOES40DSE08fnMSQGrq8arJYwGSDA1ACqhsPiF1CyDq9h 16 if(err) {
NSdwCi7n5WIjtedQ8g6kDuywIAi4xi_w',
sizes: { file: 70863, external: 1322, active: 3753 },
purge_seq: 0,
other: { data_size: 1322 },
doc_del_count: 0,
doc_count: 2,
disk_size: 70863,
disk_format_version: 6,
data_size: 3753,
compact_running: false,
cluster: { q: 8, n: 1, w: 1, r: 1 },
instance_start_time: '0' }

Expected Behavior

If docname is undefined, null, or empty string, the result should be an error like 404 not found. It makes developer hard to find the root cause if he made a mistake to pass docname with empty value.

Current Behavior

The database information is returned.

Possible Solution

Check against the value of docname, and return error if it's undefined or null or ''.

Steps to Reproduce (for bugs)

db.get(undefined, [params], [callback]) or
db.get(null, [params], [callback]) or
db.get('', [params], [callback])

Context

Developer make a mistake and "undefined" passed to docname. It takes time to locate this issue, because function "get" returned database information rather than an Error.

Your Environment

nano 6.4.2

Original issue

mandric
There are two headers, uri and statusCode which are not valid http that are being returned from the httpAgent code see lib/nano.js line 195. This could lead to some sensitive information being leaked to the client if you're just passing headers through from CouchDB. Let me know if you think this is a real problem, I'd be happy to try to come up with a valid patch.

Here's an example:

$ curl -I http://localhost:3333
HTTP/1.1 200 OK
X-Powered-By: Express
etag: "2-8f443270fec4fb34bbc4ebca93a565d3"
date: Tue, 09 Feb 2016 05:24:29 GMT
Content-Type: application/json; charset=utf-8
cache-control: must-revalidate
statusCode: 200
uri: http://admin:secret@localhost:5984/test/foo
Content-Length: 713
Connection: keep-alive

var express = require('express'), 
    db = require('nano')('http://admin:secret@localhost:5984/test'), 
    app = module.exports = express();

app.get('/', function(request,response) {
  db.get('foo', function (error, body, headers) {
    for (var k in headers) {
      response.header(k, headers[k]);
    }
    if (error) {
      return response.status(error.statusCode).send(error.reason);
    }
    response.send(body, 200);
  });
});
app.listen(3333);

Is there a plan to cut a new version to NPM any time soon?

Original issue

satazor
See: http://docs.couchdb.org/en/1.6.1/maintenance/compaction.html#views-cleanup

atomic documentation refers to request.form directly. Instead the method stringifies the object in req.body. So in your update handler, you need to insert:

var body = JSON.parse(req.body);

In addition to this issue with the docs is there any particular reason why the object body is stringified?

Thanks

Original issue

gr2m
Given

a database exists at http://localhost:5984/db-with-security, which is only accessible when signed in
an admin exists with username admin and password secret
And I run this code

var nano = require('nano')

var db = nano({
  url: 'http://localhost:5984/db-with-security',
  requestDefaults: {
    auth: {
      user: 'admin',
      pass: 'secret'
    }
  }
})

db.info(function (error, info) {
  if (error) {
    return console.log(error)
  }
  console.log('info ok.')

  db.follow(function (error) {
    if (error) {
      return console.log(error)
    }

    console.log('follow ok.')
  })
})

I get this error

info ok.
[Error: Bad DB response: {"error":"unauthorized","reason":"You are not authorized to access this db."}]

I've managed to add the user & pass to the CouchDB directly, so don't rely on requestDefaults anymore. But I'd still consider this an issue, from a user expectation perspective.

Original issue

PaulAllan1
Currently the documentation for db.view is as follows:
"db.view(designname, viewname, [params], [callback])

calls a view of the specified design with optional query string additions params. if you're looking to filter the view results by key(s) pass an array of keys, e.g { keys: ['key1', 'key2', 'key_n'] }, as params."

In actual fact what needs to be passed in to filter by keys is more like {keys: [['key1', 'key2', 'key_n']] }. Please update the documentation.

franklinlindemberg
I agree with @PaulAllan1, please update the documentation. I lost much time trying to figure it out.
Regards.

Original issue

MaxXx1313
Hi!
It looks like "follow" library is no more supported. However it's used in this library.
Could you please find a way to apply following patch into it? If you ask me, I think it's a good idea to make your own copy of "follow" lib and support it as well as nano.

iriscouch/follow#83

Thank you

micophilip
I second @MaxXx1313 's motion. There's even open security vulnerabilities that are open against follow which haven't been addressed yet. There's no commit there in over a year.

Original issue

export-mike
Hi I've been using nano and cradle and both libraries seem to have this problem,

possibly this change should be fixed in couchdb.

flatiron/cradle#306

Have you encountered this issue before? How else could it be fixed?

export-mike
update from @janl flatiron/cradle#306 (comment)

chirsfosterelli
For what it's worth, we've dealt with that by doing this:

const validate = function(newDoc, savedDoc, userCtx) {
   // Content here
}.toString()

This results in validate being a stringified function that can be passed to Nano, and babel will not name it.

Hi,

  this.db.view('message', 'by_profile_id', {limit: 50, key: [profileId],  end_key:[profileId, {}]  }, (err, body) => {

Send this to couchdb:

GET /messages/_design/message/_view/by_profile_id?limit=50&key=%5B%2243e89ff24c5285b5d3d4cadd87062871%22%5D&end_key%5B0%5D=43e89ff24c5285b5d3d4cadd87062871 200 ok 1

As you can see the end_key:[profileId, {}] is totally messed up.
Is there a work around for this?

Thanks!

Original issue

justin-hackin
I am new to Cloudant and couchdb so forgive my ignorance, but I'm finding it difficult to understand what you mean by 'docname'. I tried googling what it implied in Cloudant/couchdb but couldn't find anything useful. I have to assume it means the _id property of the record ... by why not say docId then ?

Expected Behavior

The db.list function should return doc metadata based on the ids you pass it, if any.

Current Behavior

With large numbers of docs you instead get:

> { Error: socket hang up
    at createHangUpError (_http_client.js:254:15)
    at Socket.socketOnEnd (_http_client.js:346:23)
    at emitNone (events.js:91:20)
    at Socket.emit (events.js:185:7)
    at endReadableNT (_stream_readable.js:974:12)
    at _combinedTickCallback (internal/process/next_tick.js:74:11)
    at process._tickDomainCallback (internal/process/next_tick.js:122:9)
  name: 'Error',
  scope: 'socket',
  errid: 'request',
  code: 'ECONNRESET',
  description: 'socket hang up',
  stacktrace:
   [ 'Error: socket hang up',
     '    at createHangUpError (_http_client.js:254:15)',
     '    at Socket.socketOnEnd (_http_client.js:346:23)',
     '    at emitNone (events.js:91:20)',
     '    at Socket.emit (events.js:185:7)',
     '    at endReadableNT (_stream_readable.js:974:12)',
     '    at _combinedTickCallback (internal/process/next_tick.js:74:11)',
     '    at process._tickDomainCallback (internal/process/next_tick.js:122:9)' ] }

Steps to Reproduce (for bugs)

Run this (modifying as needed for your local env etc):

const nano = require('nano')('http://admin:pass@localhost:5984');
nano.db.create('too-many-ids');
const db = nano.db.use('too-many-ids');

let ids = [];
for (let i = 0; i < 240; i++) {
  ids.push(`This-is-a-fake-id-${i}`);
}

let result = db.list({ids: ids}, console.log);

At least on my system, and in this test case, 239/240 is when the failure starts.

Context

NB: One clear solution would be to use batching. However, I'm raising this because it seems unintentional.

Your Environment

• Version used: Nano 6.4.0
• CouchDB used: Tested against both 1.6 and 2.0
• Operating System and version (desktop or mobile): MacOS 10.12.5

CouchDB 2.0 now supports bulk querying views via http://docs.couchdb.org/en/2.0.0/api/ddoc/views.html#api-ddoc-view-multiple-queries

Expected Behavior

This would work via the db.view function https://github.com/apache/couchdb-nano#dbviewdesignname-viewname-params-callback

Current Behavior

db.view assumes that it's a GET request, but a POST request is required

Possible Solution

Update db.view to perform a POST request if queries is present in params

It's generally known that callbacks lead to bad code
also promisifying callback functions makes it (slower and) harder to debug given the stack traces

Original issue

osher
Hi,
I was looking for a way to provide timeouts to specific calls, and/or default timeout for all requests.

I concluded that there is no such thing, because searching for "timeout" in nano.js yields nothing (where I expected some entries - at least in the relax function...)

Personally I think that's something that should be facilitated by such a good infrastructure.

If I'm just misreading the picture - I'd be delighted to be directed to how it's done.

If in deed it's not implemented - then - If it fits the spirit here - would you like a PR to add such functionality?

What I propose to do is:
1 - add handling of options.timeout in the relax function
2 - replace access to the higher relax to calls from all methods of doc-scope to calls to an enclosed relax - one that works with the dbName of the "docScope" - and db.timeout.
3 - expose the enclosed relax on docScope so it can be used with the defaults enclosed for it
4 - have the enclosed db.relax uses db.timeout as timeout to pass to higher relax

mmm - I'm not sure what would be more useful: if timeout should compare against begining of accepting content from the server, or a "brutal" timeout - i.e - compares against completion of response...
let me know what you think. We can implement both, however, the 2nd is simpler.

Thoughts?

satazor
I think you can specify the default timeout with requestDefaults, not sure about specifying a timeout for each request.

Original issue

kanongil
Regression in 6.2.0 from c03b552. The patch breaks lookups that has neither qs or callback set.

jo
Thanks for catching this!

WaldoJeffers
Yup, I have the same issue. For example, if do db.viewWithList('design','view','list').pipe(...), I get this error : TypeError: Cannot use 'in' operator to search for 'counts' in undefined.

MatthieuLemoine
I also have this issue when using viewWithList as @WaldoJeffers.

bednie
Still seeing this. Would a PR help?

Original issue

cloidjgreen
This might be just pure ignorance but in attempting to set up CRUD from Angular through Express/nano to CouchDB I of course ran into the need to handle 'Document update conflict'.

There seemed to be no path to resolve the problem through DB.insert. The second parameter accepting only docName at line 372 of nano before assigning the object passed in to qs. I had set up the insert call with DB.insert(req.body,{docNname:'name',headers{'If-Match':'rev#'}},cb(){});

Following the pass off of the insertDoc function in nano to the relax function I found that the code danced all around opts and qs and never included qs.headers into the request header.

So on line 111 of nano I changed
req.headers = _.extend(req.headers, opts.headers, cfg.defaultHeaders);
to
req.headers = _.extend(req.headers, opts.headers, qs.headers, cfg.defaultHeaders);

Now after failing on a DB.insert with a 'Document update conflict' I can get the current doc rev, add the headers object with and appropriate "If-Match" to the PARAMS, second argument to insert, and force the update.

Comments??

jo
The revision does not necessarily have to be in the If-Match header. Just include the revision in the doc body, eg

db.insert({ foo: bar, _rev: '1-asd' }, 'mydoc')

cloidjgreen
Yes I can do that too but reviewing the document and resolving differences does not suit the specific use case I have.

Thanks for the update.

Other than this I have found nano to be very elegant. Makes for a very easy marriage between CouchDB -- Express,

Regards
Cloid

jo
Sorry, I maybe did not understand your use case. Could you explain it further please?

However, I really like the change you propose, because its a minimal change which extends nanos flexibility.

cloidjgreen
Two use cases actually.

I am developing json data templates and as I edit those I am not
inserting a revision field or maintaining it. I want to be able to load
these on system boot and apply updates them through an admin utility so do
not want to have to concern myself with revisions in the case of these
templates.
The application is an collaboration offering system where parties can
negotiate or bid to collaborate and the offering party will have "GOD"
rights over the offer. ( offer and bidding all happening on the same
document. ) So when the offering party decides to accept a collaboration
the offering party will premtively change the state on the offer document
regardless of unseen inputs.
So those are the two things I think I want to do. Not sure it will work
out this way though. It might turn out to be necessary to deal with these
race conditions in a different way.

Still on the learning curve and experimenting continuously.

Regards

Cloid

jo
Although I recommend to use a different data model approach for 2 (see Document Modeling to Avoid Conflicts) you can achieve what you want in current nano by just setting doc._rev. The If-Match header does nothing special than the doc._rev or rev query parameter.

That said you can also supply the revision as a query string:

DB.insert(req.body, { docNname: 'name', rev: 'rev#' }, cb)

Does this help?

PS: While working with express and nano you might also find connect-nano useful.

Original issue

TheHominid
A too long search query results in an error 400 from couchDB (due to GET url length limitations), however if the same query is sent inside the body with a POST call, couchDB works properly.
From the code it seems that nano can only perform search operations over GET and not POST.

Original issue

Not copying the body of the issue since it is a question about how to do something and it contains pictures and other stuff. Refer to the original issue linked on top.

I have noticed that the params object used in the db.view context can be difficult to understand, since the example given doesn't include on at all. I think adding a few more examples will help people more quickly understand what is being asked for there.

Original issue

nacho4d
Hello everyone.
Thanks for this awesome library!

I got the latest version of nano and realized I was not able to update documents anymore when using some old code. I found there were some style changes in commit: 848caf7 that made the API not to work with old code

The exact change can be found here:
848caf7#commitcomment-11989091

I am not sure about the policy for addressing this kind of things. The commit is like 9 months old and since nobody else seems to have noticed this then I guess updating the documentation to highlight this kind of changes would be enough. Otherwise I can make I small pul request to support both :)

The version of nano included in npm, which is currently 6.2.0, doesn't include the uuids method. It doesn't appear the npm version has been updated in about a year.

Edit: Just noticed it's only in master and not included in the 6.2.0 release. Will close out this issue but am still wondering the plan for releasing this feature.

Hi,

I am checking my projects with nsp and get the following findings.

Could you please update dependencies or remove the follow module if possible?
It looks like that the project is no longer active, the same issue was reported on Jun 10, 2016 at the follow project iriscouch/follow#84.
The last commit on master was on May 24, 2015.

https://nodesecurity.io/advisories/309
https://nodesecurity.io/advisories/77

Thanks in advance
Konrad

I'm getting:

Error: Cannot find module 'follow'
at Function.Module._resolveFilename (module.js:469:15)
at Function.Module._load (module.js:417:25)
at Module.require (module.js:497:17)
at require (internal/module.js:20:19)
at Object. (/Users/fred/dev/mycatalog/node_modules/nano/lib/nano.js:21:14)
at Module._compile (module.js:570:32)
at Object.Module._extensions..js (module.js:579:10)
at Module.load (module.js:487:32)
at tryModuleLoad (module.js:446:12)
at Function.Module._load (module.js:438:3)

with nano 6.4.1

looking at package.json, it depends on "cloudant-follow" but require("follow") on line 21.

It would be helpful to provide additional error information in the message Nano outputs for socket or connection errors.

Expected Behavior

Suggest including, for example, reading the error .code and .description and adding it to the message to provide some more useful diagnostics.

{
  code: 'ECONNRESET',
  description: 'socket hang up'
}

err.message -> error happened in your connection ECONNRESET socket hang up

Current Behavior

Currently for a socket/connection error only the err.message is set to error happened in your connection.

err.message -> error happened in your connection

Possible Solution

Could build up the error message to include .code and .description if they are available e.g.

  if (err && err.code) {
    err.message = `${err.message} ${err.code}`;
  }
  if (err && err.description) {
    err.message = `${err.message} ${err.description}`;
  }

Steps to Reproduce (for bugs)

1. Could use nock replyWithError to reproduce e.g.

nock.get(...).replyWithError({'description': 'socket hang up', 'code': 'ECONNRESET'});

Context

Made it hard to debug some connection issues without adding additional output statements to see the underlying cause of the error. Similarly to #54 where the whole error object has been output because the message error happened in your connection is insufficient to identify the issue.

Your Environment

• Version used:

6.4.0

• Browser Name and version:

Node.js 8.2.0

• Operating System and version (desktop or mobile):

macOS 10.12.6

• Link to your project:

https://github.com/cloudant/nodejs-cloudant

Original issue

browndav
In https://github.com/dscape/nano/blob/master/lib/nano.js#L64, (.)@ is being used instead of the non-greedy (.?)@ or ([^@]*)@ – this matches up until the last occurrence of @, rather than the first. If the URL's path component contains a bare @, the entire hostname and a portion of the path could be stripped. For example, scrub('https://foo:bar@host/foo/bar/@quux') will yield "https://XXXXXX:XXXXXX@quux" instead of "https://XXXXXX:XXXXXX@host/foo/bar/@quux".

I can't see any way to exploit this beyond potentially hiding URL contents in logs, but admittedly haven't investigated closely.

I spent several hours trying to figure out how to use the OR condition and accidentally discovered it

Possible Solution

apache/nano#357
I propose to include such explanation in the doc.

Original issue

libHive
This issue rose when working against Cloudant. Their pricing is 5 times cheaper for GET requests than POST requests. I had a lot of requests for small sets of keys, nothing that couldn't go into a query string, and I had made this change in order to keep my bills down.

The actual change was rather small - just adding an optional parameter to the request -

  let exampleQuery = { 
            reduce : true, 
            group : true, 
            keys : [ [a,b], [c,d] ], 
            forceGet: true // this is the parameter I added
        }; 

Do you think this is something that should go into the main branch ?
Thanks

Original issue

danielcobo
It seems the dependency used for following changes in CouchDB could be outdated.

Running npm install nano on a current version of Node will log npm WARN engine [email protected]: wanted: {"node":"0.12.x || 0.10.x || 0.8.x"} (current: {"node":"4.2.2","npm":"2.14.7"})

The issue has been already raised at the repository of the dependency, however it looks like it has not yet been resolved - iriscouch/follow#73

satazor
Getting the same issue. The README points to https://github.com/jhs/follow/blob/master/package.json#L11 which has the issue resolved, but irishcoush's follow is being used instead of jh's fork. I'm confused.

collinsrj
nsp flags this as a security issue:

[email protected] > [email protected] > [email protected] > [email protected]

There is a CVE open against hawk. See here https://nodesecurity.io/advisories/77

I have a composite key view aka key = [id, 0], [id, 1], .... When I use the start_key alias (with underscore), the uri encoding is incorrect. startkey passes the correct encoding.

    db.view(designdoc, viewname, {
        start_key: [req.params.id],
        end_key: [req.params.id, {}],
        include_docs: true,
    }, callback);

(incorrectly) encodes to start_key[0]=id&end_key[0]=id which in fact returns all documents in the view.

    db.view(designdoc, viewname, {
        startkey: [req.params.id],
        endkey: [req.params.id, {}],
        include_docs: true,
    }, callback);

(correctly) encodes to startkey=[id]&endkey=[id, {}] and returns the correct documents.

The current minimum engine version for Nano is Node 0.12. That version is EOL and no longer supported, the oldest LTS stream is the 4.x, although that is only going to be maintained until April 2018 [1].

It also appears that #45 stopped testing Nano on older versions and made 4.x the minimum tested version.

As a result I think it makes sense to increase the minimum engine version to at least 4.

Context

As seen by #62 some of Nano's dependencies (e.g. requests) already specify an engine >=4 and an in-range update of that dependency caused a break for people running nodejs-cloudant and/or Nano on Node 0.12. The changes in #62 will prevent that break, but will also stop further minor version updates of request which may well be needed for vulnerability fixes etc in future (there have been some in Hawk in the past) so I think the change to pin request version can only be a stop-gap.

Expected Behavior

The minimum engine version of Nano should be equal to the greatest minimum engine version of any of the dependencies and should match the oldest tested version.

Current Behavior

The engine version is an EOL, un-maintained version of Node.js (0.12).

Possible Solution

• Update the engine version to >=4, or maybe even >=6 since that will be the oldest maintained LTS in April 2018.
• Re-enable minor version updates of the request dependency.
• I'm not 100% clear from the NPM documentation, but it might be worth considering adding the config: {engine-strict: true} flag to the package.json to by default prevent installing on unsupported engine versions.

Original issue

pjatinsight
Apologies if this is a newbie mistake.

Trying to get back some documents without having to use a view.
I have different documents it the db.

I want to extract the 'schedule' documents...

db.list({type:'schedule'},function(err, body) {
      if (!err) {
        console.log("And got..");
        body.rows.forEach(function(doc) {
          console.log(doc);
        });
        res.json(body.rows);
      }
    });

The 'schedule' documents are like this:

{
       "_id": "emailjob1",
       "_rev": "3-94b1eb8bff5bc64c224ac0a86b4dc2e0",
       "shortname": "EmailJob1",
       "displayname": "Daily at 11am (weekdays only)",
       "type": "schedule",
       "chronstring": "00 30 11 * * 1-5"
    }

But I'm just getting what looks like a random selection of documents back...
Do I need to specify the params in some other way?

kandebonfim
+1

When passing a URL to the parser (from couchdb-bootstrap) it's grabbing the first / it finds and improperly returning a parsed URL when I have a / in my password.

'http://admin:28vBiMbx3h/4=tRPdAfZ7PWrMrxq;BAa+Ru@localhost:5984'

  config: 
   { url: 'http://admin/:28vBiMbx3h',
     db: '4=tRPdAfZ7PWrMrxq;BAa+Ru@localhost:5984',
     defaultHeaders: { 'X-Couch-Full-Commit': 'true' } }

Create a db.index({index:{fields:['field']}}, function(err, body) {...}) to create an index in Couch 2.0

Similar and complimentary to db.find that was recently implemented.

Recently discovered a bug when trying to delete a doc from a CouchDB database. The action of deleting a document with "undefined" inputs actually removes the whole database. The .destroy() call should really be restricted to destroying documents and not the whole DB itself. If an undefined is sent in, I think nano should ideally return an error?

This is a sample code to reproduce what happens:

const nano = require( 'nano' )( CouchDB );
const dbName = nano.db.use( 'dbName' );

dbName.destroy( undefined, undefined, ( err ) => {
//DB is destroyed at this point
} );

Original issue

yawenchien
Version

Cloudant Local 1.0.0.5
Cloudant 1.3 http://github.com/cloudant/nodejs-cloudant
nano 6.1.5
Issue
db.multipart.insert creates doc successfully & correctly in Cloudant Local 1.0.0.5. However, db.multipart.get does not return error code but does not retrieve correct/readable doc.

Workaround
Use https://$HOST/$DATABASE/$DOCUMENT_ID and https://$HOST/$DATABASE/$DOCUMENT_ID/FullContent to retrieve doc & its attachment.

Original issue

BigBlueHat
Right now, if I give couchdb-push (which depends on nano) a URL like http://localhost:5984/mail/bigbluehat-com/byoung it throws the following error:

...\node_modules\couchdb-push\node_modules\couchdb-ensure\index.js:12
  couch.request({
        ^
TypeError: undefined is not a function

If I escape them, however, things work as they should: http://localhost:5984/mail%2Fbigbluehat-com%2Fbyoung

Obviously the escaped version is what CouchDB actually wants, but it'd be nice for the developer to not have to care that much--or go figure out what's needed from that error.

Having this as part of the library would save a bunch of URL parsing boilerplate in other people's code too, fwiw.

Thanks!

Original issue

ceremcem
When I open the example.com/_session, it returns:

{"userCtx":{"roles":["_admin","_reader","_writer"],"name":"demeter"},"ok":true,"info":{"authentication_db":"_users","authentication_handlers":["delegated","cookie","default","local"],"authenticated":"cookie"}}

But when I use the following code:

err, body, headers <- nano.auth user.name, user.password
console.log "err", err
console.log "body: "
console.log body
console.log "headers..."
console.log headers

body returns

{"roles":[],"ok":true,"name":"demeter"}

Which is not correct.

Edit

Following bash script also returns same response with nano:

#!/bin/bash
HOST=https://example.com

curl -vX POST $HOST/_session \
    -H 'Content-Type:application/x-www-form-urlencoded' \
    -H 'Content-Type:application/json' \
    -d 'name=myuser&password=mypassword'

So the problem might not be related with nano itself, it might be a setup issue.

ceremcem
However, following code gets the same correct userCtx with the browser:

require! \nano
conn = nano cfg.url

err, body, headers <- conn.auth cfg.user.name, cfg.user.password
return console.log "err", err if err

if headers and headers.\set-cookie
    cfg.cookie = headers.\set-cookie
else
    return console.error "We got no cookie?", headers

sconn = nano do
    url: cfg.url
    cookie: cfg.cookie

err, session <- sconn.session
return console.error "Err: ", err if err

console.log 'Session is: ', session 

Original issue

While investigating eHealthAfrica/couchdb-bootstrap#28

Original issue

homerjam
Hi,

I've been using pouchdb with a plugin to allow couchdb-lucene to be used locally and cloudant in production - I presume this could be done by extending nano.

However as both extensions are very popular would you consider adding dedicated support for couchdb-lucene also? It would be nice to have a clean, maintained implementation.

Thanks

dscape
Would consider it, can you propose how this would look like in your view?

homerjam
I guess something like:

// usage

var nano = require('nano');

var db = nano({
    url: 'http://localhost:5984/foo',
    searchVendor: nano.CLOUDANT_SEARCH || nano.LUCENE_SEARCH
);


// in nano.js

// declare constants (after line 12)
nano.CLOUDANT_SEARCH = 'cloudant';
nano.LUCENE_SEARCH = 'lucene';

// choose viewPath style (around 474)
var viewPath;

if (meta.type === 'search' && cfg.searchVendor === nano.LUCENE_SEARCH) {
    viewPath = '/_fti/local/' + dbName + '/_design/' + ddoc + '/' + viewName;
} else {
    viewPath = '_design/' + ddoc + '/_' + meta.type + '/'  + viewName;
}

The trouble is that couchdb-lucene uses a different path - normally the database name is at the start but instead it comes after the /_fti/local/ prefix. So this would require some further modification in the relax() function I think.