I'm trying to write a single backend that proxy request to many products in our internal network (intranet, bpm etc...). In the case of the bpm Bonita I need that every user login with his own credentials to the service that responde with a cookie. My idea was to save the cookie for every user after the login in the database then append it to every calls made by users.
The function:
let unirest = require('unirest');
//I try to call it with the cookie of the last session passed in data.cookie
unirest.post('https://bonitaurl:8443/bonita/' + data.query)
.headers({
'Accept': 'application/json',
'Content-Type': 'application/json',
'ContentType': 'application/json'
})
.send(data.Presult.params)
.jar(data.cookie)//import cookie from database
.strictSSL(false)
.end(function (Tryresponse) {
if (Tryresponse.statusCode != 401 && Tryresponse.statusCode != 404) {
console.log('loggedin as : ', data.user);
console.log(data.cookie);
console.log(Tryresponse.statusCode);
return callback(Tryresponse);
}
else if (Tryresponse.statusCode == 401 || Tryresponse.statusCode == 403) {
console.log(Refresh cookie for user : ', data.user);
request = unirest.post('https://bonitaurl:8443/bonita/loginservice')
.send({'redirect': false, 'username': data.user, 'password': data.pass})
.headers({
'Accept': 'application/json',
'Accept': 'application/x-www-form-urlencoded',
'Content-Type': 'application/x-www-form-urlencoded'
})
.strictSSL(false)
.jar(true)//save cookies
.end(function (loginresponse) {
if (loginresponse) {
//Call using previus cookies
// Start DB
let pgp = require("pg-promise")();
let db = pgp("postgres://DBUSER:*****@localhost:5432/MYDB");
//I will save tokens to database
db.none("update users set bpmtk = $1 where username = $2 ", [JSON.stringify(loginresponse.cookies), data.user])
.then(function () {
console.log('updated ' + user);
unirest.post('https://bonitaurl:8443/bonita/' + data.query)
.headers({
'Accept': 'application/json',
'Content-Type': 'application/json',
'ContentType': 'application/json'
})
.send(data.Presult.params)
.jar(loginresponse.cookies)//Import cookies from the last request
.strictSSL(false)
.end(function (Proxyresponse) {
if (Proxyresponse) {
return callback(Proxyresponse);
}
})
});
}
})
}
else {
console.log('Error code: : ', Tryresponse.statusCode);
return callback(Tryresponse.statusCode);
}
})
The code works and every users can login correctly with the last cookie but if I check the session of the user it points to the last user logged in! To avoid this I have to login , execute calls then logout every times! this is very bad for performance. Any Idea ?