All the API token erased from the admin page
-
@nullpointer I don't know. Likely 16mb but likely much lower since the tokens are stored in the form of JSON, and not as a properly hashed entry in the database.
It sounds like you might be running into this issue, which is causing a catastrophic loss of the entire key set if you run out of space? Interesting.
Well, interesting for me, much less so for you.
I need to refactor this system anyway. It's implemented in a way that I do not like. It will be done for v3.1.0, which is likely due several weeks after v3.0.0.
-
@julian thanks for your quick reply
Could you suggest me any work around for this? Maybe I can modify the existing code for a hot fix?
Also could you point me out the code that store the data in a json file?
Thanks a lot
-
API Tokens backend refactor · Issue #11520 · NodeBB/NodeBB
The API tokens generation/ACP frontend was implemented using NodeBB's "sorted-list" library. It is handy in many ways, but is limited in others if you go outside of how it is meant to be used. One of those limits is that the entirety of ...
GitHub (github.com)
Unfortunately it's not something I can hotfix (otherwise I would have definitely fixed it for v3).
The entire system needs a refactor, and the only thing I can offer now is that you limit the number of tokens you make in the meantime.
I will try my best to ensure that the refactor is backportable to v2.x
-
@nullpointer how are you creating these tokens? What database are you using? Are the tokens still in the database when you look at the keys
settings:core.api:sorted-list:tokens:0. Each sorted-list item is stored as a separate document so it shouldn't hit the limit I think.
-
@baris I use the existing code:
const settings = await meta.settings.get('core.api'); settings.tokens = settings.tokens || []; const newToken = { token: utils.generateUUID(), uid: req.params.uid, description: req.body.description || '', timestamp: Date.now(), }; settings.tokens.push(newToken); await meta.settings.set('core.api', settings);@baris said in All the API token erased from the admin page:
Are the tokens still in the database when you look at the keys settings:core.api:sorted-list:tokens:0
I don't think so. The tokens is completely gone in DB. Here is the result of the db query
Here is the result using regex with prefix
^setting:core.api
-
The only way those items would be emptied is if you call
meta.settings.setwith an empty array of tokens.const settings = await meta.settings.get('core.api'); settings.tokens = []; await meta.settings.set('core.api', settings);Maybe put a console.log inside
meta.settings.setand see if it is being called like that. -
@baris there is only one line of code after that:
helpers.formatApiResponse(200, res, newToken);@baris said in All the API token erased from the admin page:
Maybe put a console.log inside meta.settings.set and see if it is being called like that.
I will try to put this logging and see the behavior
-
Hello @julian, could you give me some references regarding this sorted-list library that you mention?
-
Solved after upgrading to v3.1.4
Reference: https://github.com/NodeBB/NodeBB/pull/11533/commitsThanks @julian for addressing this issue.
-
N nullpointer has marked this topic as solved on
-
@nullpointer glad to hear it
