BasicAuth API requests returning HTTP?

[Kevin-Mok]

I'm trying to get the list of links using the list command from the API section, but all I seem to be getting back from the server is the HTTP site. I have the username and hashed password set and enabled the API in the config file. My POST request has the JSON body { "api": "listshort" } and uses BasicAuth.

This is the timeline of the request done in a REST client:

* Preparing request to http://smol.gq/
* Using libcurl/7.61.1 OpenSSL/1.1.0h zlib/1.2.11 nghttp2/1.29.0
* Current time is 2019-09-03T07:16:49.235Z
* Disable timeout
* Enable automatic URL encoding
* Enable SSL validation
* Enable cookie sending with jar of 0 cookies
* Connection 8 seems to be dead!
* Closing connection 8
* Connection 9 seems to be dead!
* Closing connection 9
* TLSv1.2 (OUT), TLS alert, close notify (256):
*   Trying 165.22.239.234...
* TCP_NODELAY set
* Connected to smol.gq (165.22.239.234) port 80 (#10)
* Server auth using Basic with user 'kevin'

> POST / HTTP/1.1
> Host: smol.gq
> Authorization: Basic a2V2aW46bmVvcnU=
> User-Agent: insomnia/6.6.2
> Content-Type: application/json
> Accept: */*
> Content-Length: 23

| {
| 	"api": "listshort"
| }

* upload completely sent off: 23 out of 23 bytes

< HTTP/1.1 301 Moved Permanently
< Server: nginx/1.14.2
< Date: Tue, 03 Sep 2019 07:16:49 GMT
< Content-Type: text/html
< Content-Length: 185
< Connection: keep-alive
< Location: https://smol.gq/


* Ignoring the response-body
* Received 185 B chunk
* Connection #10 to host smol.gq left intact
* Issue another request to this URL: 'https://smol.gq/'
* Switch from POST to GET
*   Trying 165.22.239.234...
* TCP_NODELAY set
* Connected to smol.gq (165.22.239.234) port 443 (#11)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /tmp/insomnia_6.6.2/2017-09-20.pem
*   CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=smol.gq
*  start date: Aug 20 13:22:19 2019 GMT
*  expire date: Nov 18 13:22:19 2019 GMT
*  subjectAltName: host "smol.gq" matched cert's "smol.gq"
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
* Server auth using Basic with user 'kevin'

> GET / HTTP/1.1
> Host: smol.gq
> Authorization: Basic a2V2aW46bmVvcnU=
> User-Agent: insomnia/6.6.2
> Content-Type: application/json
> Accept: */*

< HTTP/1.1 200 OK
< Server: nginx/1.14.2
< Date: Tue, 03 Sep 2019 07:16:49 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 1401
< Connection: keep-alive


* Received 1401 B chunk
* Connection #11 to host smol.gq left intact

Am I missing something here?

[132ikl]

Hi, I'll look into this when I can. The API was rather thrown together to be quite honest - I will probably redo the majority of it as soon as I get a break from other projects. Hang tight for now and I'll investiage what the issue is (I have only used curl to test the API so it is likely that it breaks for non-curl clients).

[132ikl]

Actually, I see what's going on here. You have to specify format=json along with api=listshort. This is addressed by issue #4. This is very stupid and will definitely be removed when I rework the API.

[Kevin-Mok]

I'm still not sure exactly how it should be formatted. I tried:

curl --request POST \
  --url https://smol.gq/ \
  --header 'authorization: Basic a2V2aW46bmVvcnU=' \
  --header 'content-type: application/json' \
  --data '{
"api": "listshort",
"format": "json"
}'

As well as:

curl --request POST \
  --url https://smol.gq/ \
  --header 'authorization: Basic a2V2aW46bmVvcnU=' \
  --header 'format: json' \
  --header 'api: listshort'

But, both still return the HTTP.

Edit: Ah. The REST client wasn't giving me the correct curl format. It works after using the format curl -u 'user:pass' -d 'api=listshort' -d 'format=json' [url].