Hi @Josh.
Note: Plenty of battle hardened users here, who may have crucial advise, but here is mine.
- I want community inputs on if we can use Node red for these purposes?
- I could achieve basic CRUD operations but then any other complex things can be done?
Sky is the limit, as long as you address any hurdles/shortcomings, I can't see why not.
Under normal circumstance, this should not be a problem, but keep in mind JavaScript is single threaded,
- If Yes, What are the best practices involved or should be considered?
I wouldn't put Node RED at the front, I would use something like NGINX, this gives you access to throttling, MUCH MUCH better security, and more to help protect Node RED
- I couldn't create a custom middleware to authenticate.
- Still worried about the security measures associated with it.
Unless you are a security expert - try to use something that is tried and tested, NGINX is used a lot for both the SSL layer and Authentication.
Read this
https://discourse.nodered.org/t/safely-accessing-node-red-over-the-internet/
And enjoy this recent event to re-enforce the need to keep security top priority
https://discourse.nodered.org/t/node-red-compromise-hack
