Unfortunately, I have deleted the project, but I have worked on the idea and it succeeded. I need only one expert in Node.js to build a powerful tool that connects between these two frameworks, Django and Node-RED. Now, I will explain the idea to you. It may seem complicated, but it ensures security. First, you need to add middleware in Node-RED. This will be possible in the version available on GitHub. The function of this middleware is to ensure that the same person registered in Django is the one who wants to access Node-RED. But how? Through the session ID that Django puts once logged in. I'll provide you with code that clarifies this process. Now, the question is: how can it confirm that the session ID is the same in Django and registered, and also specific to a certain person? I mean, that person has the permission to access it... The sessions are stored in a table called django_sessions in the database, and the data is encrypted and cannot be accessed except by decryption. The tool capable of this is Django, through creating a REST API between both Django and Node-RED, where it sends the session ID, and Node-RED verifies it with Django and Django responds if the person is allowed. However, this opens a loophole. This can be prevented by also encrypting the request, which will prevent the theft of the session ID. The second question is how to prevent spam requests. This can be done by adding middleware in Django to block any requests coming to the part responsible for the REST API, except from specific addresses. This is preferable, especially when using Docker and specifying allowed hosts to access the Django REST API for retrieving user data.
The data is encrypted and cannot be decrypted to obtain the session ID belonging to any member except through Django
Here is an example of decrypting the data; you can use a REST API.
There's a problem here: any request, even a simple image request from within Node-RED, will trigger a request to Django to confirm the session. This presents an issue because the page will have multiple requests, potentially leading to increased traffic. To mitigate this, we can add a JavaScript object. At the start, it fetches all the allowed session IDs and their expiry dates for each individual. If any modifications occur, Django sends the updated data to Node-RED. I didn't implement this initially because the traffic was low, with only five users making modifications. Secondly, I reduced traffic by storing session IDs in the JavaScript object. Instead of sending requests to Node-RED, when a request with a new session ID is sent, I request all allowed session IDs and update the JavaScript object.
If anyone is skilled in Node.js and is willing to build an open-source tool to bridge Node-RED and Django, I'm ready to collaborate with them
