Http-in module authentication

Hello Everybody,

i just set up the http-in module and I am able to receive the web request like raspberry.local:1880/cmnd?var=1
Now, I enabled the user authentication but I am not able to understand how to put username/password into my string like: user:password@raspberry.local:1880/cmnd?var=1

Do you know the right way to do that?

If you post an example flow (cut down to absolute minimum and sanitised to demonstrate your requirements) I'm certain someone will have a look see if that can assist.

Ps, I'm making an assumption here, you have created a password protected endpoint in node-red, that you wanna test see if it works right?

Hi Steve,

thanks for your reply.

My flow is so simple, I just get the var= value and transmit it to RS485 serial

[{"id":"3aa87028.b2dcc","type":"http in","z":"e506d6cf.eafc88","name":"","url":"/cmnd","method":"get","upload":false,"swaggerDoc":"","x":140,"y":120,"wires":[["ad9659d.ca9a3a8","72567f2a.5ee45"]]},{"id":"74a6b85.5369848","type":"serial out","z":"e506d6cf.eafc88","name":"","serial":"287f27ad.84ef88","x":790,"y":120,"wires":[]},{"id":"f1238799.91e208","type":"debug","z":"e506d6cf.eafc88","name":"","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"payload","x":690,"y":260,"wires":[]},{"id":"35903988.bdcce6","type":"http response","z":"e506d6cf.eafc88","name":"","statusCode":"","headers":{},"x":490,"y":260,"wires":[]},{"id":"ad9659d.ca9a3a8","type":"template","z":"e506d6cf.eafc88","name":"","field":"var","fieldType":"msg","format":"html","syntax":"plain","template":"This is the payload: {{payload}} !","output":"str","x":320,"y":260,"wires":[["35903988.bdcce6"]]},{"id":"72567f2a.5ee45","type":"string","z":"e506d6cf.eafc88","name":"","methods":[{"name":"chompLeft","params":[{"type":"str","value":"var: \""}]},{"name":"chompRight","params":[{"type":"str","value":"\""}]}],"prop":"payload.var","propout":"payload","object":"msg","objectout":"msg","x":490,"y":120,"wires":[["74a6b85.5369848","f1238799.91e208"]]},{"id":"287f27ad.84ef88","type":"serial-port","z":"","serialport":"/dev/ttyUSB0","serialbaud":"9600","databits":"8","parity":"none","stopbits":"1","newline":"\\n","bin":"false","out":"char","addchar":false,"responsetimeout":"10000"}]

It works fine, but if I enable the node-red authentication on setting.js file:

httpNodeAuth: {user:"user",pass:"$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN."},

when I go to http://raspberry.local:1880/cmnd?var=1 the browser asked me user and password. I would like to include user/password in the link like:
http://user:password@raspberry.local:1880/cmnd?var=1 and avoid the browser asked me user/password... but doesn't work...

Do you know what is the right way to edit the string?

This is a request, in the request node you can specify the user/pass (not in the url, but in the fields)

1 Like

Also, just a note to say that passing the id/pw in the url without using https? You would be better off not bothering.

If you are struggling with logins for user-facing pages, I strongly suggest using a proxy server such as NGINX, HAproxy or Caddy and using that to provide the authentication and authorisation processing.

1 Like

The problem is that I've only the link, without fields. I would like to do a simple hit with user/pass

I am working in local lan, I just want to use user/password for ui and use the http in node without password...

I think there is a misunderstanding here.

You want to have a username/password on the node-red editor.
You want to open the url with the user:pass@ip in the browser directly.

Follow these steps:

Instead of using httpNodeAuth, change adminAuth

Perhaps I am just confused.

I 'd like to opn editor with user/password - ok I did it
I'd like to open ui with user/password - ok I did it
I'd like to use the http in node to send a RS485 value just doing an hit like http://raspberry:1880/cmnd?var=1 - I am not able to understand where to fit username/password in the string

You should use a http request, http-in is used to create endpoints.

http request? I don't think so...

I would like to open a local browser, fit on the url http://raspberry.local:1880/cmnd?var=1.
The node red will receive the var=1 and it will sent it to the RS485 serial.

The problem is that enabling the ui authentication he asked me user and password and I am not able to put them on the string

As i said:

Perhaps I am just confused.


I have recreated your problem. I am not sure how the authentication for a http-in node works internally. If you remove the httpNodeAuth, it works without user/pass, but defeats security.