search

apache / couchdb-nano

Nano: The official Apache CouchDB library for Node.js
https://www.npmjs.com/package/nano
Apache License 2.0
651 stars 165 forks source link

Supports multiple instances using different credentials #300

Open DougReeder opened 2 years ago

DougReeder commented 2 years ago

Overview

Although a program can currently create multiple instances of nano, they all share the same cookie jar. Authorizing with a set of credentials in one instance changes the credentials (the AuthSession cookie) used by all instances.

This change gives every instance of nano its own cookie jar, so each instance can use a different set of credentials. One application server can thus service the requests of multiple CouchDB users.

The cookie jar is visible to the code instantiating nano, so it can re-create cookies for the following architecture: An application server can accept a CouchDB username and password from a client web app, pass them to a CouchDB cluster, then pass the value of the AuthSession cookie back to the client web app. In future requests, the client can then pass the value of the AuthSession cookie back to the application server, which re-creates the AuthSession cookie. As long as a client web app retains the value of the AuthSession cookie, the application server can thus handle requests without requiring the client web app to pass the username and password, even if the application server was restarted after the client web app authenticated, or didn't handle the authentication.

This supports application servers implementing the adapter pattern.

My current work is implementing an adapter for Armadietto, which implements the remoteStorage protocol.

Testing recommendations

The test 'should be able to authenticate - POST /_session - nano.auth' has been extended to cover using two instances of nano and verifying that they retain separate credentials. (Running this extended test without the code changes demonstrates that the current implementation cannot maintain separate sets of credentials.)

It also works for an actual adapter: https://github.com/DougReeder/armadietto/tree/couchdb-auth

glynnbird commented 1 year ago

I think this is a valid change @DougReeder (sorry for the delay in getting round to it) but the PR would need some rework as the target has changed and Nano is no longer using the same cookie jar. If you fancy reworking the code, I can merge it.

DougReeder commented 1 year ago

I'll add reworking this to my to-do list.