I have found a solution for automation that only requires bash, curl and python3. It uses curl together with its cookie management and a python script for extracting the _csrf token from the page' html output. I can now verify that this page doesn't require you to login.
I'm sharing it here in case anyone else wants to automate it too. Save these files to disk, in the same folder:
update_node.py
#!/usr/bin/env bash
RESULT_FILE=/tmp/result.txt
FILE_WITH_CSRF=/tmp/output.html
COOKIES_FILE=/tmp/cookies.txt
MODULE_NAME=REPLACE_WITH_MODULE_NAME
# remove any previous cookies
if [ -f "${COOKIES_FILE}" ]; then
rm "${COOKIES_FILE}"
fi
# get the _csrf token
curl -s \
-c "${COOKIES_FILE}" \
-b "${COOKIES_FILE}" \
-XGET "https://flows.nodered.org/add/node" > ${FILE_WITH_CSRF}
input=$(cat ${FILE_WITH_CSRF})
CSRF_TOKEN=$(echo "${input}" | ./get_token.py)
if [[ ! -z "${CSRF_TOKEN}" ]]; then
echo "_csrf token was found to be $TOKEN"
else
echo "_csrf token not found in HTML!"
exit 1
fi
# Send a node update request, with the _csrf token
curl -s \
-XPOST "https://flows.nodered.org/add/node" \
-c "${COOKIES_FILE}" \
-b "${COOKIES_FILE}" \
-H "referer: https://flows.nodered.org/add/node" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "x-requested-with: XMLHttpRequest" \
-d "module=${MODULE_NAME}&_csrf=$CSRF_TOKEN" > ${RESULT_FILE}
# Show the add/node page' response
cat ${RESULT_FILE}
and get_token.py:
#!/usr/bin/env python3
import re
import sys
for i in sys.stdin:
g = re.match('.*\<.*name="_csrf".*value="(.*)"\>.*', i);
if g is not None:
print (g.group(1))
Now set the MODULE_NAME variable in the update_node.py script, save it to disk and run the file. The module will now be updated, if an update is available, otherwise the script will print Module already at latest version, given you have used it on a valid node name.
