使用CouchDB的PouchDB和Cookie身份验证实际上并未登录用户

Question

I have a node app that uses CouchDB for the database and PouchDB on the client. To log in, a request is sent to the node server, which authenticates the user's credentials with the CouchDB instance, before sending a cookie back to the client. The issue is, after restarting the browser and logging in, CouchDB sends a 401 Unauthorized response when Pouch tries to connect to the DB, and the browser brings up its default login popup. This happens even though the AuthSession cookie is in the browser.

The full error in Chrome is: Failed to load resource: the server responded with a status of 401 (Unauthorized) http://localhost:5984/user/?_nonce=rItPZR1fgbHrwn0a

After entering the user credentials in the Chrome pop-up box and refreshing the page, it loads as normal. Going to the page listed and entering the user credentials gives various metadata about the user.

I assume this is happening because PouchDB doesn't actually use the AuthSession token sent by the node server, but the cookie that is given to it by CouchDB after the user is prompted with a 401. Is there any way to get around this?

Thanks in advance.

Answer 1

You may need to intercept and modify PouchDB's fetch calls to add the credentials option, which you can easily do when you first construct the database object:

db = new PouchDB('https://yourcouch/yourdb', {
    fetch: (url, opts) => fetch(url, { ...opts, credentials: 'include' /* OR 'same-origin' */ })
});

Note that you'll want to set it to same-origin where appropriate, or include for cross origin / no origin requests.

Answer 2

Actually, as long as the cookie is getting set on the client, authentication should automatically be picked up by PouchDB. I have a plugin that demonstrates this: https://github.com/nolanlawson/pouchdb-authentication . You can use this plugin to talk directly to your CouchDB and it will definitely work. Maybe your Node proxy is not passing the cookie between PouchDB and CouchDB?