Sync function design with basic authentication

Hi guys,

I have created an Android app with CouchBase Lite. Now I’m hoping to do a bi-directional syncing between client app and server. I have my CB server and sync gateway set up and I’m requesting your help with implementing the sync function according to the following requirements,

  • Application has users and user groups
  • User will log in to the app (first time) using his email and password
  • Each user group has an owner
  • A user can be a member in one or more groups (but he can be an owner in one group)
  • A user can create records (say “Scenario”)
  • Each Scenario has an owner (the user created it) and several other properties
  • Each Scenario has a “public/private” property
  • If any Scenario is “private”, it will only be accessible to it’s creator and other users in the same group
  • If any Scenario is “public”, it will be accessible to every user in the system

So I want to control access to these private Scenario documents when replicating to the server and when replicating back to client app. Since multiple users will use the app in multiple devices. And I’m preferring HTTP basic authentication as for now.

I’ve read about users, channels, sync function and its authentication in these documentations, but still, I have not a clear idea about how to implement a correct sync function.

So could anyone please explain the process that I should go through, If you can provide an example sync function matching for my requirement, it will be great. I’m currently using this sync_gateway configuration, which has no authentications. Here, which entries that I need to change in order to achieve this?

=================================================
{
“interface”:“0.0.0.0:4984”,
“adminInterface”:“127.0.0.1:4985”,

“log”:[“REST”],
“databases”:{
“example_bucket”:{
“server”:“http://localhost:8091”,
“sync”:function(doc) {channel(doc.channels);},
“users”:{
“GUEST”:{“disabled”:false,“admin_channels”:["*"]}
}
“shadow”:{
“server”:“http://localhost:8091”,
“bucket”:“example_bucket_backend”
}
}
}
}

And for the client app side, apart from the basic replication provided in here , what additional changes should I make?
Also most importantly, it says the basic HTTP authentication is completely insecure unless used over an SSL connection. So my last question is, how to implement this “over an SSL connection” thing in my app ?
Could anyone please help me?

Thank you
-Isuru

This sounds like a great proposal to send Couchbase’s Sales department — we have sales engineers who will do this kind of design work with you.

If you’re looking for quick free advice on the forum, though, it’s best to ask smaller more focused questions.

Okay, in short, I need to implement a sync function to restrict access to documents per user. If a user creates a document with its “isPrivate” property “true”. I need to restrict its access to it’s creator and users in the same group. And I’ve came up with the following function,

function(doc){

 if(doc.isPrivate){
      var channelName = doc.group_id;
      channel(channelName);
      access(doc.owner_id, channelName); 
`   }

}

At least tell me, is this correct?

And could you please tell me how to use SSL connections with basic authentication?