Node-red-contrib-httpauth not compatible with Nodered 2.x

FeliceM · 8 June 2022 04:54

Hi there,
I did try to install the httpAuth node but as mentioned in the title, it is not compatible with Node Red 2.

npm ERR! code EBADENGINE
npm ERR! engine Unsupported engine
npm ERR! engine Not compatible with your version of node/npm: node-red-contrib-httpauth@1.0.12
npm ERR! notsup Not compatible with your version of node/npm: node-red-contrib-httpauth@1.0.12
npm ERR! notsup Required: {"node":"^0.12.7"}
npm ERR! notsup Actual: {"npm":"8.1.0","node":"v16.13.0"}

Is there any suggested work around to implement basic authorisation on a HTTP IN node?

Thanks for your help

TotallyInformation · 8 June 2022 08:57

Hi Felice, it is always worth checking when a node was last updated. In this case, it was over 7 years ago, a lifetime and more in node.js years.

As you can see, the node has been restricted to want node.js v0.12.7 whereas current versions are v12, v14 & v16 and you are using v16.

You can do authentication natively in Node-RED though and no longer need that node.

Securing Node-RED : Node-RED (nodered.org)

FeliceM · 8 June 2022 09:12

Hi Julian,
thanks for the hint. I did look at the link you posted and I am not sure if it will work in my context.
I don't need to secure node-red as whole but just an HTTP-IN node which receives messages from Sigfox Backend. Moreover, since I may end up with few of those HTTP-in nodes with different credentials, I am trying to find the way to accept the incoming traffic only if the authentication is verified. That would also help me to redirect the incoming message to a specific node for further work that needs to be done on it.
Any suggestion to secure only the HTTP-in node is welcomed.

TotallyInformation · 8 June 2022 10:04

To be honest, I find things like this too complex to do reliably in Node-RED itself. You might be able to do something with middleware but I've not explored that really myself except to add some standard headers.

I would personally use a reverse proxy using something like NGINX. Using that, you can add whatever security you want to any endpoint at all.

E1cid · 8 June 2022 11:23

You can send www-authenticate headers to require basic authorization

here is a proof of concept flow.

[{"id":"7ede6b49.17be84","type":"inject","z":"bf9e1e33.030598","name":"","props":[{"p":"payload"},{"p":"topic","vt":"str"}],"repeat":"","crontab":"","once":false,"onceDelay":0.1,"topic":"","payload":"","payloadType":"date","x":90,"y":2380,"wires":[["b39e9622.b6b0c"]]},{"id":"b39e9622.b6b0c","type":"change","z":"bf9e1e33.030598","name":"","rules":[{"t":"set","p":"headers.Authorization","pt":"msg","to":"Basic YWRtaW46MTIzNDU2","tot":"str"}],"action":"","property":"","from":"","to":"","reg":false,"x":350,"y":2380,"wires":[["1fa56fa1.c08a4"]]},{"id":"1fa56fa1.c08a4","type":"http request","z":"bf9e1e33.030598","name":"edit url to your ip","method":"GET","ret":"txt","paytoqs":"ignore","url":"http://192.168.1.25:1880/auth","tls":"","persist":false,"proxy":"","authType":"","x":520,"y":2420,"wires":[["60260e2d.91d07"]]},{"id":"2aff61c.bc80a9e","type":"inject","z":"bf9e1e33.030598","name":"","props":[{"p":"payload"},{"p":"topic","vt":"str"}],"repeat":"","crontab":"","once":false,"onceDelay":0.1,"topic":"","payload":"","payloadType":"date","x":130,"y":2440,"wires":[["1fa56fa1.c08a4"]]},{"id":"60260e2d.91d07","type":"debug","z":"bf9e1e33.030598","name":"","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"true","targetType":"full","statusVal":"","statusType":"auto","x":650,"y":2380,"wires":[]},{"id":"bb582f31.95be1","type":"http in","z":"bf9e1e33.030598","name":"","url":"auth","method":"get","upload":false,"swaggerDoc":"","x":140,"y":2540,"wires":[["516d8812.ece38","767a31.47eafdd"]]},{"id":"767a31.47eafdd","type":"switch","z":"bf9e1e33.030598","name":"","property":"users","propertyType":"flow","rules":[{"t":"cont","v":"req.headers.authorization","vt":"msg"},{"t":"else"}],"checkall":"true","repair":false,"outputs":2,"x":300,"y":2540,"wires":[["a627b680.bc022"],["11af2225.b4c606"]]},{"id":"a627b680.bc022","type":"change","z":"bf9e1e33.030598","name":"","rules":[{"t":"set","p":"payload","pt":"msg","to":"your in","tot":"str"}],"action":"","property":"","from":"","to":"","reg":false,"x":480,"y":2540,"wires":[["4d1eeeb5.397f"]]},{"id":"4d1eeeb5.397f","type":"http response","z":"bf9e1e33.030598","name":"","statusCode":"","headers":{},"x":650,"y":2540,"wires":[]},{"id":"516d8812.ece38","type":"debug","z":"bf9e1e33.030598","name":"","active":false,"tosidebar":true,"console":false,"tostatus":false,"complete":"true","targetType":"full","statusVal":"","statusType":"auto","x":280,"y":2600,"wires":[]},{"id":"11af2225.b4c606","type":"change","z":"bf9e1e33.030598","name":"","rules":[{"t":"set","p":"statusCode","pt":"msg","to":"401","tot":"str"},{"t":"set","p":"headers.WWW-Authenticate","pt":"msg","to":"basic","tot":"str"},{"t":"set","p":"payload","pt":"msg","to":"Not authorized","tot":"str"}],"action":"","property":"","from":"","to":"","reg":false,"x":480,"y":2600,"wires":[["4d1eeeb5.397f"]]},{"id":"c9e4e387.950a3","type":"inject","z":"bf9e1e33.030598","name":"","props":[{"p":"payload"},{"p":"topic","vt":"str"}],"repeat":"","crontab":"","once":false,"onceDelay":0.1,"topic":"","payload":"admin:123456","payloadType":"str","x":210,"y":2720,"wires":[["e20dfa40.30e7b8"]]},{"id":"e20dfa40.30e7b8","type":"base64","z":"bf9e1e33.030598","name":"","action":"","property":"payload","x":420,"y":2720,"wires":[["ddbc374f.dad918","96b03a0a.4a762"]]},{"id":"96b03a0a.4a762","type":"change","z":"bf9e1e33.030598","name":"","rules":[{"t":"set","p":"users","pt":"flow","to":"$append([$flowContext(\"users\")[$ != \"Basic \" & $$.payload]],[\"Basic \" & $$.payload])","tot":"jsonata"}],"action":"","property":"","from":"","to":"","reg":false,"x":610,"y":2720,"wires":[[]]},{"id":"ddbc374f.dad918","type":"debug","z":"bf9e1e33.030598","name":"","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"false","statusVal":"","statusType":"auto","x":550,"y":2800,"wires":[]}]

FeliceM · 9 June 2022 06:28

Thank you all for the directions. I will give it a try.

FeliceM · 1 July 2022 06:13

Just in case someone would be interested in how to solve the issue on such old node:

Clone the git, go into the package.json and change "node":"^0.12.7" to "node":">=0.12.7" (which is just saying it can use a higher version) then copy the node-red-contrib-httpauth folder to the node_modules subfolder in your node-red directory, restart NR, and it should work fine.

Reference

system · 30 August 2022 06:14

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Help - Middleware for httpin node Auth General security	6	157	2 October 2023
Http-request password - 401 error General	9	5442	10 January 2020
Struggling to authenticate to API in Node-RED but works in Postman General http-request , security	3	254	16 April 2023
IBM Bluemix node red HTTP security issues General	2	316	26 November 2020
OAuth2 implementation General	4	1876	20 January 2023

Node-red-contrib-httpauth not compatible with Nodered 2.x

Related Topics