I was able to install it by following the instructions from here: https://products.containerize.com/discussion-forum/nodebb
I already have node.js installed on my computer. I did not install redis or nginx.
I have a mac, so on Terminal, after I created a directory called "nodebb", I skipped the first few lines of the instructions, and just pointed to the directory I created, by using the "cd" command. I then created another directory called NodeBB inside the nodebb directory. You may skip creating two directories and just create a directory called "NodeBB". I pointed to this directory by using the cd command.
Then this line
"git clone -b v1.15.x https://github.com/NodeBB/NodeBB.git ."
was the key for me.
After I typed that, nodebb was cloned to the directory.
Then I ran "./nodebb setup".
I used mongo for the database.
When prompted, I pasted the connection string that I got from mongodb's site. I substituted "nodebb" for the database part in the string. (I set up mongodb (Cloud Atlas) beforehand). The instructions that come up on Terminal will tell you to call your database "nodebb".
After that step, the program ran automatically and installed the files. It asked me to put in the username and password for mongodb and it also asked me to choose a name for admin and password. You might have to wait a while as it pauses for a long time after "Confirm Password". I thought there was some problem and was tempted to abort the operation, as it was taking a long time, but it did come up with further instructions after a while.
I typed "./nodebb start" when the setup finished and then went to "localhost:4567", and this time, I was able to see a normal board, and could log in as admin.
I write this follow-up in case another mac user has trouble installing nodebb. In the end, setup was pretty straightforward and did not involve a lot of steps. My OS is High Sierra.
The instructions, including the ones for Linux, at the official nodebb site did not work for me.
Using Write API with cookie auth
-
Hi
I've managed to login to NodeBB via the API and I am using cookies to store the session.
I can also read data from the API using this cookie to authenticate myself.But when I try to use the /api/v3/ write API functions to write stuff to NodeBB I get an error "Forbidden".
If I use Bearer-authentication everything works ok.The documentation says cookie auth should be enough. But is this trure?
OK: curl --request PUT -H "Authorization: Bearer 123456-b123-1234-1234-123123123123" --header 'Content-Type: application/json' --data '{"delta":1}' https://www.mynodebbthing.com/api/v3/posts/123/vote
NOT OK: curl --request PUT --cookie "express.sid=s:kYz-N-SAiyq_DNtjPep6Msq3x2eEW_o.IXPlo3AaW5jxQCZ97G1rNvhjUU; Path=/; HttpOnly; Secure; SameSite=Lax" https://www.mynodebbthing.com/api/v3/posts/123/vote
-
You were correct. I wasn't passing on a CSRF-token. Now everything works ok. The documentation about CSRF-tokens is very sketchy. It's documented in some places that you need tokens, but not in other places.
From what I can find I can only get the CSRF-token from the /api/config endpoint. Are there other options?
Also after working with this and finding basically no documentation on CSRF-tokens I am leaning on using bearer-auth to access the API instead. Which method is the most stable, bearer-auth or cookies?
-
Correct, the only place to retrieve the csrf token is from the /api/config endpoint.
Neither method is superior to the other. When we were building out the original api, we use cookie authentication as it was built in to the browser. With the advent of the write api, I added bearer token authentication to enable easier server-to-server communication.
The read API is meant to be used with cookie authentication, the write API is meant to be used with bearer authentication, although both support both types.
-
J julian forked this topic on
-
Can anyone send me a complete example of how to use the "csrf token" received by calling the /api/config endpoint?
-
J julian locked this topic on
