I have designed a dashboard using uibuilder. Now I want to expand this dashboard and define users with different access levels for it, as well as login page and session management.
Given that I don't manage the back-end code in uibuilder and Node-Red, how can I do this?
Hi, the simplest solution would normally be to start with a reverse proxy such as NGINX and use that to provide the authentication and authorisation - possibly via a tool such as Auth0, Okta, Azure, AWS or something local. Depending on the requirements, it might even be possible to shift all of that to Cloudflare Zero Trust or a similar cloud tool (you then just make sure that Cloudflare is proxying all of your traffic and you don't allow anything to access your server except Cloudflare - the Zero Trust tooling makes that fairly simple).
Either way, you would want to add at least a custom header so that you could use uibuilder's middleware features to do things like pick up the user name and perhaps an expiry timestamp. That isn't for security but rather simply to be able to have a more inclusive user interaction.
Also remember that you need to add some security to the websocket wss connection and not just the https.
Using dedicated and widely tried and trusted solutions for authentication and authorisation is always going to be better than trying to cook something up yourself. Though that would be possible too if you really wanted to by making use of both the web and websocket middleware which lets you intercept both web and websocket interactions, do redirections to login/logout pages, etc. But I'd always recommend doing this using a dedicated tool.
The uibuilder tech docs has quite a bit of technical information on security, the middleware functions, custom ExpressJS services (instead of using the default node-red ExpressJS services if you wanted to). There are also some help pages on setting up security. Unfortunately still not as much as I'd like about tying external security to node-red/uibuilder processing but there are so many different possible interactions and requires related to authentication and authorisation that it is very hard to cover everything.
1 Like
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
