Skip to content
  • Home
  • Categories
  • Recent
  • Popular
  • World
  • Top
  • Tags
  • Users
  • Groups
  • Documentation
    • Home
    • Read API
    • Write API
    • Plugin Development
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo
v3.10.3 Latest
Buy Hosting
  1. Home
  2. NodeBB Development
  3. Restricting Write API Access

Restricting Write API Access

Scheduled Pinned Locked Moved NodeBB Development
3 Posts 2 Posters 596 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • LazL Offline
    LazL Offline
    Laz
    wrote on last edited by
    #1

    Hello again, people must be getting annoyed with my questions by this point.

    I was wondering if it is possible to setup the write API plugin so that a user can only have access to certain routes. Specifically, I am looking to create a user token, that only has the ability to create other users. I have a third party application that someone can login to the forums with and, if they lack an account, create new accounts with.

    Due to how the write API functions, or at least from what I can gather, once they have a token they can do anything their user can do. Is there a way to achieve what I am attempting, or perhaps a better method?

    P.S. As a side note, and probably something that should be it's own topic, is it possible to login to the API/forums via a token based system? I want a user to be able to login with their username and password then store a token or something similar that will 'keep them logged in' as it were as long as the token is valid. I'd imagine doing this by storing the token, then logging in via the token itself, instead of a username/password.

    1 Reply Last reply
    0
    • PitaJP Offline
      PitaJP Offline
      PitaJ Global Moderator Plugin & Theme Dev
      wrote on last edited by
      #2

      There's no easy way to do this. What you could do is essentially create a new plugin with a paired-down write API.

      I assume this is for a bot?

      1 Reply Last reply
      0
      • LazL Offline
        LazL Offline
        Laz
        wrote on last edited by
        #3

        If it were a bot, I could assign it a token from the ACP. I am creating a third party application that interfaces with NodeBB. It needs to be able to inherently create new user accounts, and then also login as them (which is where logging in via a token would come into play). I suppose it would be possible to create an account via a socket connection directly, but I imagine I could have uses to some of the write API methods anyways.

        Is it possible to programmatically create user tokens for the Write API? If that's the case, I could use a socket to create the account, and then generate a JWT token specifically for that user rather than hacking something into the application itself. That would leave the only hurdle being logging in, but at that point I could just store encrypted login credentials in a config file, and login to the API using https://github.com/NicolasSiver/nodebb-plugin-ns-login

        1 Reply Last reply
        0

        Copyright © 2024 NodeBB | Contributors
        • Login
        • Don't have an account? Register
        • Login or register to search.
        Powered by NodeBB Contributors
        • First post
          Last post
        0
        • Home
        • Categories
        • Recent
        • Popular
        • World
        • Top
        • Tags
        • Users
        • Groups
        • Documentation
          • Home
          • Read API
          • Write API
          • Plugin Development