/discourse-api-proxy

PHP script to simulate more fine-grained authentication capabilities for the Discourse REST API.

Primary LanguagePHPMIT LicenseMIT

discourse-api-proxy

This is a PHP script to simulate more fine-grained authentication capabilities for the Discourse REST API.

Currently, Discourse manages API access through a single master key (and user-specific keys which may not be adequate for your needs).

If you need more fine-grained authentication, then this script may work for you. It stores the master API key in a config file, and allows configuring and distributing multiple "client keys".

Discourse API clients can then point to this script as if it were the real Discourse API, and you can give out one of your "client keys" instead of the master API key.

For each client key, you can define the Discourse API endpoints that clients are allowed to call, and also a list or pattern of allowed IP addresses for incoming requests.

Usage

  • Copy sample-config.php to config.php and fill in the values.
  • Host your config.php, the index.php script and its accompanying .htaccess file using Apache (or make sure all requests will be routed to index.php using your server software of choice).
  • Configure your Discourse API client(s) to point to this script instead of the real Discourse API, and use one of the "client key" values defined in config.php instead of the real Discourse API key.

Caveats

At the moment, Discourse API clients must not send a JSON body with their requests! POST or PUT requests are only supported using form-encoded request bodies.

If you are using Discourse as an SSO provider via the /session/sso_provider endpoint, you must configure your client to talk to this endpoint directly via the Discourse API instead! This is because this endpoint sets a cookie for the next step in the login process inside Discourse, and this cookie must be recognized on the same domain and subdomain as the Discourse install.

Using this script will introduce a mismatch between the forum URL and the forum API URL, and client code may assume these two base URLs are the same.

Given these caveats, many Discourse clients will need modification in order to work with this script.

Contributions

Bug reports and change requests via GitHub issues and PRs are welcome.