replace hard-coded cookie-based auth w/ dynamic...

NiloCK · NiloCK · commit 007cb194ef2e · 2025-08-05T01:04:09.000-03:00
lookup based on env (eg, if there is a configured username:pw, use that)
diff --git a/packages/db/src/impl/couch/CouchDBSyncStrategy.ts b/packages/db/src/impl/couch/CouchDBSyncStrategy.ts
@@ -8,7 +8,7 @@ import type { SyncStrategy } from '../common/SyncStrategy';
 import type { AccountCreationResult, AuthenticationResult } from '../common/types';
 import { getLocalUserDB, hexEncode, updateGuestAccountExpirationDate } from '../common';
 import pouch from './pouchdb-setup';
-import { pouchDBincludeCredentialsConfig } from './index';
+import { createPouchDBConfig } from './index';
 import { getLoggedInUsername } from './auth';
 
 const log = (s: any) => {
@@ -207,7 +207,7 @@ export class CouchDBSyncStrategy implements SyncStrategy {
     // see: https://github.com/pouchdb-community/pouchdb-authentication/issues/239
     const ret = new pouch(
       ENV.COUCHDB_SERVER_PROTOCOL + '://' + ENV.COUCHDB_SERVER_URL + dbName,
-      pouchDBincludeCredentialsConfig
+      createPouchDBConfig()
     );
 
     if (guestAccount) {
diff --git a/packages/db/src/impl/couch/adminDB.ts b/packages/db/src/impl/couch/adminDB.ts
@@ -1,7 +1,7 @@
 import pouch from './pouchdb-setup';
 import { ENV } from '@db/factory';
 import {
-  pouchDBincludeCredentialsConfig,
+  createPouchDBConfig,
   getStartAndEndKeys,
   getCredentialledCourseConfig,
   updateCredentialledCourseConfig,
@@ -21,7 +21,7 @@ export class AdminDB implements AdminDBInterface {
     //     if the user is not an admin
     this.usersDB = new pouch(
       ENV.COUCHDB_SERVER_PROTOCOL + '://' + ENV.COUCHDB_SERVER_URL + '_users',
-      pouchDBincludeCredentialsConfig
+      createPouchDBConfig()
     );
   }
 
diff --git a/packages/db/src/impl/couch/classroomDB.ts b/packages/db/src/impl/couch/classroomDB.ts
@@ -11,7 +11,7 @@ import pouch from './pouchdb-setup';
 import {
   getCourseDB,
   getStartAndEndKeys,
-  pouchDBincludeCredentialsConfig,
+  createPouchDBConfig,
   REVIEW_TIME_FORMAT,
 } from '.';
 import { CourseDB, getTag } from './courseDB';
@@ -97,7 +97,7 @@ export class StudentClassroomDB
     const dbName = `classdb-student-${this._id}`;
     this._db = new pouch(
       ENV.COUCHDB_SERVER_PROTOCOL + '://' + ENV.COUCHDB_SERVER_URL + dbName,
-      pouchDBincludeCredentialsConfig
+      createPouchDBConfig()
     );
     try {
       const cfg = await this._db.get<ClassroomConfig>(CLASSROOM_CONFIG);
@@ -209,11 +209,11 @@ export class TeacherClassroomDB extends ClassroomDBBase implements TeacherClassr
     const stuDbName = `classdb-student-${this._id}`;
     this._db = new pouch(
       ENV.COUCHDB_SERVER_PROTOCOL + '://' + ENV.COUCHDB_SERVER_URL + dbName,
-      pouchDBincludeCredentialsConfig
+      createPouchDBConfig()
     );
     this._stuDb = new pouch(
       ENV.COUCHDB_SERVER_PROTOCOL + '://' + ENV.COUCHDB_SERVER_URL + stuDbName,
-      pouchDBincludeCredentialsConfig
+      createPouchDBConfig()
     );
     try {
       return this._db
@@ -297,7 +297,7 @@ export function getClassroomDB(classID: string, version: 'student' | 'teacher'):
 
   return new pouch(
     ENV.COUCHDB_SERVER_PROTOCOL + '://' + ENV.COUCHDB_SERVER_URL + dbName,
-    pouchDBincludeCredentialsConfig
+    createPouchDBConfig()
   );
 }
 
diff --git a/packages/db/src/impl/couch/courseAPI.ts b/packages/db/src/impl/couch/courseAPI.ts
@@ -1,5 +1,5 @@
 import pouch from './pouchdb-setup';
-import { pouchDBincludeCredentialsConfig } from '.';
+import { createPouchDBConfig } from '.';
 import { ENV } from '@db/factory';
 // import { DataShape } from '../..base-course/Interfaces/DataShape';
 import { NameSpacer, ShapeDescriptor } from '@vue-skuilder/common';
@@ -279,6 +279,6 @@ export function getCourseDB(courseID: string): PouchDB.Database {
   const dbName = `coursedb-${courseID}`;
   return new pouch(
     ENV.COUCHDB_SERVER_PROTOCOL + '://' + ENV.COUCHDB_SERVER_URL + dbName,
-    pouchDBincludeCredentialsConfig
+    createPouchDBConfig()
   );
 }
diff --git a/packages/db/src/impl/couch/index.ts b/packages/db/src/impl/couch/index.ts
@@ -38,26 +38,58 @@ export function hexEncode(str: string): string {
 
   return returnStr;
 }
-export const pouchDBincludeCredentialsConfig: PouchDB.Configuration.RemoteDatabaseConfiguration = {
+const pouchDBincludeCredentialsConfig: PouchDB.Configuration.RemoteDatabaseConfiguration = {
   fetch(url: string | Request, opts: RequestInit): Promise<Response> {
     opts.credentials = 'include';
 
     return (pouch as any).fetch(url, opts);
   },
 } as PouchDB.Configuration.RemoteDatabaseConfiguration;
 
+/**
+ * Creates PouchDB configuration with appropriate authentication method
+ * - Uses HTTP Basic Auth when credentials are available (Node.js/MCP)
+ * - Falls back to cookie auth for browser environments
+ */
+export function createPouchDBConfig(): PouchDB.Configuration.RemoteDatabaseConfiguration {
+  // Check if running in Node.js with explicit credentials
+  const hasExplicitCredentials = ENV.COUCHDB_USERNAME && ENV.COUCHDB_PASSWORD;
+  const isNodeEnvironment = typeof window === 'undefined';
+  
+  if (hasExplicitCredentials && isNodeEnvironment) {
+    // Use HTTP Basic Auth for Node.js environments (MCP server)
+    return {
+      fetch(url: string | Request, opts: RequestInit = {}): Promise<Response> {
+        const basicAuth = btoa(`${ENV.COUCHDB_USERNAME}:${ENV.COUCHDB_PASSWORD}`);
+        const headers = new Headers(opts.headers || {});
+        headers.set('Authorization', `Basic ${basicAuth}`);
+        
+        const newOpts = {
+          ...opts,
+          headers: headers
+        };
+        
+        return (pouch as any).fetch(url, newOpts);
+      }
+    } as PouchDB.Configuration.RemoteDatabaseConfiguration;
+  }
+  
+  // Use cookie-based auth for browser environments or when no explicit credentials
+  return pouchDBincludeCredentialsConfig;
+}
+
 function getCouchDB(dbName: string): PouchDB.Database {
   return new pouch(
     ENV.COUCHDB_SERVER_PROTOCOL + '://' + ENV.COUCHDB_SERVER_URL + dbName,
-    pouchDBincludeCredentialsConfig
+    createPouchDBConfig()
   );
 }
 
 export function getCourseDB(courseID: string): PouchDB.Database {
   // todo: keep a cache of opened courseDBs? need to benchmark this somehow
   return new pouch(
     ENV.COUCHDB_SERVER_PROTOCOL + '://' + ENV.COUCHDB_SERVER_URL + 'coursedb-' + courseID,
-    pouchDBincludeCredentialsConfig
+    createPouchDBConfig()
   );
 }
 
@@ -188,7 +220,7 @@ export function getCouchUserDB(username: string): PouchDB.Database {
   // see: https://github.com/pouchdb-community/pouchdb-authentication/issues/239
   const ret = new pouch(
     ENV.COUCHDB_SERVER_PROTOCOL + '://' + ENV.COUCHDB_SERVER_URL + dbName,
-    pouchDBincludeCredentialsConfig
+    createPouchDBConfig()
   );
   if (guestAccount) {
     updateGuestAccountExpirationDate(ret);
