How do I dynamically change httpNodeAuth externally (setting.js)

Hello to everyone.

How do I dynamically change httpNodeAuth externally (setting.js). The scenario is: The customer will edit the setting.js file via the form on the browser without manually changing it. Maybe it has nothing to do with node-red, but I'm new to node.js. I need every opinion. Thank you for your help.

Once you make a change to settings.js, you will have to restart Node-RED.

Rather than directly changing settings.js, it would probably be better to use one or more external modules. That way, you can limit the changes to just those files. Either way, a restart is needed after a change except for the properties that allow dynamic functions.

It would help if you shared exactly what properties you were wanting to change.

My goal is to read the httpNodeAuth part through the form and change it. So dynamically changing the person accessing /ui

If you are just interested in security the Dashboard, you might try using the Dashboard middleware function in settings.js. Extracted from one of mine:

    /** If you installed the optional node-red-dashboard you can set it's path relative to httpNodeRoot
     *  Other optional properties include
     *    readOnly:{boolean},
     *    middleware:{function or array}, (req,res,next) - http middleware
     *    ioMiddleware:{function or array}, (socket,next) - socket.io middleware
     */
    //ui: { path: 'ui' },

httpNodeAuth only gives you fixed basic auth. You can change it by a call to an external module as mentioned previously. However, this is not dynamci. It is static and you have to restart Node-RED after you change it.

The Dashboard middleware is dynamic. The function is called on every HTTP request. Of course, you will need to know how to apply security to HTTP requests or will need to find a suitable library.


Oh, and don't forget that you MUST be using HTTPS, not plain HTTP for all requests where you want to apply security.

Thank you for your interest.

Hi Sercan. Http node auth doesnt have to be implemented in settings.js. I usually implement it as a part of the flow, usually as a subflow places as the first node after http in. That way you can use a persisted flow variable and have clients change it. You can also do really complex auth like microsoft login etc. hope this helps,

Is there a sample project about the approach you are talking about?

No, but whats stoping you from connecting a function node to http in and develop basic auth there?