How secure node red by tokens

I want to secure Node-RED using a token. I am embedding Node-RED within my website, and I want access to Node-RED to be restricted only through the website. An example of this is provided below:

 adminAuth: {
        tokens: function(token) {
            return new Promise(function(resolve, reject) {
                // Check if the token is valid
                if (token === 'rdp2vex0nq4mzl8tf8hba1tpr5umtmzn') {
                    // Resolve with the user object
                    var user = { username: 'admin', permissions: '*' };
                } else {
                    // Resolve with null if the token is not valid

I've managed to secure access to Node-RED. However, I feel like it's not the right way, but it works.
the problem is there is no protection on Nodes itself, for example, the Node-RED dashboard.
I've seen this concept implemented in home assistant, but I don't understand how

I'm having the same problem, can you solve it?