Simple API endpoint for external login. Special use case: external login check if user's credentials are valid.
Plugin adds additional API endpoint.
[POST] https://YourBoardDomain.com/api/ns/login
username
[String] - Required field. It could be username or email. It uses internal NodeBB methods to resolve.password
[String] - Required field.
Successful login returns user data, it looks like:
{
"_key": "user:1",
"username": "Nicolas",
"userslug": "nicolas",
"email": "[email protected]",
"email:confirmed": 1,
"joindate": 1432379229517,
"picture": "https://secure.gravatar.com/avatar/16e774e25b68ab1d41d2cc269a29983a?size=128&default=identicon&rating=pg",
"gravatarpicture": "https://secure.gravatar.com/avatar/16e774e25b68ab1d41d2cc269a29983a?size=128&default=identicon&rating=pg",
"fullname": "",
"location": "",
"birthday": "",
"website": "",
"signature": "",
"uploadedpicture": "",
"profileviews": 0,
"reputation": 0,
"postcount": 0,
"topiccount": 0,
"lastposttime": 0,
"banned": 0,
"status": "online",
"uid": 1,
"passwordExpiry": 0,
"lastonline": 1432379559871
}
Whenever used as internal API disable IP limiter in userDefence
instance of express-brute
.
userDefence.getMiddleware({
// Disregard IP address when matching requests if set to true
// Set true if API is used internaly from few IPs
ignoreIP: true,
key: function (req, res, next) {
// prevent too many attempts for the same username
next(req.body.username);
}
})
- It is simple
- It has brute-force defence. The brute-force counter resets on successful login.