I'm currently working on a script to automate posting replies to topics in a NodeBB forum using the NodeBB API. I have successfully managed to log in and retrieve user data, but I'm encountering issues when trying to post a reply to a topic.
Here is the relevant part of my code:
Python
import requests
import json
class NodeBBAPI:
def __init__(self):
self.session = requests.Session()
self.session.verify = False
self.base_url = "https://example.com/"
self.headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36',
'Accept': 'application/json',
'Content-Type': 'application/json',
'X-Requested-With': 'XMLHttpRequest',
'Origin': 'https://example.com/',
'Referer': 'https://example.com/'
}
self.user_data = None
def login(self, username, password):
try:
config_response = self.session.get(
f"{self.base_url}/api/config",
headers=self.headers
)
login_data = {
"username": username,
"password": password
}
login_response = self.session.post(
f"{self.base_url}/api/v3/utilities/login",
json=login_data,
headers=self.headers
)
if login_response.ok:
response_data = login_response.json()
if response_data.get('status', {}).get('code') == 'ok':
self.user_data = response_data.get('response', {})
self.headers['Authorization'] = f"Bearer {self.user_data.get('token')}"
return True
return False
except Exception as e:
print(f"Login error: {str(e)}")
return False
def post_reply(self, topic_id, content):
if not self.user_data:
print("You must log in first!")
return None
try:
reply_data = {
"content": content,
"_uid": self.user_data.get("uid")
}
response = self.session.post(
f"{self.base_url}/api/v3/topics/{topic_id}/reply",
json=reply_data,
headers=self.headers
)
return response.ok
except Exception as e:
print(f"Error posting reply: {str(e)}")
return False
def main():
username = 'your_username'
password = 'your_password'
topic_id = 123 # Replace with the actual topic ID
content = 'This is an automated reply.'
nodebb = NodeBBAPI()
if nodebb.login(username, password):
if nodebb.post_reply(topic_id, content):
print("Reply posted successfully!")
else:
print("Failed to post reply.")
else:
print("Login failed.")
if __name__ == "__main__":
main()
I am able to log in successfully and get the user data, but when I attempt to post a reply, I receive a 403 Forbidden error.
Here are some details from the response:
Status Code: 403 Response: "Forbidden" I have verified that my user account has write permissions and I can post replies manually via the web interface.
Can anyone provide insights into what might be going wrong or if there are any specific headers or parameters that I need to include in the request?
Thank you in advance for your help!
Are you sending a crsf token? All post requests need a csrf token.
@baris Not related to this, but I am also facing a problem due to csrf token. I earlier used cloudflare SSL on my nodebb instance but now have turned it off because it was giving issues with loading media for federated accounts. My account was auto logged off and now I cannot login. Everytime I try to login, I get the error "Login Unsuccessful We were unable to log you in, likely due to an expired session. Please try again" and the url bar shows
This happens both for admin as well as non-admin user. I have turned on-off-on as well as restarted both nodebb and nginx but the problem remains. Any suggested solution?