Community

Brainstorm Session: Authenticate Against NodeBB Users

General Discussion
  • G

    I'm exploring migrating my site's users from Quakenet to my own IRC or XMPP server, with frontends of either converse.js or KiwiIRC.

    Ideally, I'd like to authenticate users against NodeBB somehow, only allowing those users to enter the chat.

    It seems like one way to do this would be a API-like hook against NodeBB auth.init. A second, perhaps more robust way, would be to migrate my DB to MongoDB and authenticate, but I couldn't find (quickly) details about Unreal and IRC-seven's authentication.

    Another hack may be to lock down the IRC server to localhost and only allow access to the web interface from NodeBB using referral checking:

    location ~ ^/([a-zA-Z0-9\.\-]*)/(.*) {
    if ($http_referer !~ "^$1.*$"){
            return 403;
    }
}

    What are your ideas?

    0
  • julianJ

    Hmm... there's always /nickserv identify, but I have absolutely zero idea how that even works.

    What if you made your own bot that listened for private messages from users, and verified them? So all I had to do was /yourbot julian hunter2?

    Then your bot would probably communicate with a companion plugin on our end to verify users by username/password... There's a possibly MITM issue present if you don't use HTTPS though... less so if everything is on one machine and you're communicating via localhost connections...

    0

Suggested Topics

  • Peter-Zoltan KeresztesP

    Using nodebb with haproxy as a frontend

    General Discussion
    0 Votes
    1 Posts
    848 Views
    Peter-Zoltan KeresztesP

    Hello,

    I am trying to setup nodebb with haproxy instead of nginx as frontend. Everything seam to be working however I am getting lots of 403 on /socket.io/ requests.

    frontend http-in mode http bind 0.0.0.0:80 redirect scheme https code 301 if !{ ssl_fc } frontend https-in bind 0.0.0.0:443 ssl crt /etc/letsencrypt/live/test/test.pem http-response set-header strict-transport-security "max-age=31536000; includeSubDomains" http-response set-header Content-Security-Policy "default-src 'self' wss: https: *.startech-rd.tk/*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' https://casper.ghost.org/ https://www.gravatar.com/ data:; font-src 'self' https:" http-response set-header X-XSS-Protection "1; mode=block" http-response set-header X-Content-Type-Options "nosniff" http-response set-header Referrer-Policy "no-referrer" reqadd X-Forwarded-Proto:\ https acl is_websocket hdr(Upgrade) -i WebSocket acl is_websocket path_sub -i /socket.io/ use_backend bk_ws if is_websocket acl acl_comments path_beg -i /comments use_backend comments if acl_comments backend comments mode http balance leastconn timeout connect 1s timeout server 600s timeout queue 600s option redispatch retries 3 acl is_woff capture.req.uri -m sub .woff acl is_ttf capture.req.uri -m sub .ttf acl is_eot capture.req.uri -m sub .eot http-response set-header Cache-Control public if is_eot or is_woff or is_ttf http-response set-header Expires -1 if is_eot or is_woff or is_ttf http-response set-header Pragma cache if is_eot or is_woff or is_ttf cookie nodebb insert indirect nocache secure server node1 10.160.125.81:4567 cookie nodebb_node1 check inter 1000 fastinter 500 rise 2 fall 1 server node2 10.160.125.82:4567 cookie nodebb_node2 check inter 1000 fastinter 500 rise 2 fall 1 backend bk_ws option redispatch balance roundrobin option forwardfor option httpclose server node1 10.160.125.81:4567 maxconn 30000 weight 10 cookie ws_node1 check server node2 10.160.125.82:4567 maxconn 30000 weight 10 cookie ws_node2 check```

    I have tried to connect directly without haproxy and the websockets are connecting correctly. However I've seen that using the haproxy the websocket protocol changed from wss to https.

    Any suggestions on how to fix this?

  • C

    "NodeBB could not connect to your Mongo database" Error

    Technical Support
    0 Votes
    8 Posts
    4104 Views
    Amit yadavA

    @zaasmi
    try this

    mongo -u "admin" --authenticationDatabase "admin" -p

  • Gaurav Grv RobinsonG

    NodeBB 0.9.4 to 1.0.0 changes and how to upgrade ?

    General Discussion
    0 Votes
    4 Posts
    1965 Views
    frissdiegurkeF

    @wellenreiter Actually the new version is 1.0.0, the new branch is called v1.x.x as you mentioned. This is a big difference 😉

  • J

    What does your nodebb setup look like and how many users can it handle?

    General Discussion
    0 Votes
    1 Posts
    734 Views
    J

    I was looking into trying to figure out server costs with an estimated number of people, but figured it would be best to get some real world data to compare it to! So if you don't mind I would love to hear about your server specs/setup and how many users that handles!

  • Coman CosminC

    Write API not working

    Technical Support
    0 Votes
    11 Posts
    3752 Views
    Coman CosminC

    @pitaj said:

    npm install

    It works now. Thanks a lot for your help. Would have never figured out by myself:)

    Awesome idea with this API btw, i almost gave up because i'm not familiar with nodejs, but when i found this plugin i realised that this is no longer an issue:)

    Great work guys

Copyright © 2023 NodeBB | Contributors