Node-red-contrib-httpauth not compatible with Nodered 2.x

Hi there,
I did try to install the httpAuth node but as mentioned in the title, it is not compatible with Node Red 2.

npm ERR! code EBADENGINE
npm ERR! engine Unsupported engine
npm ERR! engine Not compatible with your version of node/npm: node-red-contrib-httpauth@1.0.12
npm ERR! notsup Not compatible with your version of node/npm: node-red-contrib-httpauth@1.0.12
npm ERR! notsup Required: {"node":"^0.12.7"}
npm ERR! notsup Actual: {"npm":"8.1.0","node":"v16.13.0"}

Is there any suggested work around to implement basic authorisation on a HTTP IN node?

Thanks for your help

Hi Felice, it is always worth checking when a node was last updated. In this case, it was over 7 years ago, a lifetime and more in node.js years.

As you can see, the node has been restricted to want node.js v0.12.7 whereas current versions are v12, v14 & v16 and you are using v16.

You can do authentication natively in Node-RED though and no longer need that node.

Securing Node-RED : Node-RED (nodered.org)

Hi Julian,
thanks for the hint. I did look at the link you posted and I am not sure if it will work in my context.
I don't need to secure node-red as whole but just an HTTP-IN node which receives messages from Sigfox Backend. Moreover, since I may end up with few of those HTTP-in nodes with different credentials, I am trying to find the way to accept the incoming traffic only if the authentication is verified. That would also help me to redirect the incoming message to a specific node for further work that needs to be done on it.
Any suggestion to secure only the HTTP-in node is welcomed.

To be honest, I find things like this too complex to do reliably in Node-RED itself. You might be able to do something with middleware but I've not explored that really myself except to add some standard headers.

I would personally use a reverse proxy using something like NGINX. Using that, you can add whatever security you want to any endpoint at all.

You can send www-authenticate headers to require basic authorization

here is a proof of concept flow.

[{"id":"7ede6b49.17be84","type":"inject","z":"bf9e1e33.030598","name":"","props":[{"p":"payload"},{"p":"topic","vt":"str"}],"repeat":"","crontab":"","once":false,"onceDelay":0.1,"topic":"","payload":"","payloadType":"date","x":90,"y":2380,"wires":[["b39e9622.b6b0c"]]},{"id":"b39e9622.b6b0c","type":"change","z":"bf9e1e33.030598","name":"","rules":[{"t":"set","p":"headers.Authorization","pt":"msg","to":"Basic YWRtaW46MTIzNDU2","tot":"str"}],"action":"","property":"","from":"","to":"","reg":false,"x":350,"y":2380,"wires":[["1fa56fa1.c08a4"]]},{"id":"1fa56fa1.c08a4","type":"http request","z":"bf9e1e33.030598","name":"edit url to your ip","method":"GET","ret":"txt","paytoqs":"ignore","url":"http://192.168.1.25:1880/auth","tls":"","persist":false,"proxy":"","authType":"","x":520,"y":2420,"wires":[["60260e2d.91d07"]]},{"id":"2aff61c.bc80a9e","type":"inject","z":"bf9e1e33.030598","name":"","props":[{"p":"payload"},{"p":"topic","vt":"str"}],"repeat":"","crontab":"","once":false,"onceDelay":0.1,"topic":"","payload":"","payloadType":"date","x":130,"y":2440,"wires":[["1fa56fa1.c08a4"]]},{"id":"60260e2d.91d07","type":"debug","z":"bf9e1e33.030598","name":"","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"true","targetType":"full","statusVal":"","statusType":"auto","x":650,"y":2380,"wires":[]},{"id":"bb582f31.95be1","type":"http in","z":"bf9e1e33.030598","name":"","url":"auth","method":"get","upload":false,"swaggerDoc":"","x":140,"y":2540,"wires":[["516d8812.ece38","767a31.47eafdd"]]},{"id":"767a31.47eafdd","type":"switch","z":"bf9e1e33.030598","name":"","property":"users","propertyType":"flow","rules":[{"t":"cont","v":"req.headers.authorization","vt":"msg"},{"t":"else"}],"checkall":"true","repair":false,"outputs":2,"x":300,"y":2540,"wires":[["a627b680.bc022"],["11af2225.b4c606"]]},{"id":"a627b680.bc022","type":"change","z":"bf9e1e33.030598","name":"","rules":[{"t":"set","p":"payload","pt":"msg","to":"your in","tot":"str"}],"action":"","property":"","from":"","to":"","reg":false,"x":480,"y":2540,"wires":[["4d1eeeb5.397f"]]},{"id":"4d1eeeb5.397f","type":"http response","z":"bf9e1e33.030598","name":"","statusCode":"","headers":{},"x":650,"y":2540,"wires":[]},{"id":"516d8812.ece38","type":"debug","z":"bf9e1e33.030598","name":"","active":false,"tosidebar":true,"console":false,"tostatus":false,"complete":"true","targetType":"full","statusVal":"","statusType":"auto","x":280,"y":2600,"wires":[]},{"id":"11af2225.b4c606","type":"change","z":"bf9e1e33.030598","name":"","rules":[{"t":"set","p":"statusCode","pt":"msg","to":"401","tot":"str"},{"t":"set","p":"headers.WWW-Authenticate","pt":"msg","to":"basic","tot":"str"},{"t":"set","p":"payload","pt":"msg","to":"Not authorized","tot":"str"}],"action":"","property":"","from":"","to":"","reg":false,"x":480,"y":2600,"wires":[["4d1eeeb5.397f"]]},{"id":"c9e4e387.950a3","type":"inject","z":"bf9e1e33.030598","name":"","props":[{"p":"payload"},{"p":"topic","vt":"str"}],"repeat":"","crontab":"","once":false,"onceDelay":0.1,"topic":"","payload":"admin:123456","payloadType":"str","x":210,"y":2720,"wires":[["e20dfa40.30e7b8"]]},{"id":"e20dfa40.30e7b8","type":"base64","z":"bf9e1e33.030598","name":"","action":"","property":"payload","x":420,"y":2720,"wires":[["ddbc374f.dad918","96b03a0a.4a762"]]},{"id":"96b03a0a.4a762","type":"change","z":"bf9e1e33.030598","name":"","rules":[{"t":"set","p":"users","pt":"flow","to":"$append([$flowContext(\"users\")[$ != \"Basic \" & $$.payload]],[\"Basic \" & $$.payload])","tot":"jsonata"}],"action":"","property":"","from":"","to":"","reg":false,"x":610,"y":2720,"wires":[[]]},{"id":"ddbc374f.dad918","type":"debug","z":"bf9e1e33.030598","name":"","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"false","statusVal":"","statusType":"auto","x":550,"y":2800,"wires":[]}]

Thank you all for the directions. I will give it a try.

Just in case someone would be interested in how to solve the issue on such old node:

Clone the git, go into the package.json and change "node":"^0.12.7" to "node":">=0.12.7" (which is just saying it can use a higher version) then copy the node-red-contrib-httpauth folder to the node_modules subfolder in your node-red directory, restart NR, and it should work fine.

Reference

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.