Invalid URI When Posting

Technical Support

Suggested Topics


  • 0 Votes
    3 Posts
    389 Views
    const topicId = 5; const keys = db.objects.find({ _key: "tid:" + topicId + ":posts" }).map(i => 'post:' + i.value); printjson(db.objects.find({ _key: { $in: keys } }).toArray());

    You can save this in a file called query.js and then execute it with mongo localhost:27017/mydb query.js

    It will output something like

    [ { "_id" : ObjectId("5547ae6a65190fe21225ec2b"), "_key" : "post:124", "pid" : 124, "uid" : 47, "tid" : 5, "content" : "I like it too :)", "timestamp" : 1376791225638, "bookmarks" : 2 }, { "_id" : ObjectId("5547aee765190fe212296f10"), "_key" : "post:18", "pid" : 18, "uid" : 2, "tid" : 5, "content" : "Thank you :)", "timestamp" : 1373686442781 } ]
  • 0 Votes
    3 Posts
    395 Views

    @baris awesome!
    thx

  • 0 Votes
    1 Posts
    557 Views

    I've recently been trying to setup NodeBB on my server, but whenever i try to login or register the POST request returns a 403 forbidden response and NodeBB logs an "invalid csrf token" error.

    The following software packages are used:

    NodeBB 1.10.1 MongoDB 3.2.11 Node.js 8.11.4 Debian 9.3

    NodeBB itself is a subfolder installation in https://endless-endeavors.theswc.net/forum/. The node server is multi-tenant and works with express.js as a router/reverse proxy. All external http requests are redirected to https, but requests to the nodeBB server are proxied internally over http. Essentially this is the flow for an incoming forum request:

    main server app -> enforce https, direct request to endless-endeavors.theswc.net directory host/domain app -> Check url, if /forum, proxy to port 4567 over http (or wss if websocket) let nodeBB do its thing.

    I've been googling and have found quite a few threads, but none of the suggested solutions have worked. things i have tried so far:

    Check url in config.json: 'https://endless-endeavors.theswc.net/forum/' Make sure cookieDomain is '' in MongoDB Including header 'X-Forwarded-Proto: https' Including header 'X-Forwarded-SSL: on' Including header 'X-Url-Scheme: https'
    I've also found that in the GET request for the login form, no X-CSRF-Token header is received. The form itself however is populated with a token.

    Lastly, here are the relevant code snippets:

    main server app

    #!/usr/bin/env nodejs // filename: app.js const http = require('http'); const https = require('https'); const fs = require('fs'); const express = require('express'); const vhost = require('vhost'); const app = express(); const sslOptions = { cert: fs.readFileSync('./.sslcert/fullchain.pem'), key: fs.readFileSync('./.sslcert/privkey.pem') } http.createServer(function(req, res) { res.writeHead(301, { "Location": "https://" + req.headers['host'] + req.url }); res.end(); }).listen(80); app .use(require('helmet')()) .use(express.static(__dirname + '/static')) <redacted, other domains> .use(vhost('endless-endeavors.theswc.net', require('./apps/EndlessEndeavors').app)) app.get('/', function (req, res) { res.writeHead(200, {'Content-Type': 'text/plain'}); res.end(''); });

    domain app

    const express = require('express') const app = express(); const http = require('http'); const httpProxy = require('http-proxy'); const proxy = httpProxy.createProxyServer(); app.use('/static',express.static(__dirname + '/static')); app.use('', express.static(__dirname + '/dist/EndlessEndeavors')); app.all('/forum[/]+*', function(req, res){ if(req.url.substr(0,18).indexOf('socket.io')>-1){ console.log('got socket request'); proxy.web(req, res, {target: 'wss://endless-endeavors.theswc.net:4567', ws: true}); } else { res.header('X-Forwarded-Proto','https'); res.header('X-Forwarded-Ssl','on'); res.header('X-Url-Scheme','https'); res.header('Access-Control-Allow-Origin','endless-endeavors.theswc.net'); proxy.web(req, res, {target: 'http://endless-endeavors.theswc.net:4567'}); } }); app.all('/forum$', function(req, res) { res.writeHead(301, { "Location": "https://" + req.headers['host'] + '/forum/' }); res.end(); } ) exports.app = app;

    nodeBB config.json

    { "url": "https://endless-endeavors.theswc.net/forum/", "secret": "<redacted>", "database": "mongo", "port": 4567, "mongo": { "host": "127.0.0.1", "port": 27017, "username": "<redacted>", "password": "<redacted>", "database": "<redacted>", "uri": "<redacted>" } }

    Hopefully this is enough into to help find the cause of the invalid csrf token issue... i have no idea what else could be wrong at this point.

  • 2 Votes
    5 Posts
    2k Views

    @MJ My solution. For demo you can look at my forum (russian language)

    WARNING!!! It is dirty solution (change source code may cause problem with updating in future, you must know how to solve it) and I am not recommend use it, if you didn't understand what you do. Solution without localization, use it only if your forum use only one language (or change code and use number month)

    1. Set cutoff settings for timeago library

    Open acp > custom HTML&CSS > Custom Header and add this:

    <script type="text/javascript"> jQuery(document).ready(function() { jQuery.timeago.settings.cutoff = 2419200000; }); </script>

    In this example I set 28 days for relative date (1000 * 60 * 60 * 24 * 28 = 2419200000), you can change it.

    Didn't forget turn on checkbutton "Enable Custom Header" and save changes. After this, all dates older 28 days become unvisible.

    2 Change timeago library

    Onen file public/vendor/jquery/timeago and this code:

    if (!isNaN(data.datetime)) { if ( $s.cutoff == 0 || Math.abs(distance(data.datetime)) < $s.cutoff) { $(this).text(inWords(data.datetime)); } }

    replace to this:

    if (!isNaN(data.datetime)) { if ( $s.cutoff === 0 || Math.abs(distance(data.datetime)) < $s.cutoff) { $(this).text(inWords(data.datetime)); } else { var monthNames = [ "Jan", "Feb", "Mar", "Apr", "May", "June", "July", "Aug", "Sept", "Oct", "Nov", "Dec" ]; var day = data.datetime.getDate() var year = data.datetime.getFullYear(); var monthIndex = data.datetime.getMonth(); var hours = ("0" + data.datetime.getHours()).slice(-2); var minutes = ("0" + data.datetime.getMinutes()).slice(-2); $(this).text(day + ' ' + monthNames[monthIndex] + ' ' + year + ' ' + hours + ':' + minutes); } } 3. Restart forum

    All must work fine

    Revert changes back

    If you need revert changes, you can do it with command

    git checkout /public/vendor/jquery/timeago/jquery.timeago.js

    And remove added text from acp > custom HTML&CSS > Custom Header

  • 0 Votes
    14 Posts
    8k Views

    What I did was, I installed the lobby app. Some feature are working but most them are not. Like when I tried to change the app setting in admin configuration, I got this Error.

    orbiddenError: invalid csrf token
    at verifytoken (/home/maycel.casilag/Lobby-App-master/node_modules/express/node_modules/connect/node_modules/csurf/index.js:269:11)
    at Object.csrf [as handle] (/home/maycel.casilag/Lobby-App-master/node_modules/express/node_modules/connect/node_modules/csurf/index.js:97:7)
    at next (/home/maycel.casilag/Lobby-App-master/node_modules/express/node_modules/connect/lib/proto.js:174:15)
    at methodOverride (/home/maycel.casilag/Lobby-App-master/node_modules/express/node_modules/connect/node_modules/method-override/index.js:79:5)
    at /home/maycel.casilag/Lobby-App-master/node_modules/express/node_modules/connect/lib/middleware/methodOverride.js:41:7
    at methodOverride (/home/maycel.casilag/Lobby-App-master/node_modules/express/node_modules/connect/node_modules/method-override/index.js:79:5)
    at Object.handle (/home/maycel.casilag/Lobby-App-master/node_modules/express/node_modules/connect/lib/middleware/methodOverride.js:39:5)
    at next (/home/maycel.casilag/Lobby-App-master/node_modules/express/node_modules/connect/lib/proto.js:174:15)
    at /home/maycel.casilag/Lobby-App-master/node_modules/express/node_modules/connect/node_modules/express-session/index.js:433:7
    at /home/maycel.casilag/Lobby-App-master/sqlite-store.js:65:15

    Please help me because I'm stuck.

    Thank You!
    POST /docusign_test 403 19.811 ms - -