Accessing Global Context Data Inside ui_base.js for uiShared.httpMiddleware in Node-RED for Custom Authentication

DhamodharanGopal · 15 September 2024 12:48

Hello Everyone,

I’m trying to implement custom authentication in Node-RED by accessing global context data inside the ui_base.js file, specifically in the uiShared.httpMiddleware function, to prevent unauthorized access to the dashboard. I want to retrieve session data stored in the global context and validate it based on a session ID stored in cookies.

Here’s the relevant code snippet from ui_base.js:

File Path Reference:/home/dhamo/.node-red/node_modules/@flowfuse/node-red-dashboard/nodes/config/ui_base.js

uiShared.httpMiddleware = function (req, res, next) {
    // Extract session_id using cookie-parser
    const sessionId = req.cookies.session_id;
    console.log('Extracted session_id:', sessionId);

    // Access global context
    const globalContext = RED.settings.contextStorage; // Not sure if this is correct

    // Check if session_id exists in the global context
    if (sessionId) {
        const sessionData = global.get(sessionId); // Not sure how to access the global context properly
        console.log("sessionData")
        if (sessionData && sessionData.loggedIn) {
            console.log(`Session valid for user: ${sessionData.username}`);
            next(); // Proceed to next middleware
        } else {
            console.log('Session invalid or expired, redirecting to login.');
            res.status(404).send('Session not found. Please log in.');
        }
    } else {
        console.log('No session_id found in the request, redirecting to login.');
        res.status(404).send('No session found. Please log in.');
    }
};

Issue
I’m unsure how to properly access the global context data (specifically session information) in this file and function. I attempted to use RED.settings.contextStorage and global.get(sessionId), but it seems like I’m not accessing the global context correctly.

Questions:

How can I access the global context data inside ui_base.js (or uiShared.httpMiddleware) in order to validate session information?
Is there a better approach for handling custom authentication within Node-RED’s dashboard middleware, or any recommendations on managing session state effectively in this scenario?
Session Generation: Currently, I’m using a simple Math.random() approach to generate sessions in /login endpoint inside a function node. Is there a more secure or structured way to generate and manage sessions, which can be used consistently across all nodes and the local source code (including middleware) for authentication?

Any suggestions or code examples would be greatly appreciated!

joepavitt · 18 September 2024 15:13

Hmmm, I'm not sure there is. @Steve-Mcl can you access the flow/global context stores from within the runtime code?

Steve-Mcl · 18 September 2024 16:25

Yes but it is not advisable as far as I am concerned. For example, I would not want a node reading or writing to context without my knowledge.

system · 18 October 2024 16:26

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Retrieving Global Context Data in onConnection from ui_base.js in Node-RED General node-red-dashboard	2	36	2 October 2024
Uibuilder access context data Dashboard	12	1245	15 March 2021
Display global context in the edit dialog of a custom node Developing Nodes	6	230	28 November 2022
Accessing global variables from a custom node General	9	4470	1 July 2019
Accessing and manipulating data stored in context().global from nodejs modules Developing Nodes	6	469	27 November 2021

Accessing Global Context Data Inside ui_base.js for uiShared.httpMiddleware in Node-RED for Custom Authentication

Related topics