Http-in node and templated user and password for basic auth (proposal)

Hi everybody,

I am currently working on an integration project where I connect an OMS (Order Management System) of an ecommerce platform to an ERP. Depending on the context, I have outsourced process flows to separate flows. Usually in such projects you have at least one integration and one production environment, and possibly a third test environment.

In my case, the integration is based on REST APIs on both sides, which means that I use several http-request nodes across the flows, both of which require Basic-Auth for both systems. Currently, I have to determine the hash myself for each process via an upstream function node and set it "manually" via header in order to achieve central management of credentials.

For a central and simplified administration of the credentials when copying or setting up a new instance, the use of the mustache notation for the username and password field would be advantageous from my point of view. Ideally via the global context for providing the credentials. What is your opinion on this? I haven't been with NodeRED long enough to have penetrated the abstract context. Is this pro or contra design pattern http request node? If the idea resonates, I would do the integration and submit a PR.

Greetings

Stefan

In case you were not aware, you can already use env vars for these...

Setting a node property

Any node property can be set with an environment variable by setting its value to a string of the form ${ENV_VAR}. When the runtime loads the flows, it will substitute the value of that environment variable before passing it to the node.

https://nodered.org/docs/user-guide/environment-variables

For an ERP? Not in any organisation I've ever worked for or ever would. :slight_smile:

Hi, Basic Auth - don't ask about this :upside_down_face: :person_shrugging:. Hopefully we can add a firewall rule for ip. KR

OK, well hopefully you don't work in a certified environment like nuclear, health or finance. You would certainly fail the security audits.

Hi Steve, thanks for that input. But how can i use them in in the password and username field of http-request node? Need smth. like that:

KR

As ${env_vars} NOT {{{mustache}}}

Only ecommerce. ;).

Hi, ok, got it. But this will only work if the password and username are the same for all http-request nodes right? As soon as I have different credentials for the http-request nodes, I can no longer use the ENV. Do I understand this correctly? Thanks and KR Stefan

Use different env vars for each set of credentials. Specify the appropriate var in each of the request nodes.

Hi, ok - all your replies and some more research let me understood the concept. There is only one major concern: Putting plain passwords to settings.js would prefer to store it in node-red-contrib-credentials. But thanks for you support, have to think about a proper solution for my requirement. My i fork the http-request node and individualize it for my needs. KR Stefan

They don't have to be in settings.js, they could be set in a script that starts node-red or in the system environment before getting to node red. But yes, they will be in plain text, which is not ideal to say the least.