The session validation should be checked before every page is loaded and the login page should be redirected

General
,
1

"I am working on session validation that needs to be checked before every page is loaded.

If the validation fails, the user should be redirected to the login page.

How do I achieve this? My server-side code is expressJS and validation for node-red settings. JS in httpNodeMiddleware.

How can I achieve this using Node-RED's httpNodeMiddleware in settings.js?

Are there any other possible ways to implement this?"

2

Hi @LoganathanSambath

Your going to have to provide more (a lot more) on your setup.

What are you doing exactly?

  • Are you using HTTP IN?
  • Do you want to provide protection to it?
  • Is this more about the standard Node RED editor auth methods?
  • is it to protect an API developed in Node RED?

I am afraid what you have provided is too vague to answer in its current state

3

Hi @marcus-j-davies

i am using HTTP IN
i want to provide protection to some endpoints
i need session validation for http in ; without session, it won't allow
How can I achieve this?

Now I am using settings. js httpNodeMiddleware function:

  httpNodeMiddleware: function(req,res,next) {
    validateSession(req, res, next)
       next();
    },

Bwlow express.js code

module.exports = function sessionValidation(req, res, next) {
  const sessionId = req.cookies['session_id'];
  // If sessionId exists in cookies and session is valid
  if (sessionId) {
    console.log('>>>>>>>>>>>>>>>if block',sessionId);

      return next();  // Proceed to the next middleware or route
  } else {

      // Redirect to login if no sessionId or session is invalid
      console.log('Session invalid. Redirecting to login');
      res.redirect('/api/login');
  }
};
  • If i remove session, the http in endpoints didn't redirect to login page
  • This code works if validation succeeds or not. run this endpoint api/login
    while show error
4

OK I think I can see what is going on.

try this...

Your Middleware

function sessionValidation(req, res, next) {
    const sessionId = req.cookies['session_id'];
    if (sessionId) {
        next()
    } else {
        res.redirect('/api/login');
    }
}

Settings.JS

    /** The following property can be used to add a custom middleware function
     * in front of all http in nodes. This allows custom authentication to be
     * applied to all http in nodes, or any other sort of common request processing.
     * It can be a single function or an array of middleware functions.
     */
    httpNodeMiddleware: sessionValidation,

    /** When httpAdminRoot is used to move the UI to a different root path, the
     * following property can be used to identify a directory of static content
     * that should be served at http://localhost:1880/.
     * When httpStaticRoot is set differently to httpAdminRoot, there is no need
     * to move httpAdminRoot
     */

Just tested this - and it works

1 Like
5

If I cleared the session manually and did not redirect to the login page, when I use HTTP in endpoints,

However, if I attempted to use the ExpressJS endpoints while working

Is there a way to resolve this problem?
Only HTTP IN nodes should show the BEOLW error
image

image
image295Ă—228 11.4 KB

6

Is this an API you're building or a Web interface?

if an API, I wouldn't use redirects

function sessionValidation(req, res, next) {
    if (req.originalUrl === '/api/login') {
        next()
    } else {
        const sessionId = req.cookies['session_id'];
        if (sessionId) {
            next()
        } else {
             res.json({error:'Access Denied',reason:'NO_TOKEN_PRESENT'})
        }
    }
}

if a web interface

function sessionValidation(req, res, next) {
    if (req.originalUrl === '/api/login') {
        next()
    } else {
        const sessionId = req.cookies['session_id'];
        if (sessionId) {
            next()
        } else {
            res.redirect('/api/login');
        }
    }
}

Without knowing your setup fully - its a little hard to understand what is the right answer.

Also be carful about redirects and HTTP Methods - I think the redirect needs to handle the original method - else you may get 404 for the redirect target, I'm not entirely sure

7

Hi @marcus-j-davies

- I explain clearly

  • I have created several HTTP endpoints using Node-RED.
  • Some of these endpoints require a valid session to load their page.
  • If the session does not exist in the browser, the user should be redirected to the login page. (i created the login page in ExpressJS, this is run under the nodered )
  • How can I achieve this in Node-RED?
  • Is it possible to use httpNodeMiddleware for this functionality?
8

It would likely be simpler to achieve this using a proxy server rather than trying to do it in Node-RED.

You could expand the function already shown to check for the URL and act accordingly, the basics for that are already in the code that Marcus has shared.

Alternatively, you could look at UIBUILDER which has its own middleware and API capabilities and might be easier to work with.

9

I want to validate the session using the httpNodeMiddleware function in settings. js

10

Hi @LoganathanSambath

The examples above do just that - below for reference