H
Homarr•3mo ago
LYPTUS

api authorization

Hi there, I am trying to use the API endpoint to Homarr. My Homarr is managed by Portainer, running in a Proxmox LXC. This is my compose:
version: "3"
services:
homarr:
container_name: homarr
image: ghcr.io/ajnart/homarr:latest
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /opt/homarr/configs:/app/data/configs
- /opt/homarr/icons:/app/public/icons
- /opt/homarr/data:/data
ports:
- 7575:7575
version: "3"
services:
homarr:
container_name: homarr
image: ghcr.io/ajnart/homarr:latest
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /opt/homarr/configs:/app/data/configs
- /opt/homarr/icons:/app/public/icons
- /opt/homarr/data:/data
ports:
- 7575:7575
I retrieved an access token from the tools, but I am having issues with autorization.
curl -H "Authorization: Bearer XXXXXXXXXXX" http://192.168.XX.XX:7575/api/boards/all
curl -H "Authorization: Bearer XXXXXXXXXXX" http://192.168.XX.XX:7575/api/boards/all
{"message":"UNAUTHORIZED","code":"UNAUTHORIZED"}%
{"message":"UNAUTHORIZED","code":"UNAUTHORIZED"}%
anything im missing here?
7 Replies
Cakey Bot
Cakey Bot•3mo ago
Thank you for submitting a support request. Depending on the volume of requests, our team should get in contact with you shortly.
⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)
❓ Frequently Asked Questions | Homarr documentation
Can I install Homarr on a Raspberry Pi?
Tag
Tag•3mo ago
Interesting. Basically what is happening is that those functions are protected behind user authentication, and it seems that we are not recognizing the api token as such. This is definitely a bug though. @Manicraft1001 not sure where to look here but API calls are not bypassing auth requirements from "enforceUserIsAuthed" and "enforceUserIsAdmin" I think. I've tried with postman personally, with a very straightforward setup too. Both times, the TRPC call doesn't have a session and thus throws the error instantly. Content of ctx:
{
session: null,
cookies: {
'next-auth.callback-url': 'http://localhost:3000/',
'next-auth.csrf-token': 'redacted'
}
}
{
session: null,
cookies: {
'next-auth.callback-url': 'http://localhost:3000/',
'next-auth.csrf-token': 'redacted'
}
}
Manicraft1001
Manicraft1001•3mo ago
Interesting. It worked when I tested (no unit test, duh 🙄). Can you look with Meier? He'll be able to help you debug. I'm still on my vacation
Tag
Tag•3mo ago
For sure, I've already narrowed it down a little, seems the session can't be built all the way back from the "getServerAuthSession", but the req has the right input for auth. (don't tell me it's another dependency updgrade that broke it) Actually, SSO might have broken it
LYPTUS
LYPTUS•3mo ago
Well im glad I wasn't being dumb! I saw that some calls weren't restricted, so that makes sense.
Meierschlumpf
Meierschlumpf•3mo ago
I think the issue is that we do not actually support authorization header yet. Currently you need to use the api the following way: curl -b "next-auth.session-token=XXXXXXXXXXX" http://192.168.XX.XX:7575/api/boards/all This is the usage with a cookie. In my opinion it would make sense to support api keys or similar in the future as this is pretty bad practice and over all the session will expire at some point, so automations are not really useful. @LYPTUS FYI @Tag @Manicraft1001
LYPTUS
LYPTUS•3mo ago
hmm, got it. I was just writing a little integration to push all my Portainer Stacks into a Homarr Dashboard so that will probably work for a one off transfer. Thanks!