Open DougReeder opened 2 years ago
I think this is a valid change @DougReeder (sorry for the delay in getting round to it) but the PR would need some rework as the target has changed and Nano is no longer using the same cookie jar. If you fancy reworking the code, I can merge it.
I'll add reworking this to my to-do list.
Overview
Although a program can currently create multiple instances of nano, they all share the same cookie jar. Authorizing with a set of credentials in one instance changes the credentials (the AuthSession cookie) used by all instances.
This change gives every instance of nano its own cookie jar, so each instance can use a different set of credentials. One application server can thus service the requests of multiple CouchDB users.
The cookie jar is visible to the code instantiating nano, so it can re-create cookies for the following architecture: An application server can accept a CouchDB username and password from a client web app, pass them to a CouchDB cluster, then pass the value of the AuthSession cookie back to the client web app. In future requests, the client can then pass the value of the AuthSession cookie back to the application server, which re-creates the AuthSession cookie. As long as a client web app retains the value of the AuthSession cookie, the application server can thus handle requests without requiring the client web app to pass the username and password, even if the application server was restarted after the client web app authenticated, or didn't handle the authentication.
This supports application servers implementing the adapter pattern.
My current work is implementing an adapter for Armadietto, which implements the remoteStorage protocol.
Testing recommendations
The test 'should be able to authenticate - POST /_session - nano.auth' has been extended to cover using two instances of nano and verifying that they retain separate credentials. (Running this extended test without the code changes demonstrates that the current implementation cannot maintain separate sets of credentials.)
It also works for an actual adapter: https://github.com/DougReeder/armadietto/tree/couchdb-auth