feat: session token authentication

Add support for AuthSession cookie

README.md

@@ -106,6 +106,12 @@ If a different username is required, add the `--user` switch:
 
 **NB** - When specifying the URL with `--url`, be sure not to specify the CouchDB database name in the URL. The CHT API will find the correct database.
 
+### Using a session token for authentication
+
+CHT Conf supports authentication using a session token by adding `--session-token` parameter:
+
+	cht --url=https://example.com:12345 --session-token=*my_token* 
+
 ### Into an archive to be uploaded later
 
     cht --archive

package.json

@@ -58,6 +58,7 @@
     "pouchdb-adapter-http": "^7.2.2",
     "pouchdb-core": "^7.2.2",
     "pouchdb-mapreduce": "^7.2.2",
+    "pouchdb-session-authentication": "^1.3.0",
     "properties": "^1.2.1",
     "queue-promise": "^2.2.1",
     "readline-sync": "^1.4.10",

src/lib/api.js

@@ -7,8 +7,34 @@ const log = require('./log');
 const url = require('url');
 
 const cache = new Map();
+const sessionCookieName = 'AuthSession';
+
+// Helper function to create request headers with session token (if available)
+const withSessionCookie = (...args) => {
+  const options = typeof args[0] === 'object' ? Object.assign({}, args[0]) : { url: args[0] };
+
+  if (args.length > 1) {
+    // Merge remaining arguments
+    Object.assign(options, ...args.slice(1));
+  }
+
+  const sessionToken = environment.sessionToken;
+  if (sessionToken || options.headers) {
+    options.headers = Object.assign(
+      {}, 
+      options.headers || {}, 
+      sessionToken ? { Cookie: `${sessionCookieName}=${sessionToken}` } : {}
+    );
+  }
+
+  return options;
+};
+
+const _request = (method) => (...args) => {
+  const requestOptions = withSessionCookie(...args);
+  return retry(() => rpn[method](requestOptions), { retries: 5, randomize: false, factor: 1.5 });
+};
 
-const _request = (method) => (...args) => retry(() => rpn[method](...args), { retries: 5, randomize: false, factor: 1.5 });
 const request = {
   get: _request('get'),
   post: _request('post'),

src/lib/db.js

@@ -1,6 +1,7 @@
 const PouchDB = require('pouchdb-core');
 PouchDB.plugin(require('pouchdb-adapter-http'));
 PouchDB.plugin(require('pouchdb-mapreduce'));
+PouchDB.plugin(require('pouchdb-session-authentication'));
 
 const ArchivingDB = require('./archiving-db');
 const environment = require('./environment');
@@ -10,6 +11,7 @@ module.exports = () => {
     return new ArchivingDB(environment.archiveDestination);
   }
 
-  return new PouchDB(environment.apiUrl, { ajax: { timeout: 60000 } });
+  return new PouchDB(environment.apiUrl, {
+    session: environment.sessionToken,
+  });
 };
-

src/lib/environment.js

@@ -13,7 +13,8 @@ const initialize = (
   apiUrl,
   force,
   skipTranslationCheck,
-  skipValidate
+  skipValidate,
+  sessionToken
 ) => {
   if (state.initialized) {
     throw Error('environment is already initialized');
@@ -28,7 +29,8 @@ const initialize = (
     pathToProject,
     force,
     skipTranslationCheck,
-    skipValidate
+    skipValidate,
+    sessionToken
   });
 };
 
@@ -54,6 +56,7 @@ module.exports = {
   get force() { return getState('force'); },
   get skipTranslationCheck() { return getState('skipTranslationCheck'); },
   get skipValidate() { return getState('skipValidate'); },
+  get sessionToken() { return getState('sessionToken'); },
 
   /**
    * Return `true` if the environment **seems** to be production.

src/lib/main.js

@@ -160,7 +160,8 @@ module.exports = async (argv, env) => {
     apiUrl,
     cmdArgs.force,
     cmdArgs['skip-translation-check'],
-    skipValidate
+    skipValidate,
+    cmdArgs['session-token'],
   );
 
   if (requiresInstance && apiUrl) {

test/api-stub.js

@@ -39,6 +39,7 @@ module.exports = {
     const port = server.address().port;
     const couchUrl = `http://admin:pass@localhost:${port}/medic`;
     sinon.stub(environment, 'apiUrl').get(() => couchUrl);
+    sinon.stub(environment, 'sessionToken').get(() => undefined);
     module.exports.couchUrl = couchUrl;
     module.exports.gatewayRequests = [];
   },