where is the api docs for nodebb?

  • @PitaJ


    if success, code is 200 ? i think i get it.
    if not , code is 403 ? or maybe has others.

  • Community Rep

    Not to be picky, but request is not a Promise. async is doing nothing.

  • @yariplus

    yes, i know. i've tried. console print before data return.

    i just want to know how the auth works, then to find the way to do what i want.


  • it seems that 'jar' option is required. without it, even with csrf token, the reponse is '403 err'

  • This post is deleted!

  • This post is deleted!

  • now the code below with axios is success.

    const axiosCookieJarSupport = require('axios-cookiejar-support').default;
    const tough = require('tough-cookie');
    async function authNodeBB(name,pass) {
    	let cookieJar = new tough.CookieJar();
    	let instance = await axios.create({
    		withCredentials: true,
    		httpsAgent: new https.Agent({ rejectUnauthorized: false, requestCert: true, keepAlive: true})
    	let res = await instance.get('');
    	instance.defaults.headers['x-csrf-token'] = res.data.csrf_token;
    	res = await instance.post('',{username:name,password:pass});

  • the code with promised request is success

    async function authBB(name,pass) {
    	let jar = requestPromise.jar();
    	let res = await requestPromise({
    					url: '',
    					json: true,
    					jar: jar,
    					rejectUnauthorized: false,
    					requestCert: true,
    					agent: false,
    	res = await requestPromise.post('', {
    				form: {
    					username: name,
    					password: pass,
    				json: true,
    				jar: jar,
    				rejectUnauthorized: false,
    				requestCert: true,
    				agent: false,
    				headers: {
    					'x-csrf-token': res.csrf_token,
    	//			resolveWithFullResponse: true

  • the code with python is success

    import requests
    client = requests.session()
    csrf = client.get(url='', verify=False).json()["csrf_token"]
    print csrf
    r = client.post(url='', verify=False, data={'username':'creatxr', 'password':'creatxr'}, headers={'x-csrf-token': csrf})
    print r.content
  • GNU/Linux Admin

    Glad to hear it 🙂

  • @creatxr @julian Just tried this code, but, 'csrf_token' value is false. uid value is -1.

    Tried the same query from a web browser, this time there is a csrf_token token returned and uid value is 0.

    Why is this difference? How to avoid this in the python code?

  • NodeBB

    If you are getting uid===-1 on the /api/config route it means your request was classified as a spider. https://github.com/NodeBB/NodeBB/blob/master/src/routes/authentication.js#L38

Suggested Topics

| |