Digest authentication support in HttpRequest node

Hi,
I am new to Node-Red and I am interested in the topic you have discussed.

I am using the HTTP Request node that is part of Node-Red to communicate with a Hikvision PTZ camera and I am doing this successfully but only with basic authentication, I would like to use digest as it is more secure and was wondering if you could explain how I change the options to do this.

do I need to install something extra as I have read all of the above and noticed you have added a line of code but I have no idea how this is done. do you have any pointers or a link to where I can learn more on how to do this type of modification.

Thanks

Rich

Hi Richard (@rjandsam

This is indeed a feature that some other folks have already been asked me about, since it is used quited a lot for multiple branches of IP camera's. However as Nick already explained, that single line of code is not a good solution. There would be a better solution, e.g. a dropdown with authentication methods...

All proposals are welcome!!
Bart

My programmer Darren has recreated both files to do exactly that and it works a treat is this something that you would like me to share if so what is the protocol, if any for this?

A pull-request to allow us to see the proposed changes and to review them would be a next step.

Also some discussion around the actual implementation that covers some of the questions I raised in my previous post would be useful.

Hey Nick (@knolleary),
I thought (from the above discussion) that you wanted to add also Bearer authentication. Which would make sense, since then the HttpRequest node would support all 3 available authentication methods.

Something like this (with checkbox description changed and dropdown added):

image

Containing following options in the dropdown:

image

With 'Basic authentication' default selected, to avoid impact on existing flows ...

Bart

3 Likes

@BartButenaers Looks very nice and handy. Is there an ETA :slight_smile: ?

As a related side note:

I'm struggling with Digest Authentican using http-request. Since it's not currently supported I manage the flow manually through headers and function and md5.

I can get it to work, however, I've run into an annoying issue. For my manual implementatio of Digest Authentication to work, I disable "Use basic authentication". The annoying issue is that it keep enabling itself again, messing up my manual Digest Auth implementation. Here are my observations:

  1. If I open the Http Reqeust node and exit with Done, it will re-enable the "Use BAsic Authentication".

  2. If I open the Http Request node and exit with Cancel, it will stay disabled.

Seems like a bug to me.

@1iveowl :
Since the http-request node is a standard node, it is adviced to wait for feedback from @knolleary (before creating a pull-request). Because the above proposal might have some drawbacks, that I haven't thought about. And once we have an agreement, hopefully Darren (the programmer from @rjandsam) has some time left to implement it :wink:

And at the end, I will create an identical solution for my node-red-contrib-multipart-stream-decoder node, since users have the same problem there (to get an mjpeg stream from a camera with digest authentication) ...

1 Like

@BartButenaers yes, your suggestion is closer to what I had in mind than what @rjandsam shared - but I wasn't sure if you were offering it up as a contribution or just a mocked up UI to clarify to @rjandsam what was needed.

Either way, there's only a few days left to get anything in 0.20.

@knolleary: Well I 'thought' you had something like that in mind, but I was not sure. Will next time try to be a bit more specific when I need your opinion...

I can try to do the contribution myself, but I haven't got a device that supports digest authentication. Will need someone else to test that for me ... Will see what I can do. And if it is too late for the release, no problem. We can't keep going on pushing you to add new stuff into the release.

Nick (@knolleary),

I have installed version 0.20.0-beta.5 and changed the config screen behaviour:

digest

  • By default the 'basic authentication' is selected, to make sure we don't break existing flows.
  • The username and password fields are displayed both for basic and digest authentication.
  • When bearer authentication is selected, a bearer token can be entered (which is stored in the credentials section).

Is the config screen ok for you?
My only doubt is whether the "bearer token" label should be changed to simply "token"??

2 Likes

@BartButenaers looks good - but ultimately we'll review it fully once there's a PR. Thanks

@rjandsam,
I have created a fork of Node-RED, with an implementation of this feature request. Seems all to be working fine, even for existing flows. Everything is ready (incl. test flows) for a pull request. I have also added the Bearer Authentication.

But now I have been loosing quite some time installing grunt, but it keeps giving me errors. Don't know how that grunt thing works. Contributing to the Node-RED core is not easy for normal hobbyists like myself ...

My time is up for today. Will try to get grunt running this evening.

@BartButenaers if you have code that is working, stick the PR. You can tussle with Grunt in parallel.

( I usually have to install grunt-cli as a global.... sudo npm i -g grunt-cli so that the grunt command is available everywhere... )

Hey Dave (@dceejay),
I had also installed it global (for same reason), but still get a lot of errors. For example:

Error: Cannot find module 'should'
_ at Function.Module.resolveFilename (internal/modules/cjs/loader.js:603:15)
_ at Function.Module.load (internal/modules/cjs/loader.js:529:25)
_ at Module.require (internal/modules/cjs/loader.js:657:17)_
...

Could you please explain a bit more which parameters I have to add to the grunt command, for a pull-request? Because I saw last night here that there are multiple options available...

Hi Nick (@knolleary),
I have created a pull request, but I wasn't able to run grunt on it. How stupid ...

usually you only need either grunt build if you want to build the runtime for running Node-RED... or just grunt - which will build it then run all the tests.

Dear all,

I have some camera units which has http alertStream. I can use some API GET requests to get those Stream. Authentication mode is basic and I can only use node red Multipart decoder to get that stream continuously. No issue.

Now I have another device which has only Digest authentication. Still I have the alertStream but I cannot use Multipart decoder node for this case because it has only basic authentication.

Even though Node red http request node has both basic and digest authentication modes, it cannot handle those Streams. Only multipart decoder could handle that stream with basic auth.

Question is How can I use multipart decoder for digest authentication mode. ?

Correct if I'm wrong at any point.
Thanks in advance.
-Jude

Hi Jude,
the multipart-decoder node doesn't support digest authentication. To support that I need to rewrite quite some stuff, because I use a rather old npm library under the covers. So that would result in quite some work...
At the time being the http-request node was not capable of decoding multipart streams.
So don't know about a short term solution, when you want to do it al inside Node-RED (without third-party tools).
Bart

1 Like

Thanks for the reply. Appreciate it.

Currently I'm using some REST API client software called Insomnia. It has both authentication modes and still I'm figuring out how to request multipart streams. :smiley:

Hopefully, soon we will get that digest authentication mode for the multipart decoder. Its really a useful node. :smiley:

Thanks :smiley:

1 Like

For completeness, I need to upgrade to use "some" other library. But not sure which one. Other nodes have a related issue.

1 Like