Write-enabled API (Brainstorming)
-
Thanks for your thoughts -- for most admins, they wouldn't want a write API layer installed, so it's strictly an opt-in process. Better for security, anyhow -- no holes to exploit if the entire layer isn't even there, right?
I'll have to look into key/secret vs. just key. It would be pointless to require a secret in addition to a key for a client-facing app (since the code could just be decompiled to find the secret), plus there's a bit of a development cost to supporting it as well (encrypting and decrypting using secret, etc...)
-
I did a quick search through the NPM and here are some MIT Licensed modules can could be used or drawn upon for inspiration.
https://www.npmjs.org/package/restify-https
https://www.npmjs.org/package/https-aware
https://github.com/substack/node-https-detect -
Isn't the API write already ? I mean I used it to store the settings of my plugin maybe you mean without having to use a plugin. This could be a good thing but this means also needing some access token and in that case maybe could we have a super user token (for accessing hidden information like core groups) and a user token for normal interractions.
-
I could need a integration of NodeBB to my planned site.
Read topics, boards and user info should be no problem. NodeBB read only API seems to do that job.But is it possible to process login or user registration via API (in the future)? My php application could try to check NodeBB login / user. If NodeBB login via API was successfully also the CMS user gets logged in. If the user doesn't exist at CMS side (not logged in before) an account would be created.
So my website could use NodeBB user backend if login / logout via API will be possible in the future
HTTPS shouldn't be needed because the api call comes from the local machine? -
@julian
Not so far...
Looks nice at NodeBB blog
If I need a comment integration that will be a great solution!But my main site also works with authentification and permissions. So I have to sync login state / user accounts.
The main site is Processwire based and I'm build a login module. So the module (php coded) need to process a NodeBB login and get a result about success.I haven't any experience with nodejs / nodebb coding, so I don't know how it could be done.
-
So I have to sync login state / user accounts.
Have a look at this plugin:
GitHub - julianlam/nodebb-plugin-sso-oauth: NodeBB Plugin that allows users to login/register via any configured OAuth provider.
NodeBB Plugin that allows users to login/register via any configured OAuth provider. - julianlam/nodebb-plugin-sso-oauth
GitHub (github.com)
You will likely have to modify it a bit to fit your solution, but it's definitely doable
-
-
Would be nice to encode the api at user experience. like restfull.
have a 'createNewCategory' topic inside 'admTool' category, if a mod write a respod with "footbal & rugby" the api create a new category named 'footbal & rugby'.
Each category has a '/proc' topic to acces api funcion over .this category.
to chance my photo i could go to admTool/chPic topic and upload a image.if the api is themeble can pack the adm routine like moderated or not. Can be 'monarchyed', the api just accept the call of the King login.
-
Just checking to see if there was an update to this. Seems this thread has been dead-ish
-
Sort of got my own answer. though not too clear on it. Repo found here: https://github.com/NodeBB/nodebb-plugin-write-api