Node-RED

Request refresh via API

Core Development Feature Requests
#1

Hi,

I have been automating the maintenance of the modules I created so that dependencies are quickly updated and security issues prevented.

I now have a fully automated pipeline based on dependabot, snyk security checks, github actions, travis builds with testing and semantic release to publish to npm.

There is only 1 step missing: requesting the refresh on the node-red portal. I would love to automate that as well. Is there an API endpoint available for this or do you know of another way how I could signal the refresh in an automated way?

#2

By node-red portal I assume you mean https://flows.nodered.org ?

It is feasible to automate, but it isn't really setup to be done so.

A refresh can be triggered in two different ways

  • one way is by clicking the 'request refresh' link in the sidebar. That will trigger an HTTP GET to https://flows.nodered.org/node/<name of module>/refresh.
  • the other is submitting the 'add node' form - that will trigger an HTTP POST to https://flows.nodered.org/add/node with the module payload property set to the name of the module.

However, in both cases, the request must be from a logged in user, and must include a valid CSRF token. The CSRF token can be obtained by loading the /add/node page and scraping the token out of it. But getting a valid login session will be very hard to automate - it requires a browser-based flow against GitHub.

So, TLDR; it is probably quite a bit of work to do properly and may just be unfeasible with the current APIs.

To be honest, the API has been designed to provide some amount of protection against automated access - hence lots of CSRF token usage and needing to be logged in to do anything.

#3

That is unfortunate. Would it also work if I provided a bearer token? Or do you require the token to be in a cookie?

#4

It has to be a cookie - like I said, the site simply has not been built to facilitate automated access.

Not saying it couldn't be changed, but it isn't something on my todo list.

#5

Ok, thanks for the quick response.
I'll try out some things to see what I can do.

Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy