Dashboard Authelia Auth

Following this discussion, i was inspired by using Authelia as an Auth provider for the Dashboard.

Thanks to GitHub - fullmetal-fred/node-red-dashboard-2-cloudflare-auth , it was quickly done

Hardest part was to setup Authelia locally ...

Any suggestions? Do i missed a part?

The Readme is not ready yet , i know...

Great work @kitori - fyi @fullmetal-fred

You should click the "+" button on flows.nodered.org and add this to the Node-RED Library so that others can install it through their Node-RED Editors.

Thank you! (for making the Dashboard 2 awesome )

So, looking into the use of msg._client with a view to standardising for UIBUILDER as well so that we can have a standard mechanism across dashboards and ui's.

However, I note that the FlowFuse user extension uses msg._client.user.userId but the other two contributions use msg._client.user.user but the authelia solution uses msg._client.user.user and the cloudflare solution doesn't have anything(?).

This seems like something that should be resolved now before things go too far?

Can we all agree a single property that will contain the unique user identifier?

@joepavitt @kitori @fullmetal-fred - apologies for tagging all 3, just want to make sure everyone sees it.

yes, it's a bit of a mess.

The Authelia snippets set these Headers:

proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Email $email;
proxy_set_header Remote-Name $name;

Which i access here: node-red-dashboard-2-authelia-auth/index.js at 712678b2a1f014f0c578c9253522dbb25ad8792b · aikitori/node-red-dashboard-2-authelia-auth · GitHub

user.user =  headers["remote-user"] || null;
user.name =  headers["remote-name"] || null;
user.email = headers["remote-email"] ||  null
user.groups =  headers["remote-groups"] || null;

Cloudflare sets the email as the unique username.
In authelia, the user lives in the users.yaml:

users:
  fabian:
    disabled: false
    displayname: "Fabian"
    password: "ChangeMe" 
    email: authelia@authelia.com
    groups:
      - admins
      - dev

In my oppinion, userId for the unique identifier is the way

I agree so that makes 3 out of 4 Perhaps @fullmetal-fred can be persuaded to add that to his cloudflare offering.

I will be adding a feature to UIBUILDER v7, due out soon (if I can stop adding new things into it!), that will populate the msg._client based on all 3 authentication types. I'll probably also add a hook that lets it be overridden in settings.js (uibuilder hooks are another new feature in v7).

Please note that I did spot a couple of issues with D2 auth plugins. Documented here:

In case it is of use.

Other than:

1. Client IP addresses are not very easy to correctly obtain.

Not sure I'm seeing much else for us to act upon?

That's probably it for FlowFuse I think.

Hey all!

Sure, easy enough to populate msg._client.user.userId with the user’s email in the case of Cloudflare. I’ll update my plugin.

@joepavitt we might consider stipulating this as a convention in the plugin docs.

Thanks for the interest here @TotallyInformation!

Oh, @kitori congrats on the plugin and thanks for the shout out!

No worries. Already added to UIBUILDER v7 beta.

Made an auth plugin for Authentik.
node-red-dashboard-2-authentik-auth
(Thanks to @fullmetal-fred and @kitori for their example repos)

Think we could definitely use some documentation for user info standardization.

Yep - I can make it so. I've been caught off guard (in a very good way) at how quickly other plugins have surfaced so it hadn't been a priority.

I'll try and get something together over the next couple of days.

Can I trouble @cgjgh and @kitori to publish their respective plugins to npm please? Then we can make them available in the Node-RED Palette Manager.

@TotallyInformation see updated version 0.1.7 where msg._client.user.userId is now also set with the user's email.

Darn it, another set of different headers. Wish tools would stick to standards!

Do you have any guide to implement Authelia locally? I've been struggling with this for several days?