add middleware, can be used for auth

[librae8226]

Please check if it's proper to add a middleware for dashboard, especially for auth usage.

It can be used like:

In settings.js,

module.exports = {
  // ...
  ui: { middleware: require("./dashboard-auth") } ,
  // ...
}

Then, we can put a customized dashboard-auth.js in Node-RED user dir, e.g.

var when = require("when");
var request = require("request");

function tokenValidate (username, token) {
  return when.promise(function(resolve) {
    request.post(
      {
        url: "http://cloudred.cc/api/user/validate",
        form: {
          username: username,
          token: token,
        },
      },
      function(err, res, body) {
        console.log(err, body);
        try {
          var result = JSON.parse(body)
          if (result.success) {
            resolve(true);
          } else {
            resolve(false);
          }
        } catch (e) {
          console.log("parse res body:", body, "failed");
          resolve(false);
        }
      }
    )
  });
}

function dashboardAuth(req, res, next) {
  var username = req.query.username;
  var token = req.query.token;

  var url = req.originalUrl;
  if (url[3] === '/' && url[4] !== undefined && url[4] !== '#' && url[4] !== '?') {
    return next();
  }

  tokenValidate(username, token).then(function(result) {
    if (result) {
      return next();
    } else {
      console.log("invalid token to access dashboard");
      return res.status(401).end();
    }
  });
}

module.exports = dashboardAuth;

[ahmedyo]

Hi ,

I understand this code is not yet merged to master .
Were you able to use this change locally for your token validation ?

we use Jenkin for our build , I am planning to use your commit .
I think i have to modify ui.js to reflect your changes after jenkin has done npm installs .

[Quentintin]

👍 Good idea. I will try this commit. If it works, I'll really appreciate the pull request to be accepted.

[tedhuang]

The dashboardMiddleware config should be under the "ui" section in settings. Also it would be nice if the "RED" object was exposed to the middleware function so it can be used inside to act differently based on other nodes and settings.

[dceejay]

Finally got round to adding this... BUT have added it as middleware UNDER the ui property in settings.js - so for example

ui: { path: "myuipath",   middleware: require("./dashboard-auth") },

[johndparkerelse]

Hi there

Is there an example somewhere of how to actually use this functionality to authenticate dashboard users?

Many thanks

Kind regards

John

[dceejay]

only the one at the head of this pull-request

[johndparkerelse]

Thanks Dave for the fast reply!

I'll give this a try and see if I can adapt it to my needs.

Kind regards

John

(the same John that asked about Iconify icons on switch nodes changing state - but this is a different application!)