Skip to content

alexandrainst/node-red-http-basic-auth

Repository files navigation

@alexandrainst/node-red-http-basic-auth

Node-RED node for HTTP Basic Auth.

This Node-RED module performs HTTP Basic authentication. It is to be used in conjunction with an HTTP Input node.

In other words, it allows putting a password on a Node-RED HTTP listener node.

Note that this standard protocol sends passwords in plain-text by design, so HTTPS is required to ensure the security of the transmission.

Supports bcrypt to store passwords on disc (such as in the Apache htpasswd format). Note that this node will cache the bcrypt checks in memory (until the flow is redeployed / restarted) to improve performance (bcrypt is slow by design, to protect passwords on disc).

Example

Example of flow, with username test and password test: flow.json

flow.png

Can be tested with e.g.:

curl 'https://test:[email protected]/basic-auth-demo'

Config

There are three types of configuration:

  1. Simple: each node has its own credentials. (one credential)
  2. Multiple credentials: credentials shared with multiple nodes. (multiple credentials)
  3. File with multiple credentials: the user credentials are stored in a file. (multiple credentials)

Definitions

  • Realm

    • Authorization realm for which the credentials will be valid
    • Example: node-red
  • Username

    • The username
    • Example: alice
  • Password

    • The password may be in plain-text or hashed (only bcrypt is supported)
    • Example in plain-text: test
    • Example in bcrypt: $2y$10$5TSZDldoJ7MxDZdtK/SG2O3cwORqLDhHabYlKX9OsM.W/Z/oLwKW6
  • File

    • Location of the file containing the credentials relative to the presently working directory
    • Example: /data/.htpasswd
    • The format for each line is username:password

Example of file: (see also Apache htpasswd)

user1:test
user2:$2y$10$5TSZDldoJ7MxDZdtK/SG2O3cwORqLDhHabYlKX9OsM.W/Z/oLwKW6

Outputs

The first node output is used when the authentication succeeded, and it contains the username:

"msg": {
	"realm": "node-red",
	"username": "alice",
	"req": "...",
	"res": "...",
	"...": "..."
}

The second node output is used when the authentication failed, and it contains error information:

"msg": {
	"realm": "node-red",
	"username": "",
	"authError": "Unknown user 'test'",
	"req": "...",
	"res": "...",
	"...": "..."
}

Both outputs contain the req object, which can be inspected for detailed information about HTTP request headers, IP address, URL, etc.

Hints

Here are examples to create hashed passwords:

In Linux Debian / Ubuntu command line

sudo apt install apache2-utils
htpasswd -nbB -C 10 '' 'my-password' | cut -d: -f2

With Node.js

npm install bcryptjs
node -e "console.log(require('bcryptjs').hashSync('my-password', 10));"

Credits

Forked from endemecio02/node-red-contrib-httpauth (abandoned) by Alexandre Alapetite for the Alexandra Institute, October 2023.