Imagine a Node-RED use case where the user (that is an IT specialist) is allowed to access Node-RED editor from times to times (for whatever reason - not relevant to the question). As the owner of this application I will configure adminAuth in the settings file for the authorized user. For security and operational audit purposes I want to register in log whenever the user enters the editor.
I can recall two events that may (perhaps ?) indicate a login.
The first one is that the token is stored in the .sessions.json file.
Second, it seems to me that something gets logged in /var/log. Below extract shows the log when an user enters Node-RED editor with adminAuth configured (on the other hand I tried to login with a wrong password and nothing was shown in the screen).
20 Oct 14:09:43 - [trace] utils.writeFile - written content to /home/pi/.node-red/.sessions.json.$$$
20 Oct 14:09:43 - [trace] utils.writeFile - renamed /home/pi/.node-red/.sessions.json.$$$ to /home/pi/.node-red/.sessions.json
20 Oct 14:09:43 - [trace] comms.open laBu/uuO
What is exactly the comms.open event ? Is this related to the login or someting else ?
Is there any other kind of event that might help to detect when someone logs to the editor ?
Can you expand on that? I assume that you mean when a user opens the Editor URL? Not that they may have switched away from the Editor tab and then back again (which might be considered an "entry" in web terms)?
No, the login only appears when a user loads the editor url after the session has expired. Though I think it will also show up if the user tries to do something on the page and the session has expired - though you might need to test that.
I think that the default session is 7 days. So someone like me who always leaves their browser open and simply sleeps their PC will not technically have "left" the page - though that is further complicated by browsers that put tabs to sleep. Do you see why security is so complex?!
The easy answer to this is the same one I keep repeating to people asking about node-red security. Put everything behind a reverse proxy. Then access to the Editor will be tracked in the web server's logs not node-red.