where is the api docs for nodebb?



  • where is the api docs for nodebb?

    i want to know how to post to nodebb/login for authentication
    and what's its response.

    thanks.


  • GNU/Linux Admin

    You can mimic a standard login by POSTing /login with username and password (and csrf token).

    Otherwise, if you're looking to access protected user data via API, then you may want to look into Write API, which allows you to use bearer tokens to access user data.



  • i write code like it's in the test .js below:


    async function loginNodeBB(name,pass) {
    	let jar = request.jar();
    	let res = await request.post('https://localhost/login',{
    			form: {
    				username: name,
    				password: pass
    			},
    			json: true,
    			jar: jar,
    			rejectUnauthorized: false,
    			requestCert: true,
    			agent: false,
    			headers: {
    			}
    		});
    	console.log(res.body);
    }
    
    loginNodeBB('creatxr','creatxr');
    

    console message is:

    username=creatxr&password=creatxr

    it doesn't get the info if the user is authenticated or not !



  • @julian

    if i do like this

    async function loginNodeBB(name,pass) {
    	let jar = request.jar();
    	let res = await request.post('https://172.16.220.133/login',{
    			form: {
    				username: name,
    				password: pass
    			},
    			json: true,
    			jar: jar,
    			rejectUnauthorized: false,
    			requestCert: true,
    			agent: false,
    			headers: {
    			}
    		},
    			function (err, response, body) {
    				console.log(body);
    				console.log('1111111111111');
    			}
    		);
    	console.log(res.body);
    }
    

    output is:

    username=creatxr&password=creatxr
    Forbidden
    1111111111111


  • GNU/Linux Admin

    Looks like you're not passing CSRF token in. You can get it by checking config.csrf_token on client side. Pass it in under x-csrf-token header.



  • @julian

    async function loginNodeBB(name,pass) {
    	let jar = request.jar();
    	let res = await request({
    		url: 'https://172.16.220.133/api/config',
    		json: true,
    		jar: jar,
    		rejectUnauthorized: false,
    			requestCert: true,
    			agent: false,
    	}, function(err,res,body) {
    		if(err) {
    			console.log(err);
    		}
    console.log('11111111111111');
    		request.post('https://172.16.220.133/login', {
    				form: {
    					username: name,
    					password: pass,
    				},
    				json: true,
    				jar: jar,
    				rejectUnauthorized: false,
    			requestCert: true,
    			agent: false,
    				headers: {
    					'x-csrf-token': body.csrf_token,
    				},
    			}, function (err, res, body) {
    				//callback(err, response, body, jar);
    				console.log(err);
    	//			console.log(res);
    	//			console.log(jar);
    			});
    	}
    
    	);
    }
    

    now i change like this,
    even username or password is wrong,
    the err always is 'null'
    how can i know authentication is passed?


  • Global Moderator

    @creatxr res.statusCode



  • @PitaJ

    thanks.

    if success, code is 200 ? i think i get it.
    if not , code is 403 ? or maybe has others.


  • Community Rep

    Not to be picky, but request is not a Promise. async is doing nothing.



  • @yariplus

    yes, i know. i've tried. console print before data return.

    i just want to know how the auth works, then to find the way to do what i want.

    thanks



  • it seems that 'jar' option is required. without it, even with csrf token, the reponse is '403 err'



  • This post is deleted!


  • This post is deleted!


  • now the code below with axios is success.

    const axiosCookieJarSupport = require('axios-cookiejar-support').default;
    const tough = require('tough-cookie');
    axiosCookieJarSupport(axios);
    async function authNodeBB(name,pass) {
    	let cookieJar = new tough.CookieJar();
    
    	let instance = await axios.create({
    		jar:cookieJar,
    		withCredentials: true,
    		httpsAgent: new https.Agent({ rejectUnauthorized: false, requestCert: true, keepAlive: true})
    	});
    	let res = await instance.get('https://172.16.220.133/api/config');
    	console.log(res.data.csrf_token);
    
    	instance.defaults.headers['x-csrf-token'] = res.data.csrf_token;
    
    	res = await instance.post('https://172.16.220.133/login',{username:name,password:pass});
    
    	console.log(res.statusCode);
    	console.log(res);
    }
    


  • the code with promised request is success

    async function authBB(name,pass) {
    	let jar = requestPromise.jar();
    	let res = await requestPromise({
    					url: 'https://172.16.220.133/api/config',
    					json: true,
    					jar: jar,
    					rejectUnauthorized: false,
    					requestCert: true,
    					agent: false,
    				});
    	console.log(res.csrf_token);
    
    
    
    	res = await requestPromise.post('https://172.16.220.133/login', {
    				form: {
    					username: name,
    					password: pass,
    				},
    				json: true,
    				jar: jar,
    				rejectUnauthorized: false,
    				requestCert: true,
    				agent: false,
    				headers: {
    					'x-csrf-token': res.csrf_token,
    				},
    	//			resolveWithFullResponse: true
    			});
    
    	console.log(res.header.user);
    	console.log(res);
    	console.log(res.statusCode);
    }
    


  • the code with python is success

    #coding=utf-8
    
    import requests
    
    client = requests.session()
    csrf = client.get(url='https://172.16.220.133/api/config', verify=False).json()["csrf_token"]
    
    print csrf
    
    r = client.post(url='https://172.16.220.133/login', verify=False, data={'username':'creatxr', 'password':'creatxr'}, headers={'x-csrf-token': csrf})
    print r.content
    
    

  • GNU/Linux Admin

    Glad to hear it 🙂



  • @creatxr @julian Just tried this code, but, 'csrf_token' value is false. uid value is -1.

    Tried the same query from a web browser, this time there is a csrf_token token returned and uid value is 0.

    Why is this difference? How to avoid this in the python code?



  • If you are getting uid===-1 on the /api/config route it means your request was classified as a spider. https://github.com/NodeBB/NodeBB/blob/master/src/routes/authentication.js#L38


Log in to reply
 

Suggested Topics

  • 8
  • 10
  • 32
  • 6
  • 7
| |