Connection to socket.io websocket for updates, how?

Good day,

I'm looking for a way to connect to a simple socket.io websocket to receive real time events, an example can be found here: https://ws.moodo.co:9090 (view-source).

How can I best achieve this in Node Red?

Did you search in flows?

https://flows.nodered.org/?term=socket.io&num_pages=1

I did, all of the nodes are focused on NR being the server - I need to connect as a client...

Did you look at

I don't believe this supports a socket.io connection, sadly.

So the node

doesn’t do what you want?

Nup, this node does not allow events to be sent for authentication for example, socket.io normally requires parameters to be sent to subscribe, in my case it's 2 simple parametres (authentication and box_id).

I'd be interested in understanding more about how this works because I've been struggling with security implementations on socket.io myself for uibuilder.

If I can understand how someone else has implemented this and how well it works, I might even be persuaded to write a node for you :wink:

To reply to myself since I can see that this thread is still somewhat popular.

When a socket.io client connects to a server, by default it tries to use websockets first and if that fails it falls back to using long polling.

The initial connection for websockets and all of the connections for long polling are HTTP(S) connections. Socket.io server relies on a node.js web server to work. HTTP(S) connections allow custom HTTP headers including things like bearer tokens, etc.

However, if socket.io manages to "upgrade" that initial HTTP(S) connection to websockets, websockets are a different protocol WS(S) which does NOT support custom http headers. That means that any security relying on http headers (such as the very common bearer and JWT approaches) will only check on the initial connection as to whether the client is authenticated. After that, any communications taking place over websockets cannot, by definition, carry any security data unless you manually include it in the message.

For v5 of uibuilder, I've given up trying to build in security because there are simply too many variables and edge-cases and I don't want to deliver something that isn't bullet-proof.

Instead, uibuilder v5 gives 4 middleware features. One for the uibuilder ExpressJS connection, One for the initial Socket.IO connection, one for any inbound socket.io message and one for any outbound (from Node-RED to the client) socket.io message. A 5th feature allows for middleware for each specific uibuilder node that allows authors to create custom API's.

So people can create their own functions for doing security just as they need it. Of course, I still recommend doing security externally using a reverse proxy. But that also works well with the middleware features.

The Node-RED editor and the Dashboard have their own middleware capabilities as well of course. But I don't think they support message-level middleware.

1 Like

Hi all, this might be slightly off-topic, yet still Sockets.io related, so bear with me:

I am trying to find a sockets.io receiver node which works with the current version of Home Assistant, which earlier this year upgraded to node 16. This unfortunately means that a lot of contrib nodes in the palette manager do not work, getting BADENGINE errors as they need node 10, 12 or 14.

I understand there's a potential to clone a repo, change the package.json, but I'm not sure how to "sideload" for lack of a better word the modded node into HA, besides there's no guarantee the node would work.

So, tldr; anybody's got a sockets.io which works with node 16? Thank you!

I would expect any recent version of Socket.IO would work with node v16. I dev & test on v16 and have done for some while. uibuilder uses socket.io and I have not issues.

The issue is more likely that they have a different version of socket.io itself. You really need to be using the same client and server versions of socket.io otherwise you can get issues.

If nodes don't like node.js v16, you need to contact the authors and get them to update their nodes. Node v16 is one of the live LTS versions and so should work. Generally authors only specify a minimum engine level anyway not a max so there are rarely issues. What nodes are you having issues with? As I say, I use v16 (but I don't use HA) and don't have any problems with the nodes I use. You could also test with uibuilder which uses socket.io and certainly is happy with node.js v12+

Thank you, that seems to be the issue, yet the Sockets.io nodes available through the palette manager seems to be half a year or older, likely around the time HomeAssistant Core / NodeRed (not sure which) upgraded the node version to 16. These are the ones I see available:

A couple of weeks ago, I reached out to the authors via github, and so far only one responded, having updated his repo here.

Evidently it's reved up from from v.0.1.1 to 1.1, however this is unbeknownst to the node-red library, i.e. it's not accessible from the palette.


(link)

The check for update does not seem to do anything and if one clicks on the View on GitHub link, it's still the old 0.1.1 which does not work with Node 16.

As I have not written nodes myself, I am unfamiliar with the update process, i.e. I presume the dev has to notify nodered.org that a new version is available, correct?

Alternatively since he's provided a link to the updated repo, I wonder if there is a way to manually install it. Problem is I am running HA Core, which does not (at least per default) provide cmdline access to npm etc.

As far as I can see, the author has simply updated "socket.io-client" dependency to "4.5.1" then published a tagged release without actually updating the package version See here - still says v0.1.1 and because NPM cannot be updated without changing package version then the author won't be able to publish an update to npm.

In short, request the author bumps the package version, publish an update to NPM then you can refresh the flows library.

Alternatively, download the package from that tagged link and upload it into your node red using the upload tgz button on the palette manager. (You may first need to uninstall the existing version - since the version number has not been changed in the package)

Thank you @Steve-Mcl, until now I'd completely overlooked that upload button, <facepalm, lol>
Now, as the author isn't responsive, I attempted to upload the .tar.gz file from the repo

However the palette manager seems to barf dayglo when I upload it, with the message:
image

For the record, no version of this node is installed at the moment.

As you can see, the log shows absolutely nothing of value:
image

Thinking NR perhaps was picky about extensions, I renamed the file from tar.gz to .tgz, same error
I've tried repackaging the tarball so the package.json is to be found in the root, but still no love. Same result as above. Any ideas what I might be doing wrong?

At this point, id probably...

  • Git clone the repo to your harddrive
  • Edit the version number to 0.1.2
  • Run npm pack to generate a proper npm tgz package & upload that.