Labs/Weave/User/1/Setup
It is strongly recommended that you use the [Weave Minimal Server] rather than a full install.
Pre-Setup Considerations
It is strongly recommended that the Weave User Server be set up under https, or behind a firewall with an https proxy in front of it. It uses standard http auth, which will send the password in the clear unless done over https.
The Weave Server requires PHP with PDO and JSON support installed. This should be the case if you are running PHP 5.1+. PDO will need drivers for whatever storage and authentications engines are used.
WebDav must not be enabled for this server - it intercepts some of the http packets and syncing will fail.
Setting up the Server
1) You can get the latest server from http://hg.mozilla.org/labs/weaveserver (there you can download it in different formats). Once things are fully established, we'll declare certain builds as stable, but for now assume all releases are beta quality. Unzip it into your html tree.
2) Edit your apache conf files to add the following:
Alias /user/1 <full path to weave directory>/server/user/1/index.php
3) Copy /server/user/1/weave_user_constants.php.dist to weave_user_constants.php and edit it as described below.
Setting up Weave Authentication
In weave_user_constants.php
define('WEAVE_AUTH_ENGINE', '[sqlite|mysql|ldap|none]');
so for example
define('WEAVE_AUTH_ENGINE', 'mysql');
Sqlite
define('WEAVE_SQLITE_AUTH_DIRECTORY', '<path to stores directory>');
additionally, create the users table
$ sqlite3 <path to stores directory>/_users SQLite version 3.4.0 sqlite> create table users (username text primary key, md5 text, email text, status integer, location text, alert text); sqlite> .quit
Change the owner of the _users db file to the account your webserver runs under.
Mysql
Create the mysql database. Add the following tables:
CREATE TABLE `users` ( id int(11) NOT NULL PRIMARY KEY auto_increment, username varbinary(32) NOT NULL, md5 varbinary(32) default NULL, email varbinary(64) default NULL, location text, shard varbinary(32) default NULL, status tinyint(4) default '1', alert text, ) ENGINE=InnoDB;
Constants:
define('WEAVE_MYSQL_AUTH_HOST', '<db host>');
define('WEAVE_MYSQL_AUTH_DB', '<db name>');
define('WEAVE_MYSQL_AUTH_USER', '<db username>');
define('WEAVE_MYSQL_AUTH_PASS', '<db password>');
(Note that you don't need to define the second set of constants if you are using the same db for reads and writes)
You can create users directly in mysql with the following command:
insert into users (username, md5, status) values ('username', md5('password'), 1);
But it is recommended to use the create_user.pl script after setting up the admin-interface (see below).
Captcha
If you wish to use a captcha for your account creation, you will need to get yourself a public key and private key from http://recaptcha.net/. Put those keys in the weave_user_constants.php file and change WEAVE_REGISTER_USE_CAPTCHA to 1. Also copy /server/misc/1/weave_misc_constants.php.dist to weave_misc_constants.php and add your keys there as well.
To serve up the captchas, use the
Alias /misc/1/captcha_html <full path to weave directory>/server/misc/1/captcha.php
Admin Access
If you want to be able to programmatically create and delete accounts, you will need to enable the secret for the machine and change it from null
if (!defined('WEAVE_REGISTER_ADMIN_SECRET')) { define('WEAVE_REGISTER_ADMIN_SECRET', null); }
this will enable you to pass a secret as an 'X-Weave-Secret' header that overrides captcha and auth requirements.
Accounts can be created, passwords changed and accounts deleted through the create_user.pl script. Make sure to change the constants in the header to match your local install.
Editing the Client
In about:config, set extensions.weave.ServerUrl to https://servername/user