RE: Api permission for search

@giggiux I changed to user's token , the server return 401

I searched the source code, seem it not support api

What version of core? That function is defined in NodeBB core.

@giggiux Thank you for your replay

I tried but still have some issue

$ curl -H "Authorization: Bearer xxxx-62bc-4e9b-a2be-7978db5eda5e" -H "Authentication: Bearer xxxx-62bc-4e9b-a2be-7978db5eda5e" 'https://sailfishos.club/api/search?term=test&in=titlesposts' -v
* About to connect() to sailfishos.club port 443 (#0)
*   Trying 45.32.119.117...
* Connected to sailfishos.club (45.32.119.117) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: CN=sailfishos.club
*       start date: Apr 17 02:23:21 2018 GMT
*       expire date: Jul 16 02:23:21 2018 GMT
*       common name: sailfishos.club
*       issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
> GET /api/search?term=test&in=titlesposts HTTP/1.1
> User-Agent: curl/7.29.0
> Host: sailfishos.club
> Accept: */*
> Authorization: Bearer xxxx-62bc-4e9b-a2be-7978db5eda5e
> Authentication: Bearer xxxx-62bc-4e9b-a2be-7978db5eda5e
> 
< HTTP/1.1 400 Bad Request
< Server: nginx
< Date: Mon, 23 Apr 2018 01:40:19 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 143
< Connection: keep-alive
< X-DNS-Prefetch-Control: off
< X-Frame-Options: SAMEORIGIN
< Strict-Transport-Security: max-age=15552000; includeSubDomains
< X-Download-Options: noopen
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Referrer-Policy: strict-origin-when-cross-origin
< X-Powered-By: NodeBB
< ETag: W/"8f-PDJaS8zEUBQNBsr0ZxGk2abRkZA"
< set-cookie: express.sid=s%3ApUc-G1qQwpRXXbn09TLGk5_CeGmnyjKi.xxx8wkLUaqCxaWQjWfUomoeM4skR4I4fhXQI8RQP%2Bk; Path=/; Expires=Mon, 07 May 2018 01:40:19 GMT; HttpOnly; Secure
< Vary: Accept-Encoding
< 
* Connection #0 to host sailfishos.club left intact
{"code":"params-missing","message":"Required parameters were missing from this API call, please see the \"params\" property","params":["_uid"]}

Hi, i use nodebb-plugin-write-api's token, try to access search via api like:

curl -H "Authorization: Bearer xxxxxx-cb5c-4ddf-866d-5fcbfd2986e8" 'https://example.com/api/search?term=test&in=titlesposts' -v

The token is right, and the user has permission to search
But, it return "not-authorized", seem not support access via api

This is coming in 1.9.0 https://github.com/NodeBB/NodeBB/issues/6433

barisusakli created this issue in NodeBB/NodeBB

closed ability to show multiple group badges #6433

@damian-gądziak Maybe you can try to debug by adding this in that function console.log(tids.length, uid, new Error('test').stack);

	Topics.filterWatchedTids = function (tids, uid, callback) {
                console.log(tids.length, uid, new Error('test').stack);
		async.waterfall([
			function (next) {
				db.sortedSetScores('uid:' + uid + ':followed_tids', tids, next);
			},
			function (scores, next) {
				tids = tids.filter(function (tid, index) {
					return tid && !!scores[index];
				});
				next(null, tids);
			},
		], callback);
	};

I am guessing the function is called by a huge amount of tids, so the next step would be to find out why and from where.

If you have custom code to load the homepage take a look there and see if anything is being loaded in a loop. You can post here if you can maybe we can spot some inefficiency.

Not sure how your homepage is rendered, since both guests and registered users get the same response in /api, I would check the code that you have for registered-users and figure out why it is taking longer than guests. Number of topics in the database should not effect the load speed unless there is some code that is doing a lot of processing on those topics to load the homepage.

@damian-gądziak Is your forum public? Is the hompage loading a list of categories? What is the size of the payload when you load /api for guests vs registered users?

You need to place the suggested topics widget at the footer of topic.tpl and then there needs to be topics in the same category or with same tags and similar titles to the one you are browsing.