We are developing application for home automation. We try to using node-red for automation flow configure now.
For devices, rooms in the house. We mapping to nodes and groups in node-red (automate, via api call from server). For end user, we allow them to edit logic only, eg. When door sensor detect door open, main light will be turn-on. They can not add more device (cause config device configure require too verbose/private info - for enduser).
After searching docs (Admin API Methods : Node-RED) and on forum, I found (Add security to the flow or to a node). I am thinking to implement ourself proxy that parse requests (that edit flow) then apply custom authorization based on payload.
The solution above sound kind of "try-hard".
So any suggest better solutions from comuminity?!
Thank so much,