Nick Vatamaniuc [Thu, 16 Mar 2017 02:36:56 +0000 (22:36 -0400)] 
Merge branch 'couchdb-2992'
Closes #157
Nick Vatamaniuc [Mon, 13 Mar 2017 06:22:19 +0000 (02:22 -0400)]
Allow limiting maximum document body size
This is the HTTP layer and some tests. The actual checking is done in couch
application's from_json_obj/1 function.
If a document is too large it will return a 413 response code. The error reason
will be the document ID. The intent is to help users identify the document if
they used _bulk_docs endpoint. It will also help replicator skip over documents
which are too large.
COUCHDB-2992
Nick Vatamaniuc [Wed, 8 Mar 2017 00:13:53 +0000 (19:13 -0500)]
Merge remote-tracking branch 'cloudant/64299-add-new-request-parameter'
Close #156
Nick Vatamaniuc [Tue, 7 Mar 2017 23:01:33 +0000 (18:01 -0500)]
Rename max_document_size to max_http_request_size
`max_document_size` is implemented as `max_http_request_size`. There was no
real check for document size. In some cases the implementation was close enough
of a proxy (PUT-ing and GET-ing single docs), but in some edge cases, like
_bulk_docs requests the discrepancy between request size and document size
could be rather large.
The section was changed accordingly from `couchdb` to `httpd`. `httpd` was
chosen as it applies to both clustered as well as local interface.
There is a parallel effort to implement an actual max_document_size check. The
set of commit should be merged close enough together to allow for a backwards
compatible transition.
COUCHDB-2992
ILYA Khlopotov [Thu, 9 Feb 2017 21:58:44 +0000 (13:58 -0800)] 
Merge remote branch 'cloudant:couchdb-3293'
This closes #155
Signed-off-by: ILYA Khlopotov <iilyak@apache.org>
ILYA Khlopotov [Thu, 9 Feb 2017 21:36:39 +0000 (13:36 -0800)]
Mock config module in tests
The tests in chttpd_db_bulk_get_test do not start config app.
The change in https://github.com/apache/couchdb-couch/pull/226
introduces call to config app.
Make sure we mock config so the tests pass.
COUCHDB-3293
Tony Sun [Wed, 1 Feb 2017 21:23:26 +0000 (13:23 -0800)] 
Introduce 503 error when nodes are all unavailable.
In rare situations when all nodes are down or in maintenance mode and
no workers can service a request, we return a 503 to the user.
COUCHDB-3289
Tony Sun [Wed, 1 Feb 2017 21:14:42 +0000 (13:14 -0800)]
Handle error return clauses for fabric:open_revs
When calling fabric:open_revs, we don't account for situations where
the function returns an {error, any()} value as specified by the
function specification. This will account for errors thrown.
COUCHDB-3289
lazedo [Wed, 4 Jan 2017 18:45:31 +0000 (18:45 +0000)] 
allow w parameter for attachments
Fabian Ising [Thu, 8 Dec 2016 14:58:32 +0000 (15:58 +0100)] 
Fix missing ampersand in rewritten queries
Robert Newson [Thu, 1 Dec 2016 15:20:38 +0000 (15:20 +0000)] 
Merge default update response headers with custom ones
This was not ported to chttpd and so wasn't really fixed in 2.0
COUCHDB-1447
ILYA Khlopotov [Sat, 12 Nov 2016 00:21:20 +0000 (16:21 -0800)]
Merge remote branch 'cloudant:71810-handle-errors-terms-from-fabric'
This closes #146
Signed-off-by: ILYA Khlopotov <iilyak@apache.org>
ILYA Khlopotov [Thu, 13 Oct 2016 22:02:20 +0000 (15:02 -0700)]
Handle error terms from fabric
The fabric returns errors as {Class, Reason, Stack}
(see fabric_util:error_info/2).
Add the clause to error_info to handle it.
COUCHDB-3195
Eric Avdey [Fri, 11 Nov 2016 23:13:46 +0000 (19:13 -0400)] 
Merge remote branch 'cloudant:78077-pass-user_ctx_to_filter'
This closes #150
Signed-off-by: Eric Avdey <eiri@eiri.ca>
Eric Avdey [Fri, 11 Nov 2016 14:56:23 +0000 (10:56 -0400)]
Include user_ctx in db open options
Nick Vatamaniuc [Wed, 9 Nov 2016 02:59:30 +0000 (21:59 -0500)]
Add ability to return a "features" list in the welcome message.
This could help users quickly discover the presence of an API or mode of
operation.
Features are obtained from a new config API `config:features/0`
System components can enable features via `config:enable_feature/1` API, or
users can directly enable features in the .ini files, and those features
should show up in the "Welcome" message.
COUCHDB-3180
Eric Avdey [Fri, 4 Nov 2016 14:36:57 +0000 (11:36 -0300)]
Merge remote branch 'cloudant:fix-cors-max_age'
This closes #110
Signed-off-by: Eric Avdey <eiri@eiri.ca>
Eric Avdey [Tue, 22 Mar 2016 18:29:44 +0000 (15:29 -0300)]
Remove an unused test's var to avoid a warning
Eric Avdey [Tue, 22 Mar 2016 18:03:45 +0000 (15:03 -0300)]
Fix CORS max_age configuration parameter
Header "Access-Control-Max-Age" used by a browser to define
for how long to keep preflight request's response cached.
This fix makes this parameter configurable through config section
[cors], attribute max_age.
Mayya Sharipova [Thu, 3 Nov 2016 23:46:05 +0000 (19:46 -0400)] 
HTTP code 500 instead of 400 for invalid key during document creation
The wrong status code is returned when creating or updating a document
with an invalid key.
Returns:
{u'reason': u'Bad special document member: _invalid_key', u'error':
u'doc_validation'}
HTTPError: 500 Server Error: Internal Server Error
Expected: 400 Bad Request error
COUCHDB-3222
Mayya Sharipova [Wed, 2 Nov 2016 16:40:48 +0000 (12:40 -0400)]
handle timeout in _revs_diff
when fabric workers timeout,
fabric:get_missing_revs returns {error,timeout}
this handles timeout errors
COUCHDB-3220
Robert Newson [Wed, 19 Oct 2016 11:19:32 +0000 (12:19 +0100)]
return a binary so the existing tests pass
Daniel Münch [Sat, 15 Oct 2016 18:16:53 +0000 (20:16 +0200)] 
Make auth handlers configurable.
Nick Vatamaniuc [Thu, 6 Oct 2016 21:26:39 +0000 (17:26 -0400)]
Merge branch 'couchdb-3174'
Robert Newson [Wed, 5 Oct 2016 20:57:16 +0000 (21:57 +0100)]
Pass user context when opening doc in db_attachment_req
COUCHDB-3181
ILYA Khlopotov [Wed, 5 Oct 2016 17:01:49 +0000 (10:01 -0700)]
Merge remote branch 'cloudant:69425-handle-truncated-req-in-recv_body'
This closes #140
Signed-off-by: ILYA Khlopotov <iilyak@apache.org>
ILYA Khlopotov [Thu, 22 Sep 2016 23:19:39 +0000 (16:19 -0700)]
Handle disconnect when receiving body
When any error happen on an underlying socket mochiweb uses
exit(normal). Add catch for exit:normal and convert it to
exit({bad_request, <<"Incomplete">>}).
COUCHDB-3158
Nick Vatamaniuc [Tue, 4 Oct 2016 06:58:32 +0000 (02:58 -0400)]
Add max_document_size checking for multipart PUT requests
Previously multipart/related PUT requests didn't check maximum request sizes.
This commit checks content-length and compares that with the maximum.
This means keeping the current "semantics" of max_document_size which actually
means "max request size". But this makes the check more efficient and can
be done earlier in request processing time.
PR depends on https://github.com/apache/couchdb-couch/pull/201 make sure to
merge that one first if accepted.
Jira: COUCHDB-3174
Robert Newson [Tue, 27 Sep 2016 22:44:54 +0000 (23:44 +0100)]
Fix eventsource timeout handling
COUCHDB-3164
Robert Newson [Tue, 27 Sep 2016 15:15:44 +0000 (16:15 +0100)]
Fix SSL defaults
Three properties had their defaults changed to a value that
couch_util:parse_terms throws up on.
"nil" was changed to undefined in COUCHDB-2561 as part of normalising
the config API. The change from list to atom was a mistake.
COUCHDB-3162
Robert Newson [Fri, 23 Sep 2016 11:52:34 +0000 (12:52 +0100)]
Merge remote-tracking branch 'will/3090-handle-empty-access-control-request-headers'
Robert Newson [Sat, 10 Sep 2016 18:12:34 +0000 (19:12 +0100)]
Canonicalise ETag response headers
Robert Newson [Wed, 7 Sep 2016 13:03:17 +0000 (14:03 +0100)]
don't send random etag for _list (COUCHDB-3134)
Robert Newson [Wed, 7 Sep 2016 12:08:29 +0000 (13:08 +0100)]
Etag's require quotes (COUCHDB-3134)
Joan Touzet [Fri, 2 Sep 2016 10:29:02 +0000 (06:29 -0400)] 
Merge branch '2.0-suppress-user-not-found-warning' of https://github.com/wohali/couchdb-chttpd
Robert Newson [Fri, 2 Sep 2016 10:25:09 +0000 (11:25 +0100)]
Merge remote-tracking branch 'will/3017-ETag-not-unique'
Joan Touzet [Fri, 2 Sep 2016 03:58:37 +0000 (23:58 -0400)] 
Drop logging level for "no record of user %s"
This warning is tripped primarily when an admin is defined in local.ini
and has no associated _users document. This can happen fairly often in
development and testing setups, meaning that every other line in the
logfile is "no record of user admin".
The right thing to do here might be to check if the currently defined
user is a local admin and only complain in that situation, but presently
chttpd only directly depends on couch_auth_cache and to do so would
require unencapsulating how couch_auth_cache handles ini file defined
admin users vs. authentication database users, which feels wrong.
Change suggested by @janl in #couchdb-dev IRC.
Robert Newson [Thu, 1 Sep 2016 10:53:00 +0000 (11:53 +0100)]
fix compilation warning
ILYA Khlopotov [Tue, 23 Aug 2016 21:59:31 +0000 (14:59 -0700)] 
Merge remote branch 'cloudant:3102-fix-config_subscription'
This closes #137
Signed-off-by: ILYA Khlopotov <iilyak@ca.ibm.com>
ILYA Khlopotov [Wed, 17 Aug 2016 18:37:54 +0000 (11:37 -0700)]
Update handle_config_terminate API
COUCHDB-3102
Robert Newson [Thu, 11 Aug 2016 11:28:05 +0000 (12:28 +0100)]
Merge remote-tracking branch 'cloudant/2779-view-cleanup-cluster-aware'
Robert Newson [Thu, 11 Aug 2016 09:52:24 +0000 (10:52 +0100)]
Implement clustered _compact endpoint
COUCHDB-3099
Will Holley [Mon, 1 Aug 2016 16:57:44 +0000 (17:57 +0100)] 
Handle empty "Access-Control-Request-Headers" header
When "Access-Control-Request-Headers" is empty, return an empty
"Access-Control-Allow-Headers" in the response. This is the same
behaviour as when the "Access-Control-Request-Headers" header is
omitted from the request entirely.
Fixes COUCHDB-3090
Robert Newson [Wed, 27 Jul 2016 18:24:12 +0000 (19:24 +0100)]
Don't set "authenticated" if party_mode_handler sets user context
Patch suggested by Ilya.
COUCHDB-3084
Paul J. Davis [Mon, 25 Jul 2016 17:28:50 +0000 (12:28 -0500)] 
Format the changes listener exit Reason
Nick Vatamaniuc [Thu, 21 Jul 2016 21:48:15 +0000 (17:48 -0400)] 
In a multi-query view request, set view type for each query
Namely, a default `reduce` view type can be overridden to behave like a `map`,
if user explicitly sets `reduce=false`.
Previously this didn't happen. For example, a query like this:
```
{
"queries": [{
"include_docs": true,
"reduce": false
}]
}
```
would fail with:
```
{"error":"query_parse_error","reason":"`include_docs` is invalid for reduce"}
```
but it shouldn't, because user explicitly disabled `reduce` and now
`include_docs` is valid for a map view.
To fix, make sure to call `set_view_type` for each query's args.
Jira: COUCHDB-3070
Paul J. Davis [Fri, 22 Jul 2016 10:14:56 +0000 (05:14 -0500)]
Update logging for new couch_log
The nonce is now included in all log messages when its set. The order of
host and client are also swapped to make more sense.
Robert Newson [Tue, 12 Jul 2016 12:23:05 +0000 (13:23 +0100)]
Tolerate failure of ensure_auth_ddoc_exists call
ensure_auth_ddoc_exists can crash if _users db does not exist, so move
it to the spawned listen_for_changes process where we already tolerate
the possibility of a crash (and have logic to restart after 5 seconds)
COUCHDB-3054
Robert Newson [Tue, 12 Jul 2016 09:21:24 +0000 (10:21 +0100)]
Don't end changes feed listener on heartbeat
There's no need to end and restart the changes feed listener on every
heartbeat, so don't do that.
COUCHDB-3054
ILYA Khlopotov [Mon, 11 Jul 2016 14:55:03 +0000 (07:55 -0700)]
Merge remote branch 'cloudant:3000-inject_auth_ddoc'
This closes #115
Signed-off-by: ILYA Khlopotov <iilyak@ca.ibm.com>
ILYA Khlopotov [Wed, 20 Apr 2016 15:45:42 +0000 (08:45 -0700)]
Inject _design/_auth on auth_cache startup
We send start_listener event from init to make sure we call
ensure_auth_ddoc_exists as soon as we can. Rather then calling it on
listener restart.
COUCHDB-3000
Jay Doane [Thu, 7 Jul 2016 15:40:23 +0000 (08:40 -0700)] 
Handle ssl socket case
COUCHDB-3049
Jay Doane [Thu, 7 Jul 2016 15:37:14 +0000 (08:37 -0700)]
Revert broken fix attempt for ssl sockname
ILYA Khlopotov [Thu, 30 Jun 2016 18:00:36 +0000 (11:00 -0700)]
Merge remote branch 'cloudant:69230-fix-epi_handle_error_args'
This closes #129
Signed-off-by: ILYA Khlopotov <iilyak@ca.ibm.com>
ILYA Khlopotov [Thu, 30 Jun 2016 17:03:12 +0000 (10:03 -0700)]
Do not pass unknown_error atom to plugin
There is no reason to pass {unknown_error, Error} to plugin and force it to
implement a match on that tuple. We should pass the Error itself and let
the plugin decide what to do with it.
Jay Doane [Tue, 28 Jun 2016 19:39:19 +0000 (12:39 -0700)]
Call appropriate sockname function for socket type
COUCHDB: 3049
Robert Newson [Thu, 16 Jun 2016 22:24:05 +0000 (23:24 +0100)]
Pass user context in couch_doc_open
Fixes bug where a user can't update or delete their own _users doc.
COUCHDB-2991
Eric Avdey [Mon, 13 Jun 2016 19:25:59 +0000 (16:25 -0300)]
Merge remote branch 'cloudant:67171-dont-decode-params-in-multiview'
This closes #127
Signed-off-by: Eric Avdey <eiri@eiri.ca>
Eric Avdey [Mon, 13 Jun 2016 16:53:55 +0000 (13:53 -0300)]
Don't try to decode params in multi_query_view
Eric Avdey [Mon, 13 Jun 2016 15:04:43 +0000 (12:04 -0300)]
Merge remote branch 'cloudant:67171-fix-multi_query_view-response'
This closes #125
Signed-off-by: Eric Avdey <eiri@eiri.ca>
Eric Avdey [Tue, 7 Jun 2016 17:32:39 +0000 (14:32 -0300)]
Don't expect #vacc as a response in multi_query_view
When multi_query_view is calling chttpd:end_delayed_json_response/1 it is
passing in the response object it received from query_view's #vacc,
which means it'll get back resp record and not #vacc.
Eric Avdey [Thu, 2 Jun 2016 19:24:30 +0000 (16:24 -0300)]
Merge remote branch 'github/pr/123'
This closes #123
Signed-off-by: Eric Avdey <eiri@eiri.ca>
Eric Avdey [Fri, 27 May 2016 17:59:23 +0000 (14:59 -0300)]
Fix _node/$node/_system endpoint
The endpoint is using same handler as a backdoor interface,
which only works for the requests to a local $node.
For rpc calls to the remote nodes, the same as it's done
on rest of /_node endpoints, handle_node_req handler is getting
{badrpc,{'EXIT',normal}} response and fails with invalid_ejson exception.
The change splits stats gathering from stats responding,
allowing to use former on both /_node/$node/_system
and backend's /_system endpoints.
ILYA Khlopotov [Thu, 2 Jun 2016 17:52:11 +0000 (10:52 -0700)]
Merge remote branch 'cloudant:2730-fix-compilation-warnings'
This closes #124
Signed-off-by: ILYA Khlopotov <iilyak@ca.ibm.com>
ILYA Khlopotov [Thu, 2 Jun 2016 17:38:16 +0000 (10:38 -0700)]
Fix compilation warnings
COUCHDB-2730
Jan Lehnardt [Mon, 16 May 2016 11:01:04 +0000 (13:01 +0200)] 
restore 1.x _users and _replicator behaviour
COUCHDB-2991
Jan Lehnardt [Mon, 16 May 2016 12:13:46 +0000 (14:13 +0200)]
fix in logic that denies login with conflicted user docs
Jan Lehnardt [Sun, 15 May 2016 19:38:04 +0000 (21:38 +0200)]
fix missing transition in cassim revert, sec obj in external calls empty
Will Holley [Fri, 13 May 2016 21:15:32 +0000 (22:15 +0100)]
use shard suffix when generating _changes ETag
In CouchDB 2.0, instance_start_time is always 0.
This means that when generating ETag values derived
from the database info object, the same ETags can be
incorrectly deemed valid between different database
instances with the metadata.
To avoid this we can incorporate the unique shard
suffix for the database instance when generating
the current ETag value.
COUCHDB-3017
Jan Lehnardt [Fri, 13 May 2016 10:55:38 +0000 (12:55 +0200)]
disable cassim until fixed
Jan Lehnardt [Mon, 25 Apr 2016 20:19:52 +0000 (22:19 +0200)]
support admin party after
d2665ce
Jan Lehnardt [Mon, 25 Apr 2016 19:25:41 +0000 (21:25 +0200)]
Merge branch 'fix-users-doc-in-conflict'
* fix-users-doc-in-conflict:
restore 1.x behaviour: user docs in conflict cannot login
Jan Lehnardt [Mon, 25 Apr 2016 19:24:58 +0000 (21:24 +0200)]
restore 1.x behaviour: user docs in conflict cannot login
Adds config option chttpd_auth/allow_conflicted_user_docs to toggle
this behaviour. The default is to not allow conflicted user docs to
log in successfully.
Jan Lehnardt [Sat, 23 Apr 2016 23:28:32 +0000 (01:28 +0200)]
restore 1.x behaviour: user docs in conflict cannot login
Adds config option chttpd_auth/allow_conflicted_user_docs to toggle
this behaviour. The default is to not allow conflicted user docs to
log in successfully.
ILYA Khlopotov [Fri, 15 Apr 2016 18:32:30 +0000 (11:32 -0700)]
Merge remote branch 'github/pr/109'
This closes #109
Signed-off-by: ILYA Khlopotov <iilyak@ca.ibm.com>
ILYA Khlopotov [Mon, 21 Mar 2016 20:06:28 +0000 (13:06 -0700)]
Add `log_format_test` test case
COUCHDB-2973
ILYA Khlopotov [Mon, 21 Mar 2016 19:23:31 +0000 (12:23 -0700)]
Log user name of request initiator
Change the log format from chttpd to include username.
The new format is (space separated):
Nonce, Peer, Host, UserName, Method, RawUri, Code, Status, RequestTime
COUCHDB-2973
Eric Avdey [Tue, 12 Apr 2016 18:39:29 +0000 (15:39 -0300)]
Reject incorrectly encoded urls
COUCHDB-2748
Robert Newson [Tue, 12 Apr 2016 15:39:44 +0000 (16:39 +0100)]
tolerate failure when inserting auth ddoc
COUCHDB-2986
Garren Smith [Thu, 7 Apr 2016 13:47:05 +0000 (15:47 +0200)] 
Create md5 etag for _local docs
This makes a unique ETAG for _local docs, so that they are cached
correctly, and fetched again when the document changes.
fixes COUCHDB-2978
ILYA Khlopotov [Tue, 22 Mar 2016 12:33:56 +0000 (05:33 -0700)]
Merge remote branch 'github/pr/108'
This closes #108
Signed-off-by: ILYA Khlopotov <iilyak@ca.ibm.com>
ILYA Khlopotov [Thu, 17 Mar 2016 17:59:01 +0000 (10:59 -0700)]
Use couch_tests:setup/1
ILYA Khlopotov [Thu, 17 Mar 2016 17:36:53 +0000 (10:36 -0700)]
Use couch_tests applications for chttpd_plugin_tests
ILYA Khlopotov [Tue, 15 Mar 2016 17:44:42 +0000 (10:44 -0700)]
Merge remote branch 'github/pr/106'
This closes #106
Signed-off-by: ILYA Khlopotov <iilyak@ca.ibm.com>
ILYA Khlopotov [Tue, 8 Mar 2016 20:30:00 +0000 (12:30 -0800)]
Add test suite for chttpd_plugin
COUCHDB-2966
ILYA Khlopotov [Tue, 8 Mar 2016 18:46:17 +0000 (10:46 -0800)]
Add chttpd_plugin:before_serve_file/5 EPI hook
COUCHDB-2966
ILYA Khlopotov [Tue, 8 Mar 2016 18:24:49 +0000 (10:24 -0800)]
Introduce chttpd_plugin:before_response/4 EPI hook
COUCHDB-2966
ILYA Khlopotov [Tue, 8 Mar 2016 16:57:55 +0000 (08:57 -0800)]
Extract handle_response function
COUCHDB-2966
ILYA Khlopotov [Tue, 8 Mar 2016 16:32:24 +0000 (08:32 -0800)]
Extract basic_headers/2 function
COUCHDB-2966
Alexander Shorin [Sun, 6 Mar 2016 14:15:15 +0000 (17:15 +0300)] 
Cache favicon for one year
Robert Kowalski [Thu, 3 Sep 2015 14:10:20 +0000 (16:10 +0200)] 
Backport CSP fix from couchdb-couch
Needed for the ace editor icons
See https://github.com/apache/couchdb-couch/pull/2
This closes #68
Jay Doane [Mon, 14 Mar 2016 03:51:05 +0000 (20:51 -0700)]
Eliminate unnecessary apply
ILYA Khlopotov [Tue, 8 Mar 2016 18:32:32 +0000 (10:32 -0800)]
Merge remote branch 'github/pr/105'
This closes #105
Signed-off-by: ILYA Khlopotov <iilyak@ca.ibm.com>
ILYA Khlopotov [Tue, 8 Mar 2016 17:59:38 +0000 (09:59 -0800)]
Fix dispatch to handle_error EPI hook
ILYA Khlopotov [Thu, 3 Mar 2016 20:01:54 +0000 (12:01 -0800)]
Merge remote branch 'github/pr/101'
This closes #101
Signed-off-by: ILYA Khlopotov <iilyak@ca.ibm.com>
ILYA Khlopotov [Thu, 3 Mar 2016 16:07:38 +0000 (08:07 -0800)]
Suppress log of a response for clustered interface
COUCHDB-2945
ILYA Khlopotov [Tue, 9 Feb 2016 22:41:22 +0000 (14:41 -0800)]
Treat value passed in Origin as case sensitive
According to CORS spec here https://www.w3.org/TR/cors
The value of the Origin header is not a case-sensitive
COUCHDB-2945
ILYA Khlopotov [Tue, 16 Feb 2016 23:23:37 +0000 (15:23 -0800)]
Strip scheme out of Host for cors_section
Value returned by `couch_httpd_vhost:host/1` might not contain scheme.
The cors section is named after vhost name (i.e. without scheme).
For example:
[cors:partner.com]
methods =
headers =
exposed_headers =
origins = http://restricted.dev:8000
The origin in origins has to be given with scheme included.
COUCHDB-2945
ILYA Khlopotov [Tue, 9 Feb 2016 21:22:05 +0000 (13:22 -0800)]
Introduce vhosts configuration into CORS
In order to remove code duplication we move vhosts support
from couch_http_cors into chttpd_cors. We also dispatch
chttpd:send_response to couch_http which does call chttpd_cors:headers.
In order to avoid double injection of CORS headers we check for existance of
"Access-Control-Allow-Origin" in response headers.
COUCHDB-2945
Alexander Shorin [Tue, 2 Feb 2016 15:23:06 +0000 (18:23 +0300)]
Merge remote-tracking branch 'github/pr/100'
projects / couchdb-chttpd.git / log
