Trying to get the FreshAPI plugin to work, but can't switch to local auth
-
Hello
I'm trying to get the FreshAPI plugin to work (cf this topic), so I installed a clean ttrss to experiment on.
Firstly I installed the plugin and enabled it in the config. This works, the plugin is enabled in the config view. But I cannot login to the plugin. I get the same errors in my logs as in the previous posts:
[Sat Sep 28 10:31:38.267283 2024] [php:error] [pid 32] [client 172.18.0.1:59100] PHP Fatal error: Uncaught Error: Failed opening required '/app/data/include/autoload.php' (include_path='/app/data/plugins.local/freshapi/api:/app/data:/app/data/include:.:/usr/share/php') in /app/data/plugins.local/freshapi/api/greader.php:23\nStack trace:\n#0 {main}\n thrown in /app/data/plugins.local/freshapi/api/greader.php on line 23 Sep 28 12:31:38 [myip] - - [28/Sep/2024:10:31:38 +0000] "POST /plugins.local/freshapi/api/greader.php/accounts/ClientLogin HTTP/1.1" 500 - "-" "Reeder/5040601 CFNetwork/1568.100.1
I wanted to see if the Cloudron login integration could be causing this, so I tried to swith to local auth. How on earth do I do this? There's not setting/switch when I install the package, and when I follow the instructions in the docs TTRSS docs under "external registration", nothing happens. To retrace:
I edited /app/data/env.sh using the File Manager according to the instructions. I enabled auth_interal (and this works, as I can see it is enabled when I login via a Cloudron user), but I can't seem to be able to enable registration. So far I've tried the following lines in the /app/data/env.sh file:
TTRSS_ENABLE_REGISTRATION=true
export TTRSS_ENABLE_REGISTRATION=true
set TTRSS_ENABLE_REGISTRATION=true
put TTRSS_ENABLE_REGISTRATION=trueNone of them seem to work. Can anyone provide assistance? Thanks.
-
In Cloudron, the plugins are stored outside in /app/data instead of alongside the ttrss code in /app/code . The plugin tries to include a file assuming it is in the repo i.e under /app/code and this makes it not work.
If you change the line on the top of api/greader.php like this:
$ttrss_root = '/app/code'; // dirname(__DIR__, 3);
then it works for me.
$ curl -X POST --data 'Email=xx&Passwd=CczdjnHZYaMPr2V0' https://ttrss.domain.com/plugins.local/freshapi/api/greader.php/accounts/ClientLogin/ SID=xx/4l33j00i8gu6brpr7ev9ed182q LSID= Auth=xx/4l33j00i8gu6brpr7ev9ed182q
The Password above is App Password (you can create one in user preferences)
-
-
@joseph said in Trying to get the FreshAPI plugin to work, but can't switch to local auth:
In Cloudron, the plugins are stored outside in /app/data instead of alongside the ttrss code in /app/code . The plugin tries to include a file assuming it is in the repo i.e under /app/code and this makes it not work.
If you change the line on the top of api/greader.php like this:
$ttrss_root = '/app/code'; // dirname(__DIR__, 3);
then it works for me.
$ curl -X POST --data 'Email=xx&Passwd=CczdjnHZYaMPr2V0' https://ttrss.domain.com/plugins.local/freshapi/api/greader.php/accounts/ClientLogin/ SID=xx/4l33j00i8gu6brpr7ev9ed182q LSID= Auth=xx/4l33j00i8gu6brpr7ev9ed182q
The Password above is App Password (you can create one in user preferences)
Thank you. By changing the ttrss path in greader.php like you say, I can access the plugin. But I get "unautorized" errors, even though the app specific passwords I use are correct. I get the same error in my "production" ttrss as I do in a cleanly installed test version of ttrss I set up (to experiment on this). My log shows (In the loginfo below, I've changed the ipadress to [MyIP], the URL to ttrss.domain.com and the username to [username]) :
Oct 01 09:37:49 [MyIP] - - [01/Oct/2024:07:37:49 +0000] "POST /plugins.local/freshapi/api/greader.php/accounts/ClientLogin HTTP/1.1" 200 70 "-" "Reeder/5040601 CFNetwork/1498.700.2 Darwin/23.6.0" Oct 01 09:37:49 [Tue Oct 01 07:37:49.733865 2024] [php:notice] [pid 30] [client 172.18.0.1:53690] FreshGReaderAPI::unauthorized Oct 01 09:37:49 [Tue Oct 01 07:37:49.734022 2024] [php:notice] [pid 30] [client 172.18.0.1:53690] FreshGReaderAPI::unauthorized Array\n(\n [date] => 2024-10-01T07:37:49+00:00\n [headers] => Array\n (\n [Host] => ttrss.domain.com\n [X-Real-IP] => [MyIP]\n [X-Forwarded-For] => [MyIP]\n [X-Forwarded-Host] => ttrss.domain.com\n [X-Forwarded-Port] => 443\n [X-Forwarded-Proto] => https\n [X-Forwarded-Ssl] => on\n [Connection] => close\n [accept] => */*\n [accept-encoding] => gzip, deflate, br\n [user-agent] => Reeder/5040601 CFNetwork/1498.700.2 Darwin/23.6.0\n [accept-language] => en-GB,en;q=0.9\n [authorization] => GoogleLogin auth=[username]/vdhuqfgl36jo3okkehfrtkqk56\n )\n\n [_SERVER] => Array\n (\n [HTTP_HOST] => ttrss.domain.com\n [HTTP_X_REAL_IP] => [MyIP]\n [HTTP_X_FORWARDED_FOR] => [MyIP]\n [HTTP_X_FORWARDED_HOST] => ttrss.domain.com\n [HTTP_X_FORWARDED_PORT] => 443\n [HTTP_X_FORWARDED_PROTO] => https\n [HTTP_X_FORWARDED_SSL] => on\n [HTTP_CONNECTION] => close\n [HTTP_ACCEPT] => */*\n [HTTP_ACCEPT_ENCODING] => gzip, deflate, br\n [HTTP_USER_AGENT] => Reeder/5040601 CFNetwork/1498.700.2 Darwin/23.6.0\n [HTTP_ACCEPT_LANGUAGE] => en-GB,en;q=0.9\n [PATH] => /usr/local/node-18.18.0/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\n [SERVER_SIGNATURE] => <address>Apache/2.4.52 (Ubuntu) Server at ttrss.domain.com Port 8000</address>\n\n [SERVER_SOFTWARE] => Apache/2.4.52 (Ubuntu)\n [SERVER_NAME] => ttrss.domain.com\n [SERVER_ADDR] => 172.18.20.78\n [SERVER_PORT] => 8000\n [REMOTE_ADDR] => 172.18.0.1\n [DOCUMENT_ROOT] => /app/code\n [REQUEST_SCHEME] => http\n [CONTEXT_PREFIX] => \n [CONTEXT_DOCUMENT_ROOT] => /app/code\n [SERVER_ADMIN] => [no address given]\n [SCRIPT_FILENAME] => /app/code/plugins.local/freshapi/api/greader.php\n [REMOTE_PORT] => 53690\n [GATEWAY_INTERFACE] => CGI/1.1\n [SERVER_PROTOCOL] => HTTP/1.1\n [REQUEST_METHOD] => GET\n [QUERY_STRING] => output=json\n [REQUEST_URI] => /plugins.local/freshapi/api/greader.php/reader/api/0/user-info?output=json\n [SCRIPT_NAME] => /plugins.local/freshapi/api/greader.php\n [PATH_INFO] => /reader/api/0/user-info\n [PATH_TRANSLATED] => /app/code/reader/api/0/user-info\n [PHP_SELF] => /plugins.local/freshapi/api/greader.php/reader/api/0/user-info\n [REQUEST_TIME_FLOAT] => 1727768269.7281\n [REQUEST_TIME] => 1727768269\n )\n\n [_GET] => Array\n (\n [output] => json\n )\n\n [_POST] => Array\n (\n )\n\n [_COOKIE] => Array\n (\n )\n\n [INPUT] => \n)\n Oct 01 09:37:49 [MyIP] - - [01/Oct/2024:07:37:49 +0000] "GET /plugins.local/freshapi/api/greader.php/reader/api/0/user-info?output=json HTTP/1.1" 401 13 "-" "Reeder/5040601 CFNetwork/1498.700.2 Darwin/23.6.0"
When I do the curl you showed, I get the same error message:
$ curl -X POST --data 'Email=xx&Passwd=CczdjnHZYaMPr2V0' https://ttrss.domain.com/plugins.local/freshapi/api/greader.php/accounts/ClientLogin/ Unauthorized!root@e6d40bd9-472b-46c9-9ab6-82794a764ebb:/app/code/plugins.local/freshapi#
I use my own app generated passwords, and in the preferences window for ttrss app passwords, I see that the password has been referenced correctly. But I still get the error.
Any idea what might be wrong? Thank you!
-
Quoting myself to follow up my previous post. Today's update of TTRSS (to [2.17.4]: Update Tiny Tiny RSS to df489df), in my test installation of TTRSS, the API now returns the same output as Joseph in Post #3 above:
$ curl -X POST --data 'Email=xx&Passwd=CczdjnHZYaMPr2V0' https://ttrss.domain.com/plugins.local/freshapi/api/greader.php/accounts/ClientLogin/ SID=xx/4l33j00i8gu6brpr7ev9ed182q LSID= Auth=xx/4l33j00i8gu6brpr7ev9ed182q
However, my newsreader (Reeder) still don't authenticate (The Reeder error message is: Login failed. The data couldn't be read because it isn't in the correct format.)
Further, when I follow the instructions in the plugin repo to call the API directly (Step 2 under Chapter Using the API, I still get an "Unauthorized!" error message in the terminal like below (I follow the instruction by first posting the auth (Step 1) and use the provided info from this step as values in this step (Step 2)):
$ curl -X POST --header 'Authorization: GoogleLogin auth=xx/4l33j00i8gu6brpr7ev9ed182q' https://example.com/tt-rss/plugins.local/freshapi/api/greader.php/reader/api/0/subscription/export Unauthorized!
Would love to hear someone else's experiences with this. Maybe someone could offer their assistance, if they manage to get it working?
Thank you!
@odie said in Trying to get the FreshAPI plugin to work, but can't switch to local auth:
@joseph said in Trying to get the FreshAPI plugin to work, but can't switch to local auth:
In Cloudron, the plugins are stored outside in /app/data instead of alongside the ttrss code in /app/code . The plugin tries to include a file assuming it is in the repo i.e under /app/code and this makes it not work.
If you change the line on the top of api/greader.php like this:
$ttrss_root = '/app/code'; // dirname(__DIR__, 3);
then it works for me.
$ curl -X POST --data 'Email=xx&Passwd=CczdjnHZYaMPr2V0' https://ttrss.domain.com/plugins.local/freshapi/api/greader.php/accounts/ClientLogin/ SID=xx/4l33j00i8gu6brpr7ev9ed182q LSID= Auth=xx/4l33j00i8gu6brpr7ev9ed182q
The Password above is App Password (you can create one in user preferences)
Thank you. By changing the ttrss path in greader.php like you say, I can access the plugin. But I get "unautorized" errors, even though the app specific passwords I use are correct. I get the same error in my "production" ttrss as I do in a cleanly installed test version of ttrss I set up (to experiment on this). My log shows (In the loginfo below, I've changed the ipadress to [MyIP], the URL to ttrss.domain.com and the username to [username]) :
Oct 01 09:37:49 [MyIP] - - [01/Oct/2024:07:37:49 +0000] "POST /plugins.local/freshapi/api/greader.php/accounts/ClientLogin HTTP/1.1" 200 70 "-" "Reeder/5040601 CFNetwork/1498.700.2 Darwin/23.6.0" Oct 01 09:37:49 [Tue Oct 01 07:37:49.733865 2024] [php:notice] [pid 30] [client 172.18.0.1:53690] FreshGReaderAPI::unauthorized Oct 01 09:37:49 [Tue Oct 01 07:37:49.734022 2024] [php:notice] [pid 30] [client 172.18.0.1:53690] FreshGReaderAPI::unauthorized Array\n(\n [date] => 2024-10-01T07:37:49+00:00\n [headers] => Array\n (\n [Host] => ttrss.domain.com\n [X-Real-IP] => [MyIP]\n [X-Forwarded-For] => [MyIP]\n [X-Forwarded-Host] => ttrss.domain.com\n [X-Forwarded-Port] => 443\n [X-Forwarded-Proto] => https\n [X-Forwarded-Ssl] => on\n [Connection] => close\n [accept] => */*\n [accept-encoding] => gzip, deflate, br\n [user-agent] => Reeder/5040601 CFNetwork/1498.700.2 Darwin/23.6.0\n [accept-language] => en-GB,en;q=0.9\n [authorization] => GoogleLogin auth=[username]/vdhuqfgl36jo3okkehfrtkqk56\n )\n\n [_SERVER] => Array\n (\n [HTTP_HOST] => ttrss.domain.com\n [HTTP_X_REAL_IP] => [MyIP]\n [HTTP_X_FORWARDED_FOR] => [MyIP]\n [HTTP_X_FORWARDED_HOST] => ttrss.domain.com\n [HTTP_X_FORWARDED_PORT] => 443\n [HTTP_X_FORWARDED_PROTO] => https\n [HTTP_X_FORWARDED_SSL] => on\n [HTTP_CONNECTION] => close\n [HTTP_ACCEPT] => */*\n [HTTP_ACCEPT_ENCODING] => gzip, deflate, br\n [HTTP_USER_AGENT] => Reeder/5040601 CFNetwork/1498.700.2 Darwin/23.6.0\n [HTTP_ACCEPT_LANGUAGE] => en-GB,en;q=0.9\n [PATH] => /usr/local/node-18.18.0/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\n [SERVER_SIGNATURE] => <address>Apache/2.4.52 (Ubuntu) Server at ttrss.domain.com Port 8000</address>\n\n [SERVER_SOFTWARE] => Apache/2.4.52 (Ubuntu)\n [SERVER_NAME] => ttrss.domain.com\n [SERVER_ADDR] => 172.18.20.78\n [SERVER_PORT] => 8000\n [REMOTE_ADDR] => 172.18.0.1\n [DOCUMENT_ROOT] => /app/code\n [REQUEST_SCHEME] => http\n [CONTEXT_PREFIX] => \n [CONTEXT_DOCUMENT_ROOT] => /app/code\n [SERVER_ADMIN] => [no address given]\n [SCRIPT_FILENAME] => /app/code/plugins.local/freshapi/api/greader.php\n [REMOTE_PORT] => 53690\n [GATEWAY_INTERFACE] => CGI/1.1\n [SERVER_PROTOCOL] => HTTP/1.1\n [REQUEST_METHOD] => GET\n [QUERY_STRING] => output=json\n [REQUEST_URI] => /plugins.local/freshapi/api/greader.php/reader/api/0/user-info?output=json\n [SCRIPT_NAME] => /plugins.local/freshapi/api/greader.php\n [PATH_INFO] => /reader/api/0/user-info\n [PATH_TRANSLATED] => /app/code/reader/api/0/user-info\n [PHP_SELF] => /plugins.local/freshapi/api/greader.php/reader/api/0/user-info\n [REQUEST_TIME_FLOAT] => 1727768269.7281\n [REQUEST_TIME] => 1727768269\n )\n\n [_GET] => Array\n (\n [output] => json\n )\n\n [_POST] => Array\n (\n )\n\n [_COOKIE] => Array\n (\n )\n\n [INPUT] => \n)\n Oct 01 09:37:49 [MyIP] - - [01/Oct/2024:07:37:49 +0000] "GET /plugins.local/freshapi/api/greader.php/reader/api/0/user-info?output=json HTTP/1.1" 401 13 "-" "Reeder/5040601 CFNetwork/1498.700.2 Darwin/23.6.0"
When I do the curl you showed, I get the same error message:
$ curl -X POST --data 'Email=xx&Passwd=CczdjnHZYaMPr2V0' https://ttrss.domain.com/plugins.local/freshapi/api/greader.php/accounts/ClientLogin/ Unauthorized!root@e6d40bd9-472b-46c9-9ab6-82794a764ebb:/app/code/plugins.local/freshapi#
I use my own app generated passwords, and in the preferences window for ttrss app passwords, I see that the password has been referenced correctly. But I still get the error.
Any idea what might be wrong? Thank you!
-
I've been trying to get this plugin to work, since (in my opinion), it will increase TTRSS' long-term viability (since the Fever plugin is considered deprecated and the TTRSS API not widely supported at all).
Adding to my previous post (and from @joseph with reference to using curl to test), I have struggled to make headway. I finally came over this post from last week on the author's GIT: https://github.com/eric-pierce/freshapi/issues/7
When viewing TTRSS' default config (and nginx config files), it seems Cloudron don't have PATH_INFO enabled on the webserver. The plugin apparently requires this, and this is supposedly "as simple as modifying your nginx.conf file to enable PATH_INFO for plugins with "api" in the path".
The two steps to enable PATH_INFO are (source: this post:
- re-enable it by enabling cgi.fix_pathinfo=1 in the php.ini file (on my test installation, I find this php.ini file under "/etc/php/8.1/cli/php.ini", and here I can see that the cgi.fix_pathinfo=1 is commented out)
- Update the .conf file (on my cloudron box, the path to my test install of ttrss is: /home/yellowtent/platformdata/nginx/applications/e6d40bd9-472b-46c9-9ab6-82794a764ebb/ttrsstest.example.com.conf) to include support for PATH_INFO. This is a selective enabling of PATH_INFO, and only tells nginx to use PATH_INFO parameters for php files in the plugins.local folder with "/api/" somewhere in the URL (like freshapi). Here is the example code given on the author's page:
# vi:syntax=nginx server { listen 80; listen [::]:80; server_name ttrss.mydomain.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; listen [::]:443 ssl; #include snippets/ssl-mydomain.com.conf; #include snippets/ssl-params.conf; server_name ttrss.mydomain.com; root /usr/share/nginx/ttrss; index index.html index.htm index.php; access_log /var/log/nginx/ttrss_access.log; error_log /var/log/nginx/ttrss_error.log info; # Enable SSL verification by certbot/webroot location ~ /.well-known { allow all; } location / { index index.php; } location ~ \.php$ { try_files $uri =404; #Prevents autofixing of path which could be used for exploit fastcgi_pass unix:/run/php/php8.2-fpm.sock; fastcgi_index index.php; include fastcgi.conf; } location ~ /plugins\.local/.*/api/.*\.php(/|$) { fastcgi_split_path_info ^(.+\.php)(/.+)$; set $path_info $fastcgi_path_info; fastcgi_param PATH_INFO $path_info; fastcgi_pass unix:/run/php/php8.2-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_index index.php; include fastcgi_params; } }
It seems to me that these changes need to be done on the Cloudron side. Any chance of having someone from staff look into it?
Sorry for the bother, and thanks for the help!
-
@girish Can you look into this, please? A long-term reliable API would be of great value.
-
@necrevistonnezr @girish Any chance of having this looked at? It would be an incredible addon to TTRSS. Not only would this offer a robust and maintained API, the API has a lot of useful functionality. You can basically maintain all feeds and folders via the API, allowing you to use TTRSS' powerful filtering system as a pure backend and use whatever client you prefer to maintain feeds and folders.
Sorry again for the trouble