[ANNOUNCE]node-red-contrib-xterm : second beta (sidebar)

I have never seen a tabsheet closing before in my life... Damn I must be good :rofl:
Do you mean it switches to another tabsheet, or does the tabsheet disappear? A short animated gif (screen recording) would be really useful in those cases...

Tabsheet disappears, no rabbit involved :slight_smile:

Damn, then I'm not that good after all...
Which browser? And no errors in console log?

It may not sound customer friendly but, I need to say it: "Dear user, your issue will be analysed next year" :joy:

That was it for 2019 folks. See you guys next year.
HAVE FUN TONIGHT :champagne:

2 Likes

No errors. See you next year. HAVE FUN!

1 Like

I closed my browser and re-opened it and re-logged into my cloud instance and exactly the same happened to me

Was fine when I clicked start the second time

1 Like

You seem to have covered it.

The only other thing is about the security of the websocket connection - since websocket connections don't support headers, it is not possible to continue to validate the security of a websocket connection unless you pass the token via the msg object. That means that if someone hijacks the session, they could potentially continue to receive data.

As far as I'm aware, Node-RED doesn't add any session security to websocket connections beyond the initial connection. So paranoid types should regularly restart Node-RED (and probably change admin passwords) to limit exposure. Really paranoid types probably wouldn't be using remote xterm sessions anyway :face_with_raised_eyebrow:

I love this :star_struck:, no need to open another terminal to Pi. Is there a chance that the input node could work more like the "exec" node and capture the output so further processing could be done. I currently use an injector node using a periodic time and exec node to test various system statuses and depending on the outcome make changes. It will be useful all the same.

Hi Daniel (@greenembrace),
I was wondering who would be the first one to ask this question. When I got the idea to provide a Terminal-Input node, then of course I got the same idea to:

  • Build a Terminal-Output node
  • Add an output on the Terminal-Input node

Unfortunately I didn't found a solution for none of both :woozy_face:
Therefore I have explained it in more detail in the Limitations section of my readme page.

Summarized:
Suppose you have N users each having their own flow editor open at the same time. Then each Terminal-Input in the flow will be displayed N times, but on the server it is a single node. Suppose I add an output to the Terminal-Input node:

  • User 1 the button, and expects his working directory to appear on the output.
  • Meanwhile user 2 presses the output, and expects his working directory to appear on the output
  • The output always shows a mixed output of both users

But while I'm writing this now, I'm realizing that the Inject node has the same problem. Damn how stupid of me :woozy_face:

Any thoughts from the community???

P.S. A Terminal-Output node would be harder to develop. You will get the output from all users, but on top of that you will also get the input of all users. Because the output of the pseudo terminal contains both (input and output). For a Terminal-Input node, I know both the input and output so I can remove the input from the stream. For an Terminal-Output node this would be much more difficult, and I don't have spare time left for such features...

Hey Julian (@TotallyInformation),
I had designed my node to use Node-RED's websocket channel, because I thought: when that is secure enough for everything else, then it will also be secure enough for me... But digging into that further is unfortunately at the moment not possible in my limited spare time.

But I am a bit worried aboud my endpoint, due to limited knowledge:

RED.httpAdmin.get('/xterm_shell/:terminal_id/:command/:info', function(req, res) {

Should this be like this or something else?

RED.httpAdmin.get('/xterm_shell/:terminal_id/:command/:info', RED.auth.needsPermission('xterm.read'), function(req, res) {

I have no idea what the most optimal setting is ...

Hi.

This looked interesting, but the village idiot has had a go at installing it as per the github link.

I think it is installed, but I am not getting the icon on the right side of the screen.

Do I need to restart NR?
Only that I didn't see it mentioned - yet - in what I read.

Hi Andrew,
you need to install it inside your Node-RED folder. Then you need to restart Node-RED and refresh your browser screen. If then nothing appears, you will have installed it in the wrong directory I assume ...
Bart

Thanks.

Ok. I need to restart NR. My bad. Just I didn't read it at the link.

Also the message that resulted from the install has me a bit worried.

me@me-desktop:~/.node-red$ npm install bartbutenaers/node-red-contrib-xterm
npm WARN bootstrap@4.3.1 requires a peer of jquery@1.9.1 - 3 but none is installed. You must install peer dependencies yourself.
npm WARN node-red-contrib-ui-led@0.3.1 requires a peer of node-red-dashboard@2.14.x but none is installed. You must install peer dependencies yourself.
npm WARN xterm-addon-fit@0.3.0 requires a peer of xterm@^4.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN node-red-project@0.0.1 No repository field.
npm WARN node-red-project@0.0.1 No license field.

+ node-red-contrib-xterm@0.0.1
updated 1 package and audited 1788 packages in 6.904s
found 11 vulnerabilities (3 low, 1 moderate, 7 high)
  run `npm audit fix` to fix them, or `npm audit` for details
me@me-desktop:~/.node-red$ 

7 high security risks!

Shall restart NR and see what happens.

Restarted and all good.

I have no clue what that is all about.
When I go to my xterm node directory and do the check, then it seems ok to me:

image

Anybody has an idea why the npm install is complaining, and what I can do to fix this?

Don't worry about it. Sorry. I know that isn't your problem.

I just goofed at not restarting NR. (As it wasn't written. . . . . )

I have mentioned it (the security messages) before in other threads and I didn't really get resolution.

Anyway:
So it is about 11:00 local time your end - yes?

Hi Bart @BartButenaers Thanks for the considered reply. The only thought I have about all users is that each command has a unique PID and all sub process of that command are linked to this. Therefor each user would generate there own unique PID which could be filtered. But I share your spare time issue and thank you for the nodes you have produced. cheers

The security alerts are not necessarily connected with your node, it could be any node or supporting library that Andrew has installed, as I understand it.

By way of example, my install log shows no such warnings, which suggests that it's not due to your node...
(But note the line npm WARN xterm-addon-fit@0.3.0 requires a peer of xterm@^4.0.0 but none is installed. You must install peer dependencies yourself. which also appeared in Andrews log)

pi@raspberrypi:~/.node-red $ npm install bartbutenaers/node-red-contrib-xterm

> node-pty-prebuilt-multiarch@0.9.0 install /home/pi/.node-red/node_modules/node-pty-prebuilt-multiarch
> prebuild-install || node scripts/install.js


> node-pty-prebuilt-multiarch@0.9.0 postinstall /home/pi/.node-red/node_modules/node-pty-prebuilt-multiarch
> node scripts/post-install.js

npm WARN xterm-addon-fit@0.3.0 requires a peer of xterm@^4.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN node-red-project@0.0.1 No repository field.
npm WARN node-red-project@0.0.1 No license field.

+ node-red-contrib-xterm@0.0.1
added 4 packages from 3 contributors and audited 750 packages in 34.566s

11 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities
1 Like

@BartButenaers - love your work :smiling_face_with_three_hearts:

I hope this is not a stupid question, but why would you use the Terminal Input nodes over the standard exec nodes ?

You can choose I assume. I just added them so I could easily store my favorite commands, and have confirmation boxes for critical commands. And you can also inject the commands into the terminal window, without executing them (i.e. you have to press then the enter button manually). Have not tried it, but I don't think commands from the exec node will appear into the terminal window...

One feature I am looking for is the ability to ssh onto another device on my network and run commands on that, could xterm do that ?

Why not try it and report back??