Use cookie authentication for CouchDB access

[MidnightLightning]

Use the _session CouchDB endpoint to ensure we have an authenticated session before trying to manipulate data.

Fixes #846

[MidnightLightning]

Ping! Any feedback on this request? As it stands now, if you want to save content to a CouchDB back-end, the database used has to be public, because StackEdit doesn't authenticate properly to it.

[willprice]

Any news on this, would be great to be able to use private couchdb instances.

[iainbryson]

Is this still a going concern?

One thing confuses me about the implementation: it seems to be authing with the session on every request, not waiting for the expiry to re-request it. If that's correct, why would this be preferred over basic auth?

[MidnightLightning]

I abandoned StackEdit because this issue wasn't resolved, so not sure if it's been fixed through another channel in the interim.

This solution does request a new session at the beginning of each batch action out of simplicity. If we wanted more long-running sessions, a check would have to be made (one additional network request to GET /_session) at the beginning of the batch, and additional hooks made to watch for changes to settings.couchdbUrl to see if the given username/password changed since we last made a session.

Using basic authentication (sending an Authorization: Basic <base64-encoded-username:password> with every request) could work, and I believe I didn't do that at the time since there were quirks with different browsers and jQuery versions getting that to work when the credentials were part of the URL (translating the http:https://username:[email protected] into an Authorization: Basic header). If the StackEdit preferences were modified to have three fields (URL, username, password) for CouchDB configuration, that would be easier, or if jQuery's cross-browser handling of those sorts of URLs has improved in the last year that might be a better option.

[iainbryson]

Thanks @MidnightLightning !

[ssaavedra]

Why is this not merged yet?

The withCredentials part is paramount in each request (and/or a correct handling of username and password).

[MidnightLightning]

Resolved the merge conflicts by merging from upstream and re-running Gulp build task.

[ssaavedra]

Please, cherry-pick my commit at ssaavedra@046d02b because otherwise this is still broken in Firefox (because passing username:password in the host seems not to be standardized).

[MidnightLightning]

All right @ssaavedra; done now, though I did rename the function to make it more clear what it does, and not have two things named couchdbUrl with one a function (on the helper object) and one a string (on the settings object).

[ssaavedra]

Sure, thanks. It starte as a quick fix to test it out, and it worked, but I didnt' have more time for that now. I'll rebase your work later too (to also get Docker benefits).