Enable requests to o2r server via ojs, which require a login

[tomniers]

The idea here is that the user needs to be logged in on the o2r server in the same browser session where he is using OJS. Then the connect.sidof the o2r cookie can be used in OJS to enable requests to the o2r server.

old idea:

• search for o2r cookie and extract connect.sid
• use connect.sid in request whoami to control if the user is currently login on the o2r sever
• if not explain user that he needs to relogin on the o2r server
• repeat this until user is logged in on the o2r server

idea currently used:

• try out request with currently working connect.sid
• remember user if the user not inserted the connect.sid, so catch the corresponding error

[tomniers]

• same-origin policy requires, that ojs and o2r have the same origin. Is this possible? Otherwise the cookie can not be requested
• solutions for requesting cookies can be found here: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/cookies/get, https://www.w3schools.com/js/js_cookies.asp, https://developer.mozilla.org/en-US/docs/Web/API/Document/cookie

[tomniers]

• there is still the "problem", that cookies can not be requested from different origins, difficult to request cookies from client
• idea: OJS and o2r-Ui are running on the same origin. User needs to be logged in on o2r-Ui. If there is then a request to the o2r API from OJS the user is automatically logged in via the cookie and the request will work, because both services have the same origin
• this can be tested e.g. if both o2r-ui and OJS are running locally on localhost
• for the final solution on the server OJS needs to run on the server. The current plan is to create a container with OJS and the ojs-erc-plugin included. (https://github.com/Fmazin/ojs-erc-plugin/blob/master/test/docker-compose.yml, https://github.com/Fmazin/ojs-erc-plugin/blob/master/test/.env)

[tomniers]

• so that the above idea works, there need to be some adaptions in the nginx-cors.conf of the o2r-ui
• for both POST and GET add_header 'Access-Control-Allow-Origin' 'http://localhost:8000' always; and add_header 'Access-Control-Allow-Credentials' 'true' always; needs to be set
• the limitation here is that the origin is clearly set, so if other people than us want to use this service, they need to inform us, that we set also their origin in the header
• with this configuration request from OJS to the o2r API are possible, if both is running on the same origin so in this case localhost whereby OJS is running on http://localhost:8000
• a example request could be

var data = new FormData(); 
    data.append("compendium_id", "COMPENDIUM_ID"); 
    
    $.ajax({
        type: 'POST',
        data: data,
        processData: false, 
        contentType: false, 
        url: 'http://localhost/api/v1/job',
        xhrFields: {
            withCredentials: true
    }}).done(function(res) {
        console.log(res);
    });

[tomniers]

6fa26d7
At the moment this is solved by a input by the user. The user needs to input the current connect.sid of the o2r service in the plugin settings.