@julian I'm clearly in over my head. 
Luckily, someone's created a socket.io client library for Python—I'll fiddle with that for a while and report back for posterity if I make any headway.
Thanks again.
U
Best posts made by user
-
RE: Logging in programmatically; Using access token from read API with write API plugin?posted in NodeBB Development
-
RE: Logging in programmatically; Using access token from read API with write API plugin?posted in NodeBB Development
Reporting back. Using existing libraries, this is much simpler than I was making it. Here's some sample Python code which posts "Hello, World!" to topic ID 2. Thanks, @julian, for telling me about socket.io.
from socketIO_client import SocketIO, LoggingNamespace import requests import json session = requests.Session() csrf_token = json.loads(session.get('http://yourdomain:port/api/config').text)['csrf_token'] headers = { 'x-csrf-token': csrf_token } data = { "username": "yourUsername", "password": "yourPassword" } response = session.post("http://yourdomain:port/login", headers=headers, data=data) def on_response(*args): print('on_response', json.dumps(args)) with SocketIO('yourdomain', port, LoggingNamespace, cookies=session.cookies.get_dict()) as s: s.emit('posts.reply', {'tid': 2, 'content': "Hello, World!"}, on_response) s.wait_for_callbacks(seconds=1)
Latest posts made by user
-
RE: Logging in programmatically; Using access token from read API with write API plugin?posted in NodeBB Development
Reporting back. Using existing libraries, this is much simpler than I was making it. Here's some sample Python code which posts "Hello, World!" to topic ID 2. Thanks, @julian, for telling me about socket.io.
from socketIO_client import SocketIO, LoggingNamespace import requests import json session = requests.Session() csrf_token = json.loads(session.get('http://yourdomain:port/api/config').text)['csrf_token'] headers = { 'x-csrf-token': csrf_token } data = { "username": "yourUsername", "password": "yourPassword" } response = session.post("http://yourdomain:port/login", headers=headers, data=data) def on_response(*args): print('on_response', json.dumps(args)) with SocketIO('yourdomain', port, LoggingNamespace, cookies=session.cookies.get_dict()) as s: s.emit('posts.reply', {'tid': 2, 'content': "Hello, World!"}, on_response) s.wait_for_callbacks(seconds=1) -
RE: Logging in programmatically; Using access token from read API with write API plugin?posted in NodeBB Development
@julian I'm clearly in over my head.
Luckily, someone's created a socket.io client library for Python—I'll fiddle with that for a while and report back for posterity if I make any headway.Thanks again.
-
RE: Logging in programmatically; Using access token from read API with write API plugin?posted in NodeBB Development
@julian I understand re: the csrf token—as far as I can tell, the express.sid cookie is used for authorization after the user logs in. I'm able to log in and successfully use the read API.
In lieu of using the write API in the way that I wanted to, I assume that I should be able to use websockets as the web client does, but I'm having trouble working out exactly how to do so.
On my end, this is what looks to be occurring:
- client gets csrf token from /api/config
- client performs GET request to /socket.io/?EIO=3&transport=polling
- client is issued 'io' cookie (related to websocket?) and express.sid cookie—I assume this is a session cookie
- client sends POST request to /login with the csrf token in the header, username and password in the request body, all of the relevant cookies
- HTTP 200 response
- user is then logged in and subsequent requests sent with cookies work as expected; can access private pages, etc.
Regarding websocket connections:
- 'io' cookie is used as 'sid' in query string to open an initial websocket: /socket.io/?EIO=3&transport=websocket&sid=[io cookie here]
- client seems to send payload containing 2probe
- server responds with 3probe
- client sends 5
- server sends 42["checkSession",1], which appears to indicate that the 'io' cookie has changed
- a new websocket is then opened using this new io cookie as sid
However, using Python's websocket-client to test, I don't see where the new 'io' cookie is actually issued or how to open the subsequent websocket. Also, I seem to have overlooked an additional query parameter for /socket.io/, t, which, even though I seem to be able to establish the initial websocket without it, appears to be completely random and to change at each stage.
Is there a library I should be using to negotiate this handshake?
Thanks for your responses and your time, everyone.
-
Logging in programmatically; Using access token from read API with write API plugin?posted in NodeBB Development
I'm working on a client app for NodeBB. Authenticating against the read API is simple enough, but I can't figure out how to use the resulting token with the write API. I understand that I can generate tokens for the write API from the ACP, but my goal is to issue an access token when a user logs in with his or her credentials, without having to generate a token manually for every user of my forum. Can anyone point me in the right direction? Thanks in advance.
For reference, this is what I'm doing now:
- start new session
- get csrf token from /api/config
- send POST request to /login with 'username' and 'password' as data and csrf token in header as 'x-csrf-token'
- receive session token with express.sid and io cookies (?)
