Hey @WolfiiDev -- thanks for posting. We actually noticed this internally yesterday, but if only we'd known you figured this out yesterday as well, that would've helped.
That said, the latest version of NodeBB should resolve this.
It looks like NodeBB is using
express.sesson with the
redis-connect store (or at least I am because I'm not using Mongo). I'm not too familiar with those libraries as I haven't really used NodeJS very much. I'm wondering if it's possible to pull user session objects so I can use them to authenticate my GET requests.
I ask this because I'm trying to retrieve all categories via the API
/api/categories. When I'm authenticated (using cookies in the browser), I'm able to get all categories but when I'm not authenticated, I'm only able to retrieve publicly accessible categories.
Ideally, I prefer to use an authentication system that's similar to the write-api... but if cookies are the only way to authenticate requests, I'm OK with it. I just need to be able to pull user cookies and cache them on my backend and either extend the expiration or push changes to my backend whenever the cookies expire.
There are probably better ways to do this. I need some more info to help you out:
Let me know if you need more information.
@truetuna Do you have access to the Node server?
@pitaj Yep I have access.
@truetuna if I were you, I would write a simple NodeBB plugin that adds a new route listening on
/api/cats or something like that. It verifies a post request for a certain secret key-value pair.
Here are some functions you'll need:
You'll also want to look at some NodeBB plugins for reference of how to use the
static:init hook to register routes.
You should then be able to send a post request to
your.site/cats/ and get a JSON response of all the categories.
That sounds like a better solution. However I do see a problem as it would mean if I want to do the same for topics, groups and whatever else I'd have to have make lots of different API endpoints.
Here's another idea, let me know if you think it's terrible. I extend the write-api to listen to all requests (not sure if there's a hook for that). In the request, I send up the same auth token I use for the write-api as well as the
_uid of the user I'm impersonating. In the request hook I authenticate the request and set the authenticated user to be the user with the specified
So when I hit
/api/* then it will just know what user is being authenticated. Is any of this possible with NodeBB (v0.7.x branch)?