Multiple User in Dashboard

Everything went great about Dashboard except its a single user dashboard.

Tried Mdashboard, but it doesn't have hide and disable the widget.

Is there any other way so that multiple users can use my flow?

Please read the ReadMe for the dashboard node-red-dashboard which answers this question

The ui-builder project is more bare bones, but will allow you to craft a dashboard with a lot more complexity and capability.

1 Like

Hello, I have the same difficulty. I am trying to implement a multi-login system with the dashboard. And I read in several posts that I can do this through session control. Would anyone have a simple and practical example of how I can start implementing this?

You have asked this multiple times.

mdashboard is not node-red-dashboard

node-red-dashboard does not support multi-users, as per readme:

This Dashboard does NOT support multiple individual users. It is a view of the status of the underlying Node-RED flow, which itself is single user. If the state of the flow changes then all clients will get notified of that change.
Messages coming from the dashboard do have a msg.socketid , and updates like change of tab, notifications, and audio alerts will be directed only to that session. Delete the msg.sessionid to send to all sessions.

The 'session control' you refer to is only for 'updates like change of tab, notifications, and audio alerts'

1 Like

Yes, I understood. This ui-builder project seems to me to be the most interesting of all. But there is very little documentation of how to do some things.

There is actually lots of information, but you will need html/js/css knowledge as you need to create it from scratch.

2 Likes

Could the https://github.com/SenseTecnic/node-red-contrib-users#node-red-contrib-users project together with ui-builder be used for user authentication control?

Potentially, but like was mentioned in this thread before it will a) need to be set up from scratch as uibuilder you have to more or less start from nothing (allowing you to do everything exactly like you want it to in terms of frontend), and b) like the Readme of your link says

Theoretically yes, but some hacking will be required. The plan is to make it easy to add the same is logged in style middleware check to other nodes that host http endpoints so it can leverage this node for authenticating users.

The middleware side of things is barely documented at the moment though if you know node.js and ExpressJS it is actually pretty straight-forward to implement something.

Something useful takes a little more :nerd_face:

You might be able to cobble it together but you will most likely be better off writing the middleware function yourself. uibuilder specifically allows for this.

The middleware function is contained in a file (you get a dummy example as a template). That function is executed every time a resource is loaded from the URL defined in your uibuilder node. To see what it is doing, simply uncomment the code in the example file (look in the ~/.node-red/uibuilder/.config/ folder for uibMiddleware.js).

After uncommenting the code, restart Node-RED then check the Node-RED log after you (re)load a uibuilder page. You will see debug output appear several times (once for each resource being loaded by the page and once for the page itself).

From there you could add a check to see if a JWT header was present and if not, redirect to a different page (which uibuilder can also serve up). Use a JWT helper node to facilitate a login process and make sure that the authorisation header is added to each resource load.

So as you can see, even securing a page isn't that simple - a knowledge of node.js and ExpressJS is needed as is some knowledge of how to secure ExpressJS.

For simple uses on secure networks, the above may be enough but in most cases you will also need to secure the websocket connection which requires its own middleware (sioMiddleware.js) - and that only works in the initial connection, you need to then also add checks to your flow to make sure that ongoing communication remains secure - that is a "feature" of websockets, not a uibuilder limitation.

I will be creating examples for this and will doubtless end up improving the whole process but I couldn't do any of that until v2 was out the door.

Also remember that you must secure your connections with TLS. That is absolutely mandatory for any authentication and authorisation process. You can add TLS to Node-RED (see the docs) but honestly, it is generally much better to do it via a "reverse proxy" using NGINX or HAproxy (other web servers could also be used). Again, make sure that you proxy the websocket connections as well as the HTTP connections.

1 Like

What are you trying to create that you need authentication and multiple users ? Do you need node-red to accomplish it ?

1 Like

Hi All

I am still building my NR knowledge.

Quick question. You mention deleting msg.sessionid. Where exactly do I find msg.sessionid so I can delete it?

thanks in advance,

Mike