Hello,
I would like to create fairly simple api's using node red.
The ideal solution should be nodes implementing authentication, authorization and validation.
Are there any nodes that provide these features or should I create my own node framework for this?
Thanks in advance.
Theo
The security section of the docs should give you pointers for using the core http-in/out nodes with authentication.
I'm currently (well, intermittently if truth be told) working on a security framework for uibuilder that will let you do authentication, authorisation and validation with the added bonus that the websocket connections should also be properly secured which isn't so easy. In fact, the first security release will focus purely on websocket based security and you will use ws messages to log in and for the system to continue to validate and timeout your sessions. That is on the assumption that uibuilder is primarily used for building single-page apps with data being exchanged via ws and only the UI itself given via http(s). So the UI shouldn't be secured, the data should. You can give the security
branch of uibuilder a try if you like though it certainly isn't all working as yet.
Thanks. But what I'm looking for are nodes like:
-
HttpAuthentication
- Example: where you could configure JWTs and do authentication
-
HttpAuthorization
- Example: where you could configure which data the JWT should have in order to grant access to this route
-
HttpValidation
- Example: to validate the incoming request body/parameters
When these nodes are available you could easily create secure http apis without code duplication imo.
There are a few nodes for working with jwt on flows.nodered.org
Not tried them so can't recommend any in particular, but if you want to use jwt, I'd start there.
I'm trying to create config nodes where you specify the jwt secret etc. and use that config node in a middleware node to reduce duplication.
Ideally you would create nodes specifying the authentication protocol like JWT/Basic Auth. But is it possible to call a function on the config node?
Like this:
this.middlewareConfig = RED.nodes.getNode(config.middlewareConfig);
this.middlewareConfig.jwtVerify();