Ah so it only affects mobile. Please open an issue on our github tracker.
Api permission for search
-
Hi, i use nodebb-plugin-write-api's token, try to access search via api like:
curl -H "Authorization: Bearer xxxxxx-cb5c-4ddf-866d-5fcbfd2986e8" 'https://example.com/api/search?term=test&in=titlesposts' -v
The token is right, and the user has permission to search
But, it return "not-authorized", seem not support access via api -
@birdzhang use Bearer token for both "Authorization" and "Authentication", don't know why it is like that:
In your case:
curl -H "Authorization: Bearer xxxxxx-cb5c-4ddf-866d-5fcbfd2986e8" -H "Authentication xxxxxx-cb5c-4ddf-866d-5fcbfd2986e8" 'https://example.com/api/search?term=test&in=titlesposts' -v
-
@giggiux Thank you for your replay
I tried but still have some issue
$ curl -H "Authorization: Bearer xxxx-62bc-4e9b-a2be-7978db5eda5e" -H "Authentication: Bearer xxxx-62bc-4e9b-a2be-7978db5eda5e" 'https://sailfishos.club/api/search?term=test&in=titlesposts' -v * About to connect() to sailfishos.club port 443 (#0) * Trying 45.32.119.117... * Connected to sailfishos.club (45.32.119.117) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 * Server certificate: * subject: CN=sailfishos.club * start date: Apr 17 02:23:21 2018 GMT * expire date: Jul 16 02:23:21 2018 GMT * common name: sailfishos.club * issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US > GET /api/search?term=test&in=titlesposts HTTP/1.1 > User-Agent: curl/7.29.0 > Host: sailfishos.club > Accept: */* > Authorization: Bearer xxxx-62bc-4e9b-a2be-7978db5eda5e > Authentication: Bearer xxxx-62bc-4e9b-a2be-7978db5eda5e > < HTTP/1.1 400 Bad Request < Server: nginx < Date: Mon, 23 Apr 2018 01:40:19 GMT < Content-Type: application/json; charset=utf-8 < Content-Length: 143 < Connection: keep-alive < X-DNS-Prefetch-Control: off < X-Frame-Options: SAMEORIGIN < Strict-Transport-Security: max-age=15552000; includeSubDomains < X-Download-Options: noopen < X-Content-Type-Options: nosniff < X-XSS-Protection: 1; mode=block < Referrer-Policy: strict-origin-when-cross-origin < X-Powered-By: NodeBB < ETag: W/"8f-PDJaS8zEUBQNBsr0ZxGk2abRkZA" < set-cookie: express.sid=s%3ApUc-G1qQwpRXXbn09TLGk5_CeGmnyjKi.xxx8wkLUaqCxaWQjWfUomoeM4skR4I4fhXQI8RQP%2Bk; Path=/; Expires=Mon, 07 May 2018 01:40:19 GMT; HttpOnly; Secure < Vary: Accept-Encoding < * Connection #0 to host sailfishos.club left intact {"code":"params-missing","message":"Required parameters were missing from this API call, please see the \"params\" property","params":["_uid"]}
-
@birdzhang You are using a Master Bearer token and not a user's one. So you have to pass also the
uid
parameter in the request. Or you create an User Bearer token and that solves the problem -
@giggiux I changed to user's token , the server return 401
I searched the source code, seem it not support
api
-
Oh, i thought you were using
write-api
endpoints. What you can try do is to create your own plugin that extends thewrite-api
(there is an hook that let you do that), from which you get theuid
of the user, you modify the request settingreq.user
and then pass everything to thesearchController.search
function.So (this is not valid, but it's just to somehow show you):
in
plugin.json
:{"hooks": [{"hook": "filter:plugin.write-api.routes", "method": "api"}]}
in
library.js
:var plugin = {}, searchController = require.main.require('./src/search'); plugin.api = function (data, callback) { var app = data.router; var apiMiddleware = data.apiMiddleware; var middleware = data.middleware; var errorHandler = data.errorHandler; app.get('/search', apiMiddleware.requireUser, function(req,res) { req.user = req.uid; //req.uid is given from the middleware searchController(req, res) } callback(null, { router: app }); }
Then of course do the request to
/api/v1/search
instead of/api/search
-
Hi guys, thanks for having this discussion it helped me find the issue it will be fixed in the next version of write-api plugin. https://github.com/NodeBB/nodebb-plugin-write-api/commit/4c98fbe3440d462d995a43ba4819f6d40f00646c @BirdZhang make sure you use latest version of NodeBB as well since that check changed to
req.loggedIn
-
@baris This means now calls with the Bearer token can also be done to normal api?
-
@giggiux Yes they should work.
-
@baris Thank you very much, works very well
Suggested Topics
-
Solved NodeBB Plugin DB Search breaks forum
Bug Reports • • MJ