search

ScoopInstaller / Scoop

A command-line installer for Windows.
https://scoop.sh
Other
21.23k stars 1.41k forks source link

Web session handling in Scoop #4148

Open jfastnacht opened 4 years ago

jfastnacht commented 4 years ago

I recently stumbled over a problem regarding the installation of Foundry Virtual Tabletop via Scoop. The download requires you to be logged in, but the download URL is fixed:

https://foundryvtt.com/releases/download?version=$version&platform=windows

Without too much effort it is possible to simulate a login via PowerShell, fetch the sessionid cookie, which is needed for the download. Since Scoop got a cookie attribute I was then able to install it by setting the sessionid cookie within the manifest by hand. Of course that's not a proper solution for the problem. What I'm missing is a possibility to simulate the login and provide the sessionid cookie for Scoops download function before the download happens within Scoop.

Is Scoop supposed to be stateless or can we add some functionality to run scripts before the download happens to take care of logins, more complex cookie handling and such (something like pre_download, similar to pre_install)?

CEbbinghaus commented 2 years ago

This would solve the problem I am having when trying to let scoop download artifacts from an organization repository

rashil2000 commented 2 years ago

What is required to download from your org repo?

CEbbinghaus commented 2 years ago

I am still investigating ways to download the files. But ideally just a function to provide Headers/Cookies/QueryParamters would be ideal. Although it would be very hard to implement into the scoop ecosystem since it requires code logic which doesn't fit well with the JSON schema

rashil2000 commented 2 years ago

Query parameters can be added to the URL itself, right?

You can provide Headers using the config file. See https://github.com/ScoopInstaller/Scoop/pull/4254#issuecomment-1068514131 and https://github.com/ScoopInstaller/Scoop/discussions/5140#discussioncomment-3609253 for example.

CEbbinghaus commented 2 years ago

That is based on users defining a configuration value within their own config. This is meant more as a program specific configuration that lets packages define a way that they should be authenticated against. We would have several varied ways to download artifacts and having to ask the user to add a definition for every one and update it for packages that change seems unrealistic when considering that this would need to work for over 2k people