Node-RED integration
Node-RED is a programming tool for wiring together hardware devices, APIs and online services in new and interesting ways.
It provides a browser-based editor that makes it easy to wire together flows using the wide range of nodes in the palette that can be deployed to its runtime in a single-click.
This is a short guide on how to set-up Node-RED to act as a module in Nexeed Industrial Application System.
Prerequisites
-
Node.js installed on your machine.
-
npm (Node Package Manager) comes with Node.js.
-
Docker installed on your machine (if using Docker).
-
Module creation permissions in Nexeed Industrial Application System.
Installation
Local
To install Node-RED you can use the npm command that comes with node.js:
npm install -g --unsafe-perm node-red
Docker
Node-RED provides base docker image. The base image can be pulled and configured from dockerhub.
Configure authentication
-
To enable user authentication, uncomment the adminAuth property in your settings.js file.
-
For SSO within Nexeed Web Portal, authentication should be configured with
passport-openidconnectstrategy. -
The verify method should be coded with
ACLfrom the portal to check if the user has proper access to the application.
Node-RED provided two types of permissions. Read and all(*).
Example configuration
adminAuth: {
type:"strategy",
strategy:{
name:"openidconnect",
label: "Sign in with Nexeed IAS",
icon:"fa-twitter",
strategy: require("passport-openidconnect").Strategy,
options:{
clientID: process.env.clientID,
clientSecret: process.env.clientSecret,
authorizationURL: process.env.authorizationURL,
tokenURL: process.env.tokenURL,
userInfoURL: process.env.userInfoURL,
logout_path: process.env.logout_path,
issuer: process.env.issuer,
callbackURL: process.env.callbackURL,
scope: process.env.scope,
verify: function(issuer, profile, sub, jwtClaims, accessToken, refreshToken, params,done){
var introspectURL = process.env.introspectURL;
console.log("AccessToken",accessToken);
const bodyData = {
"token": accessToken,
"client_id": process.env.clientID,
"client_secret": process.env.clientSecret
}
fetch(introspectURL,{method:"post", headers: new Headers({
"Authorization":"Basic Og==","Content-Type":"application/x-www-form-urlencoded"
}),body:new URLSearchParams(bodyData)}).then(response => {
if (!response.ok) {
throw new Error(`HTTP error! Status: ${response.status}`);
}
return response.json();
}).then(data => {
const responseItemList = data['roles']
const targetResourceAdmin = responseItemList.find(item => item.includes("Admin-Demo-Node-Red"));
const targetResourceViewer = responseItemList.find(item => item.includes("View-Demo-Node-Red"));
if (targetResourceAdmin){
customProfile = {username:profile.username,permissions:"*"};
done(null, profile);
}else if(targetResourceViewer){
customProfile = {username:profile.username,permissions:"read"};
done(null, profile);
}else{
done(null, false);
}
}).catch(error => {
console.error('Fetch error:', error);
});
}
}
},
users: function(username) {
return new Promise(function(resolve) {
if (customProfile) {
resolve(customProfile);
} else {
resolve(null);
}
});
},
}The users property is an array of user objects. It is function which solves to give the user the appropriate permissions based on ACL.
Once the node red is configured with openidconnect, it can be used as an standalone application with login via Nexeed Industrial Application System or through Web Portal after registration.
Register with Nexeed
To register with Nexeed Industrial Application System, the application has to be registered with Multi Tenant Access Control and Web Portal.
Multi Tenant Access Control registration
To register your application with Multi Tenant Access Control, please check out the Multi Tenant Access Control guide.
Web Portal registration
To register your application with Web Portal, please check out the Web Portal guide.