Skip to content
  • Home
  • Categories
  • Recent
  • Popular
  • World
  • Top
  • Tags
  • Users
  • Groups
  • Documentation
    • Home
    • Read API
    • Write API
    • Plugin Development
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo
v3.10.3 Latest
Buy Hosting
D

dbf

@dbf
About
Posts
3
Topics
0
Groups
0
Followers
0
Following
0

Posts

Recent Best Controversial
  • About How To Generate Bearer Tokens By Using UID + Password
    D dbf

    Another thing ..

    If the option Enable authentication via JSON Web Tokens is checked in the admin panel of the Write API, the request to /v1/users/:uid/tokens with password in the content body never gets hit, so it's not possible to choose between the two.

    So either

    • uncheck authentication via JSON Web Tokens and use password based request for tokens or ..
    • configure JSON Web Token Secret to request tokens and forget about password based generation.

    It doesn't say anything about it in the API's documentation

    • POST /:uid/tokens
      Creates a new user token for the passed in uid
      Accepts: No parameters normally, will accept password in lieu of Bearer token
      Can be called with an active token for that user
      This is the only route that will allow you to pass in password in the request body. Generate a new token and then use
      the token in subsequent calls.
  • About How To Generate Bearer Tokens By Using UID + Password
    D dbf

    @julian sadly ..

    My configuration is behind a nginx proxy, where the NodeBB install is on a seperate server but part of the domains URL, e.g. www.example.com/bb

    The window.config is also showing { .. relative_path: '/bb' .. } correctly, though I'm not using NodeBB's frontend nor an iframe. I've implemented the forum within the main DOM of the corporate website and wrote a custom requirejs frontend where the forum, chats and group-chats are completely integrated with the DOM itself and doesn't get stuck on usability due to the iframe. It's almost as simple as requesting the templates under /assets and request the data, render, translate and add or remove some bits from the compiled view.

    Back to write-api

    The config.json used

        "url":"http://www.example.com/bb",
    "port":4567,
    "secret": "587c152e-...",
    "database": "mongo",
    "mongo": {
        "host": "127.0.0.1",
        "port": "27017",
        ....
    },
    "socket.io": {
    	"origins": "*:*"
   },
   etc ..

    Nginx proxy is configured with proxy_pass "locally"

    location ^~ /bb {
    proxy_pass                                      http://nodebb-server-ip:4567/bb;
    proxy_http_version                              1.1;
    proxy_set_header Upgrade                        $http_upgrade;
    proxy_set_header Connection                     "upgrade";


    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;

    proxy_redirect                                  off;

    proxy_read_timeout                              1800;
    client_max_body_size                            4G;
}

    Simple test at the beginning of nodebb-plugins-write-api/routes/v1/middleware.js

    Middleware.requireUser = function(req, res, next) {
        var writeApi = require.main.require('nodebb-plugin-write-api');
        var routeMatch;

        console.log('req.originalUrl: '+req.originalUrl);
        console.log('matching: [/^\/api\/v\d+\/users\/(\d+)\/tokens$/)]');
        console.log(req.originalUrl.match(/^\/api\/v\d+\/users\/(\d+)\/tokens$/));
        console.log('matching: [/^(.*?)\/api\/v\d+\/users\/(\d+)\/tokens$/)]');
        console.log(req.originalUrl.match(/^(.*?)\/api\/v\d+\/users\/(\d+)\/tokens$/));

    Gives following output in dev mode:

    20/6 09:28:14 [8841] - info: NodeBB Ready
20/6 09:28:14 [8841] - info: Enabling 'trust proxy'
20/6 09:28:14 [8841] - info: NodeBB is now listening on: 0.0.0.0:4567

req.originalUrl: /bb/api/v1/users/99/tokens
matching: [/^/api/vd+/users/(d+)/tokens$/)]
null

matching: [/^(.*?)/api/vd+/users/(d+)/tokens$/)]
[ '/bb/api/v1/users/99/tokens',
  '/bb',
  '99',
  index: 0,
  input: '/bb/api/v1/users/99/tokens' ]

    The routeMatch index for getting the :uid then changes from [1] to [2]

    // If token generation route is hit, check password instead
var uid = routeMatch[2];

    There is probably a better solution for (.*?) instead.

  • About How To Generate Bearer Tokens By Using UID + Password
    D dbf

    @Systemd-K
    Indeed, I believe there is a small regex bug in the write-api.

    req.originalUrl.match(/^\/api\/v\d+\/users\/(\d+)\/tokens$/))

    should be (or something equivalent)

    req.originalUrl.match(/^(.*?)\/api\/v\d+\/users\/(\d+)\/tokens$/)

    My configuration of NodeBB lies behind a nginx proxy, where its base URL is www.example.com/forum. In the config.json I set the URL to its designated base URL in order to also access the forum itself (load css properly, csrf-token, etc), e.g.

    { "url":"http://www.example.com/forum", "port":4567 }

    The req.originalUrl will be /forum/api/v1/users/:uid after any request, instead of the expected URL according to the regex /^\/api\/v\d+\/users\/(\d+)\/tokens$/

    I modified the regex and it's working like a charm now.

  • Login
  • Don't have an account? Register
  • Login or register to search.
Powered by NodeBB Contributors
  • First post
    Last post
0
  • Home
  • Categories
  • Recent
  • Popular
  • World
  • Top
  • Tags
  • Users
  • Groups
  • Documentation
    • Home
    • Read API
    • Write API
    • Plugin Development