I would like to protect an HTTP-in node with a password.
I tried to download the"http-auth" node but noted that was updated 5 years ago and it doesn't install anymore on NR.
Is there any alternative? How do you protect an HTTP-in node?
Thanks for helping
Hi @FeliceM
I have not researched direct replacements, so therefore can only assume the below.
Use the settings section for httpNodeMiddleware (settings.js)
This will apply to ALL HTTP IN nodes
Configuration : Node-RED
Build in some header/body or even URL parameter checks i.e ensure the client is providing some information that denotes access
Literally build the flow that enforces credentials else return 401
Or go serious and stick NGINX in front of Node RED to do the auth
I noticed a recent axios node that can use auth for endpoints (didn't try, but maybe it works?)
Isn't axios request only? - I only ever associate it with requests.
unless it can now do ingress processing?
You are right, my bad. I was being mislead by:
This extension separates endpoint base configuration from endpoint execution. Define your api endpoint in a configuration node with a base URL, authentication, TLS and proxy. Use this endpoint configuration in multiple request nodes.
Thanks for the directions. I am not lazy but just a hobbyist, would be nice to have an example on how to implement such flow.
You can use Authenticate headers to force a log in, you can then check for basic bearer etc Authorization headers in the endpoint and redirect accordingly.
A simple example
[{"id":"bb582f31.95be1","type":"http in","z":"bf9e1e33.030598","name":"","url":"/endpoint/path_a","method":"get","upload":false,"swaggerDoc":"","x":240,"y":2540,"wires":[["767a31.47eafdd","516d8812.ece38"]]},{"id":"767a31.47eafdd","type":"switch","z":"bf9e1e33.030598","name":"","property":"$count( $flowContext(\"users\")[$ = $$.req.headers.authorization])","propertyType":"jsonata","rules":[{"t":"gt","v":"0","vt":"num"},{"t":"else"}],"checkall":"true","repair":false,"outputs":2,"x":430,"y":2540,"wires":[["a627b680.bc022"],["11af2225.b4c606"]]},{"id":"516d8812.ece38","type":"debug","z":"bf9e1e33.030598","name":"","active":false,"tosidebar":true,"console":false,"tostatus":true,"complete":"res","targetType":"msg","statusVal":"$base64decode($split($$.req.headers.authorization,\" \")[1])","statusType":"jsonata","x":350,"y":2600,"wires":[]},{"id":"a627b680.bc022","type":"change","z":"bf9e1e33.030598","name":" logged in","rules":[{"t":"set","p":"statusCode","pt":"msg","to":"200","tot":"num"},{"t":"set","p":"payload","pt":"msg","to":"{\"data\": \"somedata\"}","tot":"json"}],"action":"","property":"","from":"","to":"","reg":false,"x":580,"y":2520,"wires":[["4d1eeeb5.397f"]]},{"id":"11af2225.b4c606","type":"change","z":"bf9e1e33.030598","name":"send authentacate header","rules":[{"t":"set","p":"statusCode","pt":"msg","to":"401","tot":"str"},{"t":"set","p":"headers.WWW-Authenticate","pt":"msg","to":"basic","tot":"str"},{"t":"set","p":"payload","pt":"msg","to":"Not authorized","tot":"str"}],"action":"","property":"","from":"","to":"","reg":false,"x":590,"y":2580,"wires":[["4d1eeeb5.397f"]]},{"id":"4d1eeeb5.397f","type":"http response","z":"bf9e1e33.030598","name":"","statusCode":"","headers":{},"x":710,"y":2540,"wires":[]},{"id":"2aff61c.bc80a9e","type":"inject","z":"bf9e1e33.030598","name":"Not authorized","props":[{"p":"payload"},{"p":"topic","vt":"str"}],"repeat":"","crontab":"","once":false,"onceDelay":0.1,"topic":"","payload":"","payloadType":"date","x":150,"y":2440,"wires":[["1fa56fa1.c08a4"]]},{"id":"1fa56fa1.c08a4","type":"http request","z":"bf9e1e33.030598","name":"edit url to your ip","method":"GET","ret":"txt","paytoqs":"ignore","url":"http://192.168.1.10:1880/endpoint/path_a","tls":"","persist":false,"proxy":"","insecureHTTPParser":false,"authType":"","senderr":false,"headers":[],"x":520,"y":2420,"wires":[["60260e2d.91d07"]]},{"id":"60260e2d.91d07","type":"debug","z":"bf9e1e33.030598","name":"","active":false,"tosidebar":true,"console":false,"tostatus":false,"complete":"true","targetType":"full","statusVal":"","statusType":"auto","x":650,"y":2380,"wires":[]},{"id":"b39e9622.b6b0c","type":"change","z":"bf9e1e33.030598","name":"","rules":[{"t":"set","p":"headers.Authorization","pt":"msg","to":"Basic YWRtaW46MTIzNDU2","tot":"str"}],"action":"","property":"","from":"","to":"","reg":false,"x":350,"y":2380,"wires":[["1fa56fa1.c08a4"]]},{"id":"7ede6b49.17be84","type":"inject","z":"bf9e1e33.030598","name":"authorized","props":[{"p":"payload"},{"p":"topic","vt":"str"}],"repeat":"","crontab":"","once":false,"onceDelay":0.1,"topic":"","payload":"","payloadType":"date","x":90,"y":2380,"wires":[["b39e9622.b6b0c"]]},{"id":"d27c73c3c5f06d44","type":"inject","z":"bf9e1e33.030598","name":"set users","props":[{"p":"payload"},{"p":"topic","vt":"str"}],"repeat":"","crontab":"","once":false,"onceDelay":0.1,"topic":"","payload":"","payloadType":"date","x":220,"y":2300,"wires":[["8640d82553bd5444"]]},{"id":"8640d82553bd5444","type":"change","z":"bf9e1e33.030598","name":"","rules":[{"t":"set","p":"users","pt":"flow","to":"[\"Basic YWRtaW46MTIzNDU2\"]","tot":"json"}],"action":"","property":"","from":"","to":"","reg":false,"x":380,"y":2300,"wires":[[]]}]
Thank you E1cid. Will try to work on this.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy