where is the api docs for nodebb?


  • @yariplus

    yes, i know. i've tried. console print before data return.

    i just want to know how the auth works, then to find the way to do what i want.

    thanks


  • it seems that 'jar' option is required. without it, even with csrf token, the reponse is '403 err'


  • This post is deleted!

  • This post is deleted!

  • now the code below with axios is success.

    const axiosCookieJarSupport = require('axios-cookiejar-support').default;
    const tough = require('tough-cookie');
    axiosCookieJarSupport(axios);
    async function authNodeBB(name,pass) {
    	let cookieJar = new tough.CookieJar();
    
    	let instance = await axios.create({
    		jar:cookieJar,
    		withCredentials: true,
    		httpsAgent: new https.Agent({ rejectUnauthorized: false, requestCert: true, keepAlive: true})
    	});
    	let res = await instance.get('https://172.16.220.133/api/config');
    	console.log(res.data.csrf_token);
    
    	instance.defaults.headers['x-csrf-token'] = res.data.csrf_token;
    
    	res = await instance.post('https://172.16.220.133/login',{username:name,password:pass});
    
    	console.log(res.statusCode);
    	console.log(res);
    }
    

  • the code with promised request is success

    async function authBB(name,pass) {
    	let jar = requestPromise.jar();
    	let res = await requestPromise({
    					url: 'https://172.16.220.133/api/config',
    					json: true,
    					jar: jar,
    					rejectUnauthorized: false,
    					requestCert: true,
    					agent: false,
    				});
    	console.log(res.csrf_token);
    
    
    
    	res = await requestPromise.post('https://172.16.220.133/login', {
    				form: {
    					username: name,
    					password: pass,
    				},
    				json: true,
    				jar: jar,
    				rejectUnauthorized: false,
    				requestCert: true,
    				agent: false,
    				headers: {
    					'x-csrf-token': res.csrf_token,
    				},
    	//			resolveWithFullResponse: true
    			});
    
    	console.log(res.header.user);
    	console.log(res);
    	console.log(res.statusCode);
    }
    

  • the code with python is success

    #coding=utf-8
    
    import requests
    
    client = requests.session()
    csrf = client.get(url='https://172.16.220.133/api/config', verify=False).json()["csrf_token"]
    
    print csrf
    
    r = client.post(url='https://172.16.220.133/login', verify=False, data={'username':'creatxr', 'password':'creatxr'}, headers={'x-csrf-token': csrf})
    print r.content
    
    
  • GNU/Linux Admin

    Glad to hear it 🙂


  • @creatxr @julian Just tried this code, but, 'csrf_token' value is false. uid value is -1.

    Tried the same query from a web browser, this time there is a csrf_token token returned and uid value is 0.

    Why is this difference? How to avoid this in the python code?

  • NodeBB

    If you are getting uid===-1 on the /api/config route it means your request was classified as a spider. https://github.com/NodeBB/NodeBB/blob/master/src/routes/authentication.js#L38

Suggested Topics

| |