1.0.0 ā€¢ Published 4 months ago

node-red-contrib-multiauth v1.0.0

Weekly downloads
-
License
MIT
Repository
-
Last release
4 months ago

node-red-contrib-multiauth

šŸš€ Secure multi-user authentication for Node-RED with Basic Auth, password hashing, and route-based access control (ACL).

šŸ“– Features

āœ… Basic Authentication (multiple users)
āœ… Hashed Passwords (bcrypt)
āœ… Access Control (ACL) based on JSON rules
āœ… Wildcard Route Support (e.g., api/myroute/*)
āœ… Optimized for Performance (users loaded once)

šŸ›  Installation

1ļøāƒ£ Install via npm

cd ~/.node-red
npm install node-red-contrib-multiauth

2ļøāƒ£ Add Middleware to Node-RED

Edit your settings.js file:

const { basicAuthMiddleware, loadUsers } = require("node-red-contrib-multiauth");

// load users once at startup
loadUsers("./users.json");

module.exports = {
    // ....
    // register auth middleware
    httpMiddleware: basicAuthMiddleware
    // ...
};

āš™ļø Add User

Create a users.json file:

{
  "myuser1": {
    "password": "$2b$10$hashedpassword...",
    "acl": ["*"]
  },
  "myuser 2": {
    "password": "$2b$10$hashedpassword...",
    "acl": ["/api/data/*"]
  }
}

šŸ”‘ Passwords are stored as bcrypt hashes

node -e "console.log(require('bcrypt').hashSync(process.argv[1], 10));" your-password-here

šŸ”¬ Testing

Run Jest tests:

npm test

šŸ›” Security

  • āœ… Prevents Timing Attacks (bcrypt.compare())
  • āœ… Protects Against Injection (safe object access)

šŸ“œ License

MIT License - Free to use and modify.

node-redauthenticationauthorizationmiddlewareexpressaclmultiuser
bcrypt
1.0.0

4 months ago