How do I pull user session objects from the Redis db?

Technical Support
  • It looks like NodeBB is using express.sesson with the redis-connect store (or at least I am because I'm not using Mongo). I'm not too familiar with those libraries as I haven't really used NodeJS very much. I'm wondering if it's possible to pull user session objects so I can use them to authenticate my GET requests.

    I ask this because I'm trying to retrieve all categories via the API /api/categories. When I'm authenticated (using cookies in the browser), I'm able to get all categories but when I'm not authenticated, I'm only able to retrieve publicly accessible categories.

    Ideally, I prefer to use an authentication system that's similar to the write-api... but if cookies are the only way to authenticate requests, I'm OK with it. I just need to be able to pull user cookies and cache them on my backend and either extend the expiration or push changes to my backend whenever the cookies expire.

  • There are probably better ways to do this. I need some more info to help you out:

    1. Is this other backend in Node?
    2. Is it on the same server?
    3. Can you code in JavaScript for Node?
  • @pitaj

    1. Nope - it's using Django
    2. Nope - separate server
    3. Yep I can do that

    Let me know if you need more information.

  • @truetuna Do you have access to the Node server?

  • @pitaj Yep I have access.

  • @truetuna if I were you, I would write a simple NodeBB plugin that adds a new route listening on /api/cats or something like that. It verifies a post request for a certain secret key-value pair.

    It will then reply with JSON. This is all done within about 50 lines of JavaScript, probably easier than fetching a specific user's session information.

    Here are some functions you'll need:

    You'll also want to look at some NodeBB plugins for reference of how to use the static:init hook to register routes.

    You should then be able to send a post request to and get a JSON response of all the categories.

  • @pitaj Thanks!

    That sounds like a better solution. However I do see a problem as it would mean if I want to do the same for topics, groups and whatever else I'd have to have make lots of different API endpoints.

    Here's another idea, let me know if you think it's terrible. I extend the write-api to listen to all requests (not sure if there's a hook for that). In the request, I send up the same auth token I use for the write-api as well as the _uid of the user I'm impersonating. In the request hook I authenticate the request and set the authenticated user to be the user with the specified _uid.

    So when I hit /api/* then it will just know what user is being authenticated. Is any of this possible with NodeBB (v0.7.x branch)?

  • pinging @pitaj & @julian

Suggested Topics