Hey Paul,
yes I have added the permissions because (in the above discussion) my endpoint was not secured. So it should be there!!!!!! But I don't know why this is a problem for you, and not for the others
the needsPermission middleware is there to ensure only authenticated users can access the endpoint. The permission should be of the form <node-type>.read
Is there perhaps anything special about your security ?
No, nothing special, script installed node-RED is setup as per the guide, and the only software running on the Pi is node-RED, Mosquitto, UFW & Certbot. It was a completely new installation made about 3 or 4 weeks ago.
Node-RED version: v1.0.3
Node.js version: v12.14.0
Linux 4.19.75-v7+ arm LE (Buster)
Raspberry Pi 3b+
Node-RED settings credentialSecret added to encrypt credentials adminAuth added to password protect the Node-RED editor and admin API httpNodeAuth added to protect the node-defined HTTP endpoints https: added to serve node-RED via https requireHttps: true, to redirect http connections
In addition, I use UFW to restrict certain port access to defined IP addresses (ie only allow MQTT port access from my remote servers).
Hi @BartButenaers,
Great work on the node. I will be testing it soon.
I haven't looked at the source yet, do you think your work could be ported to make a dashboard widget?
One of the use case I have would be to give a user access to an interactive CLI tool.
Thanks!
Hi Erwin (@edorgeville),
Although it might seem very similar, there are a lot of changes required:
Dashboard UI node instead of sidebar panel.
AngularJs instead of jQuery
RED.httpNode instead of RED.httpAdmin node.
Flow editor and dashboard use other websocket libraries
Since the RED.httpNode doesn't accept RED.auth.needsPermission, I'm not sure how secure it is? Might be no problem, but I don't know ...
Currently the sidebar panel ensures that always a single Terminal config node exists. Not clear to me how you would manage the terminal settings in a UI node (since you don't have a sidebar tabsheet then).
And so on ...
Of course everything is possible, but at first sight it probably needs to be build from scratch...
But you have the advantage that you can start from my current code. Good luck with it!
Paul, apologies the URL should be https://___:1880/xterm/xxxx/static/xterm.js
The "xxxx" is normally your (unique) terminal id, which is not relevant for getting the static files ...
So when you manually enter an url like https://___:1880/xterm_shell/xxxx/static/xterm.js, the url pattern should match to my endpoint. While a get nicely a credentials popup, you simply get UnAuthorized.
And when you remove the RED.auth.needsPermission('xterm.write') then it works fine for you. But when you replace it by RED.auth.needsPermission('xterm.read') then it also fails.
Don't know at the moment why it fails. And my time is up for today ...
[EDIT] here is a similar case, but don't understand the explanation because it works here fine on my pc ...
This is a really good addition to the node-RED arsenal, as it allows access to the cli remotely.
So when away from home, so long as node-RED is running, we can make cli changes - updates, fix's, reboots, etc, etc.
Maybe @knolleary or @dceejay would be kind enough to maybe cast their eye upon this, which is summarized by Bart's last post.
Paul, to answer your location question: When you start a regular terminal window it starts in the home directory of the user. The reason it starts in the User Directory set for Node-RED is because that's where Node-RED itself starts too. By starting the nodeJS process it (simplified, don't quote me on this for other usages) sets the current working directory (also named cwd sometimes but called as pwd because of the Present Working Directory) to the folder it starts in, which is the User Directory. Because of this node-red is able to access the node_modules folder in that place, as well as other relevant files needed to execute.
TL;DR: regular user has the ~ home directory set as the path it starts the terminal from, starting it from Node-RED uses the current working directory node-RED has aka the .node-red folder by default (or any other folder set as user directory).
Hi guys,
There is a new version on Github with following changes:
Fix for Paul Reed's unauthorized issue.
All requests are now POST's instead of GET's.
The readme page now contains a link to SSH explanation above (thanks to @zenofmud) .
This is hopefully the last beta.
Will publish it on NPM by the end of this month, since I will have surgery this week...
If there are any issues with the new version, please post them here and I will respond as soon as possible.
Hi @BartButenaers I realize that you are probably not around at the moment, but I'll leave this here for you to pick up whenever you are back.
I think that there is another auth bug!
For the first time I've just tried the xterm Terminal input node, and it's not working for me.
If I add a command to the node config & deploy, upon injecting the node, I get a request to sign in.
I enter my username & password, but it is not accepted, and I get a further request to sign in, and so on.