Node-red mdashboard sessions


I am looking at node-red mdashboard for the more front-facing stuff on an IoT dashboard project for a client. I have an API server written in Python Flask which I can query. I need authentication and the dashboard needs to remember each individual user connection's authentication token to use the API.

The system has a user privilege tier system, so the API server uses the token to get the user's details in the DB and decide whether it should respond with the data or with 401 Unauthorized.

Does node-red mdashboard (the dashboard fork which allows multiple users) have support for sessions? I.e. does it enable me to remember which client made a request so that I can use the correct token to authenticate with the backend? Or should I look for another option to enable team members with little coding experience to work on this project?

Have you looked at when mdashboard was last updated and how many outstanding issues it has? Last I looked, it appeared abandoned.

And in the GitHub readme:

Important: Please note that I can no longer spare time to work on this project. If you are interested in taking over, please mail me at umasudhanp[at]gmail and i will outline next steps.

I have just done so. That is not going to work for my purposes then. Are there any other ready-made UI blocks available, or is it going to be easier to just write a pure flask with html + frontend framework something?

The need is to have a low-code something so non-coders can do UI layout and tweaks. I don't know if something that satisfies that need exists, but if somebody has an idea, please let me know.

Node-RED isn't necessarily ideal for multi-user sessions. Though Dashboard does now have an ExpressJS middleware exposed in settings.js and you could try that.

I generally recommend putting Node-RED behind a reverse proxy and getting the proxy to handle authentication at least. I have a bit of a write-up going in the uibuilder tech docs. How to use NGINX as a reverse proxy with TLS and identity authentication ( - there are a couple of other security docs in there as well.

Those docs are focused on uibuilder of course but most of the info is applicable to Dashboard and elsewhere as well.

Well, there are a few people looking at this subject as Dashboard is based off Angular v1 which is now end-of-life.

uibuilder provides an underlying framework on which to build any user-facing interfaces and apps. It handles the comms and exposes a number of API's and ExpressJS server features. The idea being that it is the foundation for building data-driven apps from the low-code Node-RED back-end.

However, it doesn't as yet have the higher-level constructs that something like Dashboard has.

I've recently been working on an approach that uses custom web components along with a new version of the uibuilder front-end client library. That lets you build dynamic interfaces from a JSON spec using native web tags and custom web components. It is still a work in progress though. There are some recent threads explaining some of what I'm doing - check out the uibuilder tag in the forum.

1 Like

I perhaps should also have pointed out that uibuilder has both ExpressJS and Socket.IO middleware capabilities that let you implement specific security as you need/want it.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.