Hey Paul,
yes I have added the permissions because (in the above discussion) my endpoint was not secured. So it should be there!!!!!! But I don't know why this is a problem for you, and not for the others 
[EDIT] From the documentation I see this:
the
needsPermissionmiddleware is there to ensure only authenticated users can access the endpoint. The permission should be of the form<node-type>.read
Is there perhaps anything special about your security ?
No, nothing special, script installed node-RED is setup as per the guide, and the only software running on the Pi is node-RED, Mosquitto, UFW & Certbot. It was a completely new installation made about 3 or 4 weeks ago.
Node-RED version: v1.0.3
Node.js version: v12.14.0
Linux 4.19.75-v7+ arm LE (Buster)
Raspberry Pi 3b+
Node-RED settings
credentialSecret added to encrypt credentials
adminAuth added to password protect the Node-RED editor and admin API
httpNodeAuth added to protect the node-defined HTTP endpoints
https: added to serve node-RED via https
requireHttps: true, to redirect http connections
In addition, I use UFW to restrict certain port access to defined IP addresses (ie only allow MQTT port access from my remote servers).
Hi @BartButenaers,
Great work on the node. I will be testing it soon.
I haven't looked at the source yet, do you think your work could be ported to make a dashboard widget?
One of the use case I have would be to give a user access to an interactive CLI tool.
Thanks!
Hi Erwin (@edorgeville),
Although it might seem very similar, there are a lot of changes required:
Of course everything is possible, but at first sight it probably needs to be build from scratch...
But you have the advantage that you can start from my current code. Good luck with it!
Bart
Paul (@Paul-Reed) ,
Not sure at the moment where to start searching for the cause ...
If anybody has tips, be my guest!!
When I navigate manually to my admin endpoint (https://__:1880/xterm_shell/static/xterm.js), then I get a popup to enter my credentials:
Once I have entered my credentials, the xterm.js file will be loaded and displayed.
Does it behave the same way in your setup?
I get the sign-in dialogue, enter my credentials, and then the browser message is;
Cannot GET /xterm_shell/static/xterm.js
and the browser console error;
Paul, apologies the URL should be https://___:1880/xterm/xxxx/static/xterm.js
The "xxxx" is normally your (unique) terminal id, which is not relevant for getting the static files ...
I don't understand your last post. Do you want me to try another URL? or any other information.
Ah yes, just try https://___:1880/xterm/xxxx/static/xterm.js
Forget the other stuff I wrote
Cannot GET /xterm/xxxx/static/xterm.js
What is & where do I get the xxxx (terminal id)?
OMG Paul, I'm getting nuts ... 
The url is https://___:1880/xterm_shell/xxxx/static/xterm.js
That results in no request for credentials and;
Unauthorized
No credentials popup? And if you try in an incognito window?
Yes, that's what I'm working from. (a different one with each change!)
Ok, then I really need some help from the community to get this last issue solved...
My endpoint looks like this:
RED.httpAdmin.get('/xterm_shell/:terminal_id/:command/:info', RED.auth.needsPermission('xterm.write'), function(req, res) {
So when you manually enter an url like https://___:1880/xterm_shell/xxxx/static/xterm.js, the url pattern should match to my endpoint. While a get nicely a credentials popup, you simply get UnAuthorized.
And when you remove the RED.auth.needsPermission('xterm.write') then it works fine for you. But when you replace it by RED.auth.needsPermission('xterm.read') then it also fails.
Don't know at the moment why it fails. And my time is up for today ...
[EDIT] here is a similar case, but don't understand the explanation because it works here fine on my pc ...
This is a really good addition to the node-RED arsenal, as it allows access to the cli remotely.
So when away from home, so long as node-RED is running, we can make cli changes - updates, fix's, reboots, etc, etc.
Maybe @knolleary or @dceejay would be kind enough to maybe cast their eye upon this, which is summarized by Bart's last post.
Paul, to answer your location question: When you start a regular terminal window it starts in the home directory of the user. The reason it starts in the User Directory set for Node-RED is because that's where Node-RED itself starts too. By starting the nodeJS process it (simplified, don't quote me on this for other usages) sets the current working directory (also named cwd sometimes but called as pwd because of the Present Working Directory) to the folder it starts in, which is the User Directory. Because of this node-red is able to access the node_modules folder in that place, as well as other relevant files needed to execute.
TL;DR: regular user has the ~ home directory set as the path it starts the terminal from, starting it from Node-RED uses the current working directory node-RED has aka the .node-red folder by default (or any other folder set as user directory).
@BartButenaers "...and I asked so politely" 
Never mind, I'll just keep my local edited copy for now, and let's see if others report problems when you npm publish the node.
Paul
Hi guys,
There is a new version on Github with following changes:
This is hopefully the last beta.
Will publish it on NPM by the end of this month, since I will have surgery this week...
If there are any issues with the new version, please post them here and I will respond as soon as possible.
Hi @BartButenaers I realize that you are probably not around at the moment, but I'll leave this here for you to pick up whenever you are back.
I think that there is another auth bug!
For the first time I've just tried the xterm Terminal input node, and it's not working for me.
If I add a command to the node config & deploy, upon injecting the node, I get a request to sign in.
I enter my username & password, but it is not accepted, and I get a further request to sign in, and so on.
Checking the browser console, I see;
) because I have enabled 
adminAuth in my node-RED settings.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarksā¢ or registeredĀ® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy