Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Supports multiple instances using different credentials #300

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

DougReeder
Copy link
Contributor

Overview

Although a program can currently create multiple instances of nano, they all share the same cookie jar. Authorizing with a set of credentials in one instance changes the credentials (the AuthSession cookie) used by all instances.

This change gives every instance of nano its own cookie jar, so each instance can use a different set of credentials. One application server can thus service the requests of multiple CouchDB users.

The cookie jar is visible to the code instantiating nano, so it can re-create cookies for the following architecture: An application server can accept a CouchDB username and password from a client web app, pass them to a CouchDB cluster, then pass the value of the AuthSession cookie back to the client web app. In future requests, the client can then pass the value of the AuthSession cookie back to the application server, which re-creates the AuthSession cookie. As long as a client web app retains the value of the AuthSession cookie, the application server can thus handle requests without requiring the client web app to pass the username and password, even if the application server was restarted after the client web app authenticated, or didn't handle the authentication.

This supports application servers implementing the adapter pattern.

My current work is implementing an adapter for Armadietto, which implements the remoteStorage protocol.

Testing recommendations

The test 'should be able to authenticate - POST /_session - nano.auth' has been extended to cover using two instances of nano and verifying that they retain separate credentials. (Running this extended test without the code changes demonstrates that the current implementation cannot maintain separate sets of credentials.)

It also works for an actual adapter: https://github.com/DougReeder/armadietto/tree/couchdb-auth

@DougReeder DougReeder force-pushed the different-credentials branch from 24279aa to caac0eb Compare June 13, 2022 13:08
@glynnbird
Copy link
Contributor

I think this is a valid change @DougReeder (sorry for the delay in getting round to it) but the PR would need some rework as the target has changed and Nano is no longer using the same cookie jar. If you fancy reworking the code, I can merge it.

@DougReeder
Copy link
Contributor Author

I'll add reworking this to my to-do list.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants