where is the api docs for nodebb?


  • @julian

    if i do like this

    async function loginNodeBB(name,pass) {
    	let jar = request.jar();
    	let res = await request.post('https://172.16.220.133/login',{
    			form: {
    				username: name,
    				password: pass
    			},
    			json: true,
    			jar: jar,
    			rejectUnauthorized: false,
    			requestCert: true,
    			agent: false,
    			headers: {
    			}
    		},
    			function (err, response, body) {
    				console.log(body);
    				console.log('1111111111111');
    			}
    		);
    	console.log(res.body);
    }
    

    output is:

    username=creatxr&password=creatxr
    Forbidden
    1111111111111

  • GNU/Linux Admin

    Looks like you're not passing CSRF token in. You can get it by checking config.csrf_token on client side. Pass it in under x-csrf-token header.


  • @julian

    async function loginNodeBB(name,pass) {
    	let jar = request.jar();
    	let res = await request({
    		url: 'https://172.16.220.133/api/config',
    		json: true,
    		jar: jar,
    		rejectUnauthorized: false,
    			requestCert: true,
    			agent: false,
    	}, function(err,res,body) {
    		if(err) {
    			console.log(err);
    		}
    console.log('11111111111111');
    		request.post('https://172.16.220.133/login', {
    				form: {
    					username: name,
    					password: pass,
    				},
    				json: true,
    				jar: jar,
    				rejectUnauthorized: false,
    			requestCert: true,
    			agent: false,
    				headers: {
    					'x-csrf-token': body.csrf_token,
    				},
    			}, function (err, res, body) {
    				//callback(err, response, body, jar);
    				console.log(err);
    	//			console.log(res);
    	//			console.log(jar);
    			});
    	}
    
    	);
    }
    

    now i change like this,
    even username or password is wrong,
    the err always is 'null'
    how can i know authentication is passed?

  • Global Moderator Plugin & Theme Dev

    @creatxr res.statusCode


  • @PitaJ

    thanks.

    if success, code is 200 ? i think i get it.
    if not , code is 403 ? or maybe has others.

  • Community Rep

    Not to be picky, but request is not a Promise. async is doing nothing.


  • @yariplus

    yes, i know. i've tried. console print before data return.

    i just want to know how the auth works, then to find the way to do what i want.

    thanks


  • it seems that 'jar' option is required. without it, even with csrf token, the reponse is '403 err'


  • This post is deleted!

  • This post is deleted!

  • now the code below with axios is success.

    const axiosCookieJarSupport = require('axios-cookiejar-support').default;
    const tough = require('tough-cookie');
    axiosCookieJarSupport(axios);
    async function authNodeBB(name,pass) {
    	let cookieJar = new tough.CookieJar();
    
    	let instance = await axios.create({
    		jar:cookieJar,
    		withCredentials: true,
    		httpsAgent: new https.Agent({ rejectUnauthorized: false, requestCert: true, keepAlive: true})
    	});
    	let res = await instance.get('https://172.16.220.133/api/config');
    	console.log(res.data.csrf_token);
    
    	instance.defaults.headers['x-csrf-token'] = res.data.csrf_token;
    
    	res = await instance.post('https://172.16.220.133/login',{username:name,password:pass});
    
    	console.log(res.statusCode);
    	console.log(res);
    }
    

  • the code with promised request is success

    async function authBB(name,pass) {
    	let jar = requestPromise.jar();
    	let res = await requestPromise({
    					url: 'https://172.16.220.133/api/config',
    					json: true,
    					jar: jar,
    					rejectUnauthorized: false,
    					requestCert: true,
    					agent: false,
    				});
    	console.log(res.csrf_token);
    
    
    
    	res = await requestPromise.post('https://172.16.220.133/login', {
    				form: {
    					username: name,
    					password: pass,
    				},
    				json: true,
    				jar: jar,
    				rejectUnauthorized: false,
    				requestCert: true,
    				agent: false,
    				headers: {
    					'x-csrf-token': res.csrf_token,
    				},
    	//			resolveWithFullResponse: true
    			});
    
    	console.log(res.header.user);
    	console.log(res);
    	console.log(res.statusCode);
    }
    

  • the code with python is success

    #coding=utf-8
    
    import requests
    
    client = requests.session()
    csrf = client.get(url='https://172.16.220.133/api/config', verify=False).json()["csrf_token"]
    
    print csrf
    
    r = client.post(url='https://172.16.220.133/login', verify=False, data={'username':'creatxr', 'password':'creatxr'}, headers={'x-csrf-token': csrf})
    print r.content
    
    
  • GNU/Linux Admin

    Glad to hear it 🙂


  • @creatxr @julian Just tried this code, but, 'csrf_token' value is false. uid value is -1.

    Tried the same query from a web browser, this time there is a csrf_token token returned and uid value is 0.

    Why is this difference? How to avoid this in the python code?

  • NodeBB

    If you are getting uid===-1 on the /api/config route it means your request was classified as a spider. https://github.com/NodeBB/NodeBB/blob/master/src/routes/authentication.js#L38

Suggested Topics

| |