Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use AuthSession cookie for login instead of basic auth #582

Open
dianabarsan opened this issue Oct 18, 2023 · 3 comments
Open

Use AuthSession cookie for login instead of basic auth #582

dianabarsan opened this issue Oct 18, 2023 · 3 comments
Labels
Type: Technical issue Improve something that users won't notice

Comments

@dianabarsan
Copy link
Member

dianabarsan commented Oct 18, 2023
edited
Loading

Describe the issue
We're discussing increasing pbkdf2 iterations for CouchDb.
This will mean that computing the hashed password every time basic auth is used will become a costly server-side operation.

Describe the improvement you'd like
Instead of using basic auth for every request, make one initial _session request, and use the provided AuthSession cookie to authenticate all following requests within one conf run.

Describe alternatives you've considered
None.
@dianabarsan dianabarsan added the Type: Technical issue Improve something that users won't notice label Oct 18, 2023
@garethbowen garethbowen self-assigned this Oct 18, 2023
@garethbowen
Copy link
Member

I've been working on a prototype for this...

@garethbowen
Copy link
Member

@dianabarsan Here is my very simple test script for the cht-conf version of cookie auth:

This should be a very simple drop in solution for cht-conf which uses rpn in the api file, but it's blocked on #583

const nodefetch = require('node-fetch');

let c;

const getAuthSessionCookie = async () => {

  if (c) {
    return c;
  }

  const headers = new nodefetch.Headers({
    'Content-Type': 'application/json'
  });

  const body = JSON.stringify({ username: 'iterations', password: 'pass' });
  const t0 = performance.now();
  const res = await nodefetch('http://localhost:5988/_session', { headers, method: 'POST', body });
  const t1 = performance.now();
  console.log(`BASIC AUTH: ${t1-t0}`);
  const cookies = res.headers.raw()['set-cookie']
  const cookie = cookies[0];
  const authSessionCookie = cookie.split(';')[0];
  c = authSessionCookie.split('=')[1];

  return c;
};

const makeRequest = async () => {
  const sessionCookie = await getAuthSessionCookie();
  const headers = new nodefetch.Headers({
    'Content-Type': 'application/json'
  });
  headers.append("cookie", `AuthSession=${sessionCookie}`);
  const t0 = performance.now();
  const res = await nodefetch('http://localhost:5988/medic/branding', { headers });
  const t1 = performance.now();
  console.log(`COOKIE AUTH: ${t1-t0}`);
  console.log(res.status);
  const body = await res.json();
  console.log(body);
};

const go = async () => {
  while(true) {
    await makeRequest();
    await new Promise(resolve => setTimeout(resolve, 20000));
  }
};

go();

@garethbowen garethbowen removed their assignment May 20, 2024
@garethbowen garethbowen mentioned this issue May 20, 2024
Merged
@garethbowen
Copy link
Member

@dianabarsan I think this is merged and released now - can you confirm?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Technical issue Improve something that users won't notice
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@garethbowen @dianabarsan