No error messages in browser console nor error in proxy. Only hit enter to search and display nothing.
$ git rev-parse HEAD 2de108153f7eb4d3c62d9e1c8c68c7fb6dd104c3Api permission for search
-
Hi, i use nodebb-plugin-write-api's token, try to access search via api like:
curl -H "Authorization: Bearer xxxxxx-cb5c-4ddf-866d-5fcbfd2986e8" 'https://example.com/api/search?term=test&in=titlesposts' -vThe token is right, and the user has permission to search
But, it return "not-authorized", seem not support access via api -
@birdzhang use Bearer token for both "Authorization" and "Authentication", don't know why it is like that:
In your case:
curl -H "Authorization: Bearer xxxxxx-cb5c-4ddf-866d-5fcbfd2986e8" -H "Authentication xxxxxx-cb5c-4ddf-866d-5fcbfd2986e8" 'https://example.com/api/search?term=test&in=titlesposts' -v -
@giggiux Thank you for your replay
I tried but still have some issue
$ curl -H "Authorization: Bearer xxxx-62bc-4e9b-a2be-7978db5eda5e" -H "Authentication: Bearer xxxx-62bc-4e9b-a2be-7978db5eda5e" 'https://sailfishos.club/api/search?term=test&in=titlesposts' -v * About to connect() to sailfishos.club port 443 (#0) * Trying 45.32.119.117... * Connected to sailfishos.club (45.32.119.117) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 * Server certificate: * subject: CN=sailfishos.club * start date: Apr 17 02:23:21 2018 GMT * expire date: Jul 16 02:23:21 2018 GMT * common name: sailfishos.club * issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US > GET /api/search?term=test&in=titlesposts HTTP/1.1 > User-Agent: curl/7.29.0 > Host: sailfishos.club > Accept: */* > Authorization: Bearer xxxx-62bc-4e9b-a2be-7978db5eda5e > Authentication: Bearer xxxx-62bc-4e9b-a2be-7978db5eda5e > < HTTP/1.1 400 Bad Request < Server: nginx < Date: Mon, 23 Apr 2018 01:40:19 GMT < Content-Type: application/json; charset=utf-8 < Content-Length: 143 < Connection: keep-alive < X-DNS-Prefetch-Control: off < X-Frame-Options: SAMEORIGIN < Strict-Transport-Security: max-age=15552000; includeSubDomains < X-Download-Options: noopen < X-Content-Type-Options: nosniff < X-XSS-Protection: 1; mode=block < Referrer-Policy: strict-origin-when-cross-origin < X-Powered-By: NodeBB < ETag: W/"8f-PDJaS8zEUBQNBsr0ZxGk2abRkZA" < set-cookie: express.sid=s%3ApUc-G1qQwpRXXbn09TLGk5_CeGmnyjKi.xxx8wkLUaqCxaWQjWfUomoeM4skR4I4fhXQI8RQP%2Bk; Path=/; Expires=Mon, 07 May 2018 01:40:19 GMT; HttpOnly; Secure < Vary: Accept-Encoding < * Connection #0 to host sailfishos.club left intact {"code":"params-missing","message":"Required parameters were missing from this API call, please see the \"params\" property","params":["_uid"]} -
@birdzhang You are using a Master Bearer token and not a user's one. So you have to pass also the
uidparameter in the request. Or you create an User Bearer token and that solves the problem
-
@giggiux I changed to user's token , the server return 401
I searched the source code, seem it not support
api
-
Oh, i thought you were using
write-apiendpoints. What you can try do is to create your own plugin that extends thewrite-api(there is an hook that let you do that), from which you get theuidof the user, you modify the request settingreq.userand then pass everything to thesearchController.searchfunction.So (this is not valid, but it's just to somehow show you):
in
plugin.json:{"hooks": [{"hook": "filter:plugin.write-api.routes", "method": "api"}]}in
library.js:var plugin = {}, searchController = require.main.require('./src/search'); plugin.api = function (data, callback) { var app = data.router; var apiMiddleware = data.apiMiddleware; var middleware = data.middleware; var errorHandler = data.errorHandler; app.get('/search', apiMiddleware.requireUser, function(req,res) { req.user = req.uid; //req.uid is given from the middleware searchController(req, res) } callback(null, { router: app }); }Then of course do the request to
/api/v1/searchinstead of/api/search -
Hi guys, thanks for having this discussion it helped me find the issue it will be fixed in the next version of write-api plugin. https://github.com/NodeBB/nodebb-plugin-write-api/commit/4c98fbe3440d462d995a43ba4819f6d40f00646c @BirdZhang make sure you use latest version of NodeBB as well since that check changed to
req.loggedIn -
@baris This means now calls with the Bearer token can also be done to normal api?
-
@giggiux Yes they should work.
-
@baris Thank you very much, works very well
