Brainstorm Session: Authenticate Against NodeBB Users



  • I'm exploring migrating my site's users from Quakenet to my own IRC or XMPP server, with frontends of either converse.js or KiwiIRC.

    Ideally, I'd like to authenticate users against NodeBB somehow, only allowing those users to enter the chat.

    It seems like one way to do this would be a API-like hook against NodeBB auth.init. A second, perhaps more robust way, would be to migrate my DB to MongoDB and authenticate, but I couldn't find (quickly) details about Unreal and IRC-seven's authentication.

    Another hack may be to lock down the IRC server to localhost and only allow access to the web interface from NodeBB using referral checking:

    location ~ ^/([a-zA-Z0-9\.\-]*)/(.*) {
        if ($http_referer !~ "^$1.*$"){
                return 403;
        }
    }
    

    What are your ideas?


  • GNU/Linux Admin

    Hmm... there's always /nickserv identify, but I have absolutely zero idea how that even works.

    What if you made your own bot that listened for private messages from users, and verified them? So all I had to do was /yourbot julian hunter2?

    Then your bot would probably communicate with a companion plugin on our end to verify users by username/password... There's a possibly MITM issue present if you don't use HTTPS though... less so if everything is on one machine and you're communicating via localhost connections...


Log in to reply
 

Suggested Topics

| |