(EAI-206): Custom fetch options + add authorized user to staging conversation custom data

[mongodben]

Jira: https://jira.mongodb.org/browse/EAI-206

Changes

• In UI library:

  • Configure custom fetch options (so can pass cookies/custom headers, etc.)

• In server library:

  • when streaming make so inherits "Access-Control-Allow-Origin" header from CORs/app rather than from the data streamer.

• On server implementation:

  • Add ability to get authorized user from the cookie that CorpSecure sets in lower level envs.
  • Explicitly add requireRequestOrigin() and requireValidIpAddress() middleware and logic to add these to the conversation custom data b/c the new functionality to get the auth user overrides the defaults which used these.

Todos:

• Test to make sure adding authUser from cookie works

Notes

• To use this functionality, you must access the site behind CorpSecure, such as our staging URL http://chat-server.docs.staging.corp.mongodb.com/
  • However, the staging site that sits behind CDN + firewall will not work for this functionality (https://knowledge.staging.corp.mongodb.com/). This site isn't behind CorpSecure, just IP-restricted firewall.

[nlarew]

We define this.fetchOptions in the class constructor so it should always be defined right?

Maybe an opportunity for cleanup in other spots in the class where we currently assume fetchOptions may be undefined and use nullish coalescing (i.e. ??)

[nlarew]

Shouldn't this.fetchOptions and this.fetchOptions.headers always be defined since we assign it in the constructor?

[nlarew]

Couple of small changes in the frontend code but then I think this should be good to go! Tests seems to indicate the the overrides work well. Let's double check in staging after the merge to make sure and then we can cut new releases.