Hi.
I making a subflow that will incorporate jwt verify, I have a signing secret that normally would be added to the environment variables of the jwt verify node.
I have my own environment variable for my subflow with the signing secret but there does not seem an option to pass the secret in with the message object.
I can not set the environment variable in the flow. any ideas?
thanks
Harry
Why not? Because of security reasons or you are unable to?
You should be able to use environment variables in the nodes secret field. Have you tried?
"Using environment variables : Node-RED" Using environment variables : Node-RED.
You can only read environment variables, you can not set them dynamically. You can add them in your settings.js but this defeats the object of the subflow.
Harry
I see looking at the github issue page that a few people had the same issue.
I ended up downloading the master branch and adding the feature myself.
In the function JwtVerify(n)
Before :
node.on('input', function (msg, send, done) {
send = send || function() { node.send.apply(node,arguments) }
done = done || function(err) { if(err)node.error(err, msg); }
if (node.signvar === 'bearer') {
After:
node.on('input', function (msg, send, done) {
send = send || function() { node.send.apply(node,arguments) }
done = done || function(err) { if(err)node.error(err, msg); }
if ( msg.secret !== undefined && !node.jwk) {
node.secret = msg.secret;
}
if (node.signvar === 'bearer') {
repackage and added to my node-red
Harry
Hi.
That workaround is fine for your own use, but if you were to fork the repo and publish a Pull Request back to the source repo, I'd not recommend setting node.secret as any following msg without a .secret would end up using the previous secret.
The preferred pattern for providing a property via a msg is to either use a typedInput OR use a local variable and only if the field is left blank - something like this...
node.on('input', function (msg, send, done) {
send = send || function() { node.send.apply(node,arguments) }
done = done || function(err) { if(err)node.error(err, msg); }
const secret = node.secret || msg.secret;
if (node.signvar === 'bearer') {
Good point and thanks for the advise.
I changed it to
node.secret = node.secret || msg.secret;
Again workaround is fine for internal use, incidentally I encapsulate a lot of routines into subroutines and make it a habit of cleaning up the message object before returning.
I use environmental variables and then delete them in a change node, so not to contaminate the msg going forward.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy