docs
docs copied to clipboard
filebrowser
Document HTTP API
The Web API is nice. It would help if this was documented so that it can be integrated into other systems. I have a distributed FS and use filemanager has the front-end for all of this.
When a user is created in our system we create one in filemanager user with a scope. So that it acts like a multi-tenant system. It's beautiful. We had to read through the web app to + code find endpoints.
Should have been documented.
😮 Yes, I have to write the docs for the web API. There was someone else who asked me the same too.
I'm not quite sure if anyone is already using API's , I tracked the API calls from chrome for few POST calls like create user, the tricky part was to get the auth cookie , once you have it you can just wire your own python/curl etc.
Get Auth Cookie:
cookie=`curl -Ss localhost:8001/api/login --data-raw '{"username":"admin","password":"admin"}'`
echo "Cookie: auth=$cookie" > /tmp/cookie
curl -H "$(cat /tmp/cookie)" localhost:8001/api/users --data-raw '{"what":"user","which":[],"data":{"scope":".","hideDotfiles":true,"username":"testUser","password":"PASSWORD"}}'
i already have half documented the api by reverse way of interaction.. but i still waithing to the current merge request will be done @on4r thanks in advance
@gaby the problem is the autor itselft.. it seems do not care about that
Is there already an update on the documentation? With a bunch of trial and error I managed to obtain the JWT token, but using it to authenticate has so far been impossible. This is the simple node script I wrote to try and download a testfile:
import axios from 'axios';
import fs from 'fs';
async function getToken() {
const response = await axios.post('http://localhost:8080/api/login', {
username: 'MY_USERNAME',
password: 'MY_PASSWORD'
});
return response.data;
}
async function downloadFile(token) {
const url = 'http://localhost:8080/api/resources/test';
const response = await axios({
method: 'GET',
url: url,
responseType: 'stream',
headers: {
Authorization: `Bearer ${token}`
}
});
const writer = fs.createWriteStream('DownloadedTextFile.txt');
response.data.pipe(writer);
return new Promise((resolve, reject) => {
writer.on('finish', resolve);
writer.on('error', reject);
});
}
async function main() {
const token = await getToken();
console.log('Token: ' + token);
if (token) {
await downloadFile(token);
} else {
console.log('No token. Aborting.');
}
}
main().catch((e) => {
console.error('Error: ', e);
});
This obtains a token, but when downloading the file using the token I get a '401 unauthorized' error.
@icheered i am thinking of possible cuases:
there is another way apart of const writer = fs.createWriteStream('DownloadedTextFile.txt'); ? cos is currently async ?
i dont know i am not expert in promise
I figured it out after a while, but it turns out you don't use Authorization: Bearer <token> like literally any other API out there, but you use 'X-Auth' header field to carry the JWT... I just wrote a short example on uploading and downloading files using the API using Node over here: https://github.com/filebrowser/filebrowser/issues/2551 (this docs repo seems pretty dead...)
I just wrote a short example on uploading and downloading files using the API using Node over here: filebrowser/filebrowser#2551 (this docs repo seems pretty dead...)
yeah.. unfortunatelly .. many times i proposed forked the project but we need at least 2 mantainers for filebrowser and 1 for docs
It is an open source project. Any help in appreciated. You can help the community by writing API docs and opening a PR.
@o1egl thanks for response, finally you revive, we already provide some contributed parts..
curl -H "$(cat /tmp/cookie)" localhost:8001/api/users --data-raw '{"what":"user","which":[],"data":{"scope":".","hideDotfiles":true,"username":"testUser","password":"PASSWORD"}}'
This gives me a 401 unauthorized despite having a cookie that was created from an admin account. Do you have an up to date example of how to add a user with a HTTP request?
como puedo usar el token para loguearme automáticamente en filebrowser, esto es lo que tengo con php:
$data = array( 'username' => 'admin', 'password' => 'admin' ); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://prueba/api/login"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json')); $token = curl_exec($ch); curl_close($ch);
curl -H "$(cat /tmp/cookie)" localhost:8001/api/users --data-raw '{"what":"user","which":[],"data":{"scope":".","hideDotfiles":true,"username":"testUser","password":"PASSWORD"}}'
This gives me a 401 unauthorized despite having a cookie that was created from an admin account. Do you have an up to date example of how to add a user with a HTTP request?
You should change:
echo "Cookie: auth=$cookie" > /tmp/cookie
to
echo "X-Auth:$cookie" > /tmp/cookie
I tested this in a bash script, it might be useful:
#!/usr/bin/env bash
#
#
#
API_URL="http://10.174.18.254:9607/api"
API_USER="admin"
API_PASSWORD="Adminaxitech!"
API_TMP_URI="/Users/svyatvlasso/Projects/Workflow/filebrowser/api/tmp/token_x_auth_heder"
#
#
#
# // retrieving token
#
echo -e date +"%Y-%m-%d %T"" [DEBUG] start retrieving token"
COOKIE_REQUEST_BODY=`echo "{\"username\":\"${API_USER}\",\"password\":\"${API_PASSWORD}\"}"`
echo -e date +"%Y-%m-%d %T"[DEBUG] "token request body contains: ${COOKIE_REQUEST_BODY}"
API_TOKEN=`curl -Ss ${API_URL}/login --data-raw "${COOKIE_REQUEST_BODY}"`
echo -e date +"%Y-%m-%d %T"" [DEBUG] token retrieved"
echo -e date +"%Y-%m-%d %T"" [TRACE] token is ${API_TOKEN}"
echo -e date +"%Y-%m-%d %T"" [DEBUG] saving token as X-Auth header"
echo "X-Auth:${API_TOKEN}" > "${API_TMP_URI}"
echo -e date +"%Y-%m-%d %T"" [DEBUG] token saved to ${API_TMP_URI}"
# // create new user
#
NEW_USER_USERNAME="testuser"
NEW_USER_PASSWORD="0000"
NEW_USER_HIDE_DOT_FILES="true"
NEW_USER_SCOPE="."
echo -e date +"%Y-%m-%d %T"" [DEBUG] create user with USERNAME -> ${NEW_USER_USERNAME} ; PASSWORD -> ${NEW_USER_PASSWORD} ; HIDE_DOT_FILES -> ${NEW_USER_HIDE_DOT_FILES} ; SCOPE -> ${NEW_USER_SCOPE}"
REQUEST_BODY=`echo "{\"what\":\"user\",\"which\":[],\"data\":{\"scope\":\"${NEW_USER_SCOPE}\",\"hideDotfiles\":${NEW_USER_HIDE_DOT_FILES},\"username\":\"${NEW_USER_USERNAME}\",\"password\":\"${NEW_USER_PASSWORD}\"}}"`
echo -e date +"%Y-%m-%d %T"" [DEBUG] request cookie is: $(cat ${API_TMP_URI})"
echo -e date +"%Y-%m-%d %T"" [DEBUG] request body is: ${REQUEST_BODY}"
curl -H "$(cat ${API_TMP_URI})" ${API_URL}/users --data-raw "${REQUEST_BODY}"
OPERATION_EXIT_CODE=$?
if [ "${OPERATION_EXIT_CODE}" != "0" ]; then
echo -e date +"%Y-%m-%d %T"" [DEBUG] can't create user, exit ${OPERATION_EXIT_CODE}"
exit ${OPERATION_EXIT_CODE}
fi
echo -e date +"%Y-%m-%d %T"" [DEBUG] create user done"
How to automatically log in to file browser after receiving a token? I have this now:
$url = "http://192.168.1.134:8084/api/login";
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$headers = array(
"Content-Type: application/json",
);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
$data = <<<DATA
{"username": "1303", "password": "1303", "recaptcha": ""}
DATA;
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
$token = curl_exec($curl);
curl_close($curl);
Check https://github.com/filebrowser/filebrowser/issues/2551.
Long story short: You put the token in the X-Auth header field instead of the standard Authorization: Bearer <token> field
Check filebrowser/filebrowser#2551. Long story short: You put the token in the
X-Authheader field instead of the standardAuthorization: Bearer <token>field
I know about it. But how to redirect to http://localhost:8084/files/ page already signed-in with the provided credentials and recieved token? Basically i want to have a link that automatically sign-in user.
