I want to secure Node-RED using a token. I am embedding Node-RED within my website, and I want access to Node-RED to be restricted only through the website. An example of this is provided below:
adminAuth: {
tokens: function(token) {
return new Promise(function(resolve, reject) {
// Check if the token is valid
if (token === 'rdp2vex0nq4mzl8tf8hba1tpr5umtmzn') {
// Resolve with the user object
var user = { username: 'admin', permissions: '*' };
resolve(user);
} else {
// Resolve with null if the token is not valid
resolve(null);
}
});
},
},
I've managed to secure access to Node-RED. However, I feel like it's not the right way, but it works.
the problem is there is no protection on Nodes itself, for example, the Node-RED dashboard.
I've seen this concept implemented in home assistant, but I don't understand how