background: I have a mysql database that I'm going to move over into couchdb, in that database are some tables, "books", and "users". I login to the web application via a login form and currently post username and password at a php script that then logs the user in and writes a php session to the users table for that user. Now, when the user requests books, I a) make sure that the php session is valid for a user, and then use the logged in userid to get books that user can view.
question: how would you replicate this sort user specific record query in couchdb? I'm assuming the whole point of couchdb is to be able to say, http://somesite.com/couchdb/getBooks/ and that db end point returns books.
maybe i just need to pass a sessionid at the end? http://somesite.com/couchdb/getBooks/?s=123123 BUT then where do I get the session? hmmm.
Any direction or articles that talk about this would be great.
Handling user-specific data in CouchDB is actually a pretty complicated topic, but I tried to summarize some of the different strategies here.
Long story short: if you want to have user-private data in CouchDB (and it sounds like you do), the best way is to have a server-side daemon that allocates one database per user, and the user has full privileges in that database. (This can scale up to > 100k users, so no worries.) Then you just sync that database with PouchDB.
The link above has some third-party projects that implement exactly such a daemon. There's also Janus, which is not ready yet, but once it is, it'll do all of the above as well as integrate nicely with PouchDB.