RE: Accessing nodeBB functions via Cron Jobs

Thanks, that should do the trick!

Gonna post my cronjob as soon as it's ready. Can take a few days, because of christmas.

Unfortunately the old link is not available anymore, but I found the new instructions here: http://sharp.pixelplumbing.com/en/stable/install/#freebsd

Just in case that it's going down again, here are the short instructions which are missing in the FreeBSD install documentation of NodeBB ( https://docs.nodebb.org/installing/os/freebsd/ )

pkg install -y pkgconf vips
cd /usr/ports/graphics/vips/ && make install clean

I had to add DISABLE_VULNERABILITIES=yes to the end of the last command, because of some outdated dependency in the port. AFAIK the vips package is only used during installation or upgrade of NodeBB, so that shouldn't be any security issue.

You can find some instructions on how to get it running here: http://sharp.dimens.io/en/stable/install/

You'll also need to install node8 (node10 doesn't work), npm-node8, egl and gcc5 via pkg install to successfully run the compilation of vips. Secondly you might need to add some symlinks for python (link it to python2.7; better link all the other python executables as well) and vips8 (link it to vips-8.7 in /usr/local/bin/. If the vips compilation fails in the end (can take hours) then it might still be sufficiently working for nodeBB, give it a try!

sharp itself is the package which is breaking the ./nodeBB start on FreeBSD (in my case v11.2). If you didn't fix the sharp installation before running ./nodeBB setup you might need to run npm install sharp in the nodeBB installation folder.

@julian This does work with the Write API, see my previous code example. But it doesn't work with the Read API. Should I open a GitHub issue? Which is the best repository for reporting issues to the Read API?

I did some more testing and found that the above solution does only work when sharing cookies. The Read API doesn't seem to authenticate itself against bearer tokens, but just uses the cookie.

Here is some non-sharing cookie example utilizing https://github.com/aacerox/node-rest-client:

var Client = require('node-rest-client').Client;
var client = new Client();

var args = {
  headers: { "Authorization": "Bearer faf63e0a-23a5-4c80-b281-412108cefd21" }
};

client.get("https://myforum.com/api/v1/users/1/tokens", args, function(data, response) {
  console.log(data);
  // { code: 'ok',  payload: { tokens: [ 'faf63e0a-23a5-4c80-b281-412108cefd21' ] } }
});

client.get("https://myforum.com/api/users", args, function(data, response) {
  console.log(data);
  // not-authorized
});

I don't understand your last sentence about the token query string. As far as I understood this is required for JWT, which is an alternative to bearer tokens, right?

Hi @julian
thanks for your quick answer as always!

I got it working using the Bearer token of the Write API, but experience some irreliable behavior using this method. I found that I need to create a topic first (POST /api/v1/topics) that results in a 400 Bad Request before I can access any private content or modify content according to my Authorization: Bearer TOKEN header. If I don't follow this step I always receive a not-authorized/logged_in: false. Shouldn't I be able to access private content directly when providing the correct Authorization header in my GET /api/users (example) request?

So, how can we authorize/authenticate for the Read API? The Write API plugin allows us to generate bearer tokens or JWT, but these don't seem to work with the Read API. Can you give us a simple example?

Any ideas?

@baris said:

https://github.com/NodeBB/NodeBB/issues/3988

Thanks for your quick fix. There is still a bug with nodebb-theme-persona in /templates/partials/account/header.tpl. The condition for the CoverPhoto menu should join with a isAdmin condition. Unfortunately I couldn't find out how to combine conditions. <!-- IF isSelf OR isAdmin --> ... <!-- ENDIF isSelf OR isAdmin --> or similar doesn't work.

Same here. I can't find any option to allow users changing their cover image. Only admin users can do that for their own profile (not that of others).

Thanks, that should do the trick!

Gonna post my cronjob as soon as it's ready. Can take a few days, because of christmas.