Node-RED - Flow-based programming for the Internet of Things
-
@hendrikvl This is awesome! Thanks for working on this.
The app package uses the Cloudron sendmail and mongodb addons. Mails can be sent using node-red-contrib-sendmail and the database can be accessed using node-red-contrib-mongodb4. Both modules come preinstalled and are preconfigured using the environment variables that Cloudron exports.
Nice, as expected of any cloudron app email and db are auto-configured.
Implementing LDAP, as @staypath has done, also has its benefits though. I'm currently a bit indecisive which approach is preferable.
Does node-red have a real concept of users and roles ? Meaning, can individual users create and manage separate flows? When LDAP is implemented, who provides the login page? Is this part of some plugin?
-
@girish said in Node-RED - Flow-based programming for the Internet of Things:
The app package uses the Cloudron sendmail and mongodb addons. Mails can be sent using node-red-contrib-sendmail and the database can be accessed using node-red-contrib-mongodb4. Both modules come preinstalled and are preconfigured using the environment variables that Cloudron exports.
Nice, as expected of any cloudron app email and db are auto-configured.
Both are not required to run Node-RED though. They are optional modules that can be used within flows that one wants to implement, but have no functionality for the core itself. Still, I thought that its useful to be able to access the functionality that Cloudron as a platform provides.Implementing LDAP, as @staypath has done, also has its benefits though. I'm currently a bit indecisive which approach is preferable.
Does node-red have a real concept of users and roles ? Meaning, can individual users create and manage separate flows?
I'm relatively new to Node-RED myself and can't tell with certainty. As far as I understand the documentation, one can differentiate between users and assign specific permissions for different methods of the API (create a flow, enable a module, etc.), but cannot differentiate between flows. Flows seem to be shared between users in any case. So it's not a real multi-user application, where each user can create their own flows. This post proposes to run multiple node-red instances if users shall be able to create independent flows.When LDAP is implemented, who provides the login page? Is this part of some plugin?
The login page seems to be the default one provided by Node-RED. It is only the authentication-scheme which is plugged in through an extra module.The LDAP-module does not seem to support different permissions though. Each user with valid credentials gets full permissions (see this line).
-
Been a while since I built the Docker version of Node-RED for Cloudron, but it worked with Cloudron LDAP auth when I built it. My method had a single admin user that can access all Node-RED flows, so there's no concept of permissions. That works fine for me, but might not for others. I'd be willing to revisit and update my method to the latest Node-RED version to make sure everything still functions within Cloudron from a backup/restore perspective and with LDAP auth. I know @hendrikvl recommended using the npm approach vs. Docker approach, so it really depends on your needs.
-
Actually, looking at @hendrikvl version here: https://git.vereint-digital.de/hendrik/node-red-app. This approach seems simpler for sure. @hendrikvl is there any core Node-RED functionality missing using your method?
-
@staypath Yes, I tried to keep things simple with my approach. I am not aware of any Node-RED core functionality that is not working. By using the Cloudron proxy as auth in front of Node-RED, it is single user only though and would be tricky to combine it with auth-mechanisms within Node-RED. This is probably the biggest downside to my approach.
Another thing, that I would do differently is the approach to send out e-mails. I wanted to make use of the per-app smtp settings that Cloudron provides and pre-provision that transparently into Node-RED. That lead to quite some "glue" in between that seemed somewhat disproportionate in the end.
I should update my repository to a newer Node-RED version by the way and will probably remove the e-mail part at that point.