HTTP cookie front-end authentication

[benel]

Revision 6579a57059804b0b2095654b9839162abc77391a implemented an emulation of CouchDB's cookie authentication.

In this ticket, I will try to document the settings needed to acticate this feature and use it with Agorae (the only Hypertopic piece of software using cookies).

First I edited conf/config.json to add a sessionHandler section to the original settings:

{
  "port": 1337,
  "sessionHandler": {
    "cookieName": "AAAforRest-auth",
    "sessionLength": 600000,
    "userfield": "name",
    "passfield": "password",
    "path": "/_session",
    "preserveCredentials": false,
    "forward": false
  },
  "sites": [{
    "hostProxy": "agorae.local",
    "port": 5984,
    "path": "/agorae/_design/transutt/_rewrite",
    "preserveCredentials": false,
    "hideLocationParts": 1,
    "rules":[]
}]}

[benel]

But when I GET http://agorae.local:1337/_session, I got not found. @franck-eyraud Any idea why?

[franck-eyraud]

Any idea why?

Currently the sessionHandler configuration needs to be defined for each site (you maybe don't want to activate it everywhere). But a global one is a good idea that could be added.

[benel]

configuration needs to be defined for each site

Oops.

[benel]

Here is how I configured Agorae to use AAAforREST cookie (and protect the inner Argos from unauthenticated edits):

{
  "hostProxy": "agorae.local",
  "port": 5984,
  "path": "/agorae/_design/transutt/_rewrite",
  "hideLocationParts": 1,
  "authentication": [
    {"login":"alice", "password":"lapinblanc"}
  ],
  "sessionHandler": {
    "path":"/_session"
  },
  "rules":[{
    "control": "/argos/.test(path) && method != 'GET' && method != 'OPTIONS'",
    "action": "authenticate(context, function(){proxyWork(context);});"
  }]
}