0

I'm trying to write a single backend that proxy request to many products in our internal network (intranet, bpm etc...). In the case of the bpm Bonita I need that every user login with his own credentials to the service that responde with a cookie. My idea was to save the cookie for every user after the login in the database then append it to every calls made by users.

The function:

        let unirest = require('unirest');
    //I try to call  it with the cookie of the last session passed in data.cookie
    unirest.post('https://bonitaurl:8443/bonita/' + data.query)
        .headers({
            'Accept': 'application/json',
            'Content-Type': 'application/json',
            'ContentType': 'application/json'
        })
        .send(data.Presult.params)
        .jar(data.cookie)//import cookie from database
        .strictSSL(false)
        .end(function (Tryresponse) {
            if (Tryresponse.statusCode != 401 && Tryresponse.statusCode != 404) {
                console.log('loggedin as : ', data.user);
                console.log(data.cookie);
                console.log(Tryresponse.statusCode);
                return callback(Tryresponse);
            }
            else if (Tryresponse.statusCode == 401 || Tryresponse.statusCode == 403) {
                console.log(Refresh cookie for user : ', data.user);
                request = unirest.post('https://bonitaurl:8443/bonita/loginservice')
                    .send({'redirect': false, 'username': data.user, 'password': data.pass})
                    .headers({
                        'Accept': 'application/json',
                        'Accept': 'application/x-www-form-urlencoded',
                        'Content-Type': 'application/x-www-form-urlencoded'
                    })
                    .strictSSL(false)
                    .jar(true)//save cookies
                    .end(function (loginresponse) {
                        if (loginresponse) {
                            //Call using previus cookies

                            // Start DB
                            let pgp = require("pg-promise")();
                            let db = pgp("postgres://DBUSER:*****@localhost:5432/MYDB");

                            //I will save tokens to database
                            db.none("update users set bpmtk = $1 where username = $2  ", [JSON.stringify(loginresponse.cookies), data.user])
                                .then(function () {
                                    console.log('updated ' + user);
                                    unirest.post('https://bonitaurl:8443/bonita/' + data.query)
                                        .headers({
                                            'Accept': 'application/json',
                                            'Content-Type': 'application/json',
                                            'ContentType': 'application/json'
                                        })
                                        .send(data.Presult.params)
                                        .jar(loginresponse.cookies)//Import cookies from the last request
                                        .strictSSL(false)
                                        .end(function (Proxyresponse) {
                                            if (Proxyresponse) {
                                                return callback(Proxyresponse);
                                            }
                                        })
                                });
                        }
                    })
            }
            else {
                console.log('Error code: : ', Tryresponse.statusCode);
                return callback(Tryresponse.statusCode);
            }
        })

The code works and every users can login correctly with the last cookie but if I check the session of the user it points to the last user logged in! To avoid this I have to login , execute calls then logout every times! this is very bad for performance. Any Idea ?

Roberto
  • 1
  • 3
  • The approach seems ok. I have done a similar approach in Java where I use a single instance of a class to store cookies related to specific users in order to avoid login at each REST call. It works fine. I'm not familiar enough with unirest to tell if there is no issue in the code. However if you want to check what user is actually executing the REST call, you could make a test using the following URL: API/system/session/unusedId. It will return the information of the current user logged. – lio Jan 04 '17 at 16:08
  • thank you for the reply :) I had time to make some experiments and I think that BPM simply do not permit to have more than one session pointing to the same host. On npm there is a specific library for bonita bpm , in the code it always run the - login-execute request- logout rutine so I'm starting to think there is no a simple solution. – Roberto Jan 16 '17 at 09:24

0 Answers0