Skip to content
/ discourse-api-proxy Public

PHP script to simulate more fine-grained authentication capabilities for the Discourse REST API.

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nylen/discourse-api-proxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.gitignore
.gitignore
 
 
.htaccess
.htaccess
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.php
index.php
 
 
sample-config.php
sample-config.php
 
 

Repository files navigation

discourse-api-proxy

This is a PHP script to simulate more fine-grained authentication capabilities for the Discourse REST API.

Currently, Discourse manages API access through a single master key (and user-specific keys which may not be adequate for your needs).

If you need more fine-grained authentication, then this script may work for you. It stores the master API key in a config file, and allows configuring and distributing multiple "client keys".

Discourse API clients can then point to this script as if it were the real Discourse API, and you can give out one of your "client keys" instead of the master API key.

For each client key, you can define the Discourse API endpoints that clients are allowed to call, and also a list or pattern of allowed IP addresses for incoming requests.

Usage

  • Copy sample-config.php to config.php and fill in the values.
  • Host your config.php, the index.php script and its accompanying .htaccess file using Apache (or make sure all requests will be routed to index.php using your server software of choice).
  • Configure your Discourse API client(s) to point to this script instead of the real Discourse API, and use one of the "client key" values defined in config.php instead of the real Discourse API key.

Caveats

At the moment, Discourse API clients must not send a JSON body with their requests! POST or PUT requests are only supported using form-encoded request bodies.

If you are using Discourse as an SSO provider via the /session/sso_provider endpoint, you must configure your client to talk to this endpoint directly via the Discourse API instead! This is because this endpoint sets a cookie for the next step in the login process inside Discourse, and this cookie must be recognized on the same domain and subdomain as the Discourse install.

Using this script will introduce a mismatch between the forum URL and the forum API URL, and client code may assume these two base URLs are the same.

Given these caveats, many Discourse clients will need modification in order to work with this script.

Contributions

Bug reports and change requests via GitHub issues and PRs are welcome.

About

PHP script to simulate more fine-grained authentication capabilities for the Discourse REST API.

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages