问题
I've created a NodeRed app using the Starter Boilerplate on Bluemix. One thing I've noticed is that my Flow Editor is available to the public (i.e. Anonymous access can edit my nodes and deploy).
How can I prevent Anonymous access to my Flow Editor on Bluemix?
回答1:
If you go back to the index page for your node-red instance you should see a link under the "Go to your Node-RED flow editor" that says "Learn how to password-protect your instance" (or just scroll down the page)
This will take you to instructions on how to use environment variables to set a username and password for the flow editor
Password protect the flow editor
By default, the editor is open for anyone to access and modify flows. To password-protect the editor:
- In the Bluemix dashboard, select the 'Environment Variables' page for your application
- Add the following user-defined variables:
- NODE_RED_USERNAME - the username to secure the editor with
- NODE_RED_PASSWORD - the password to secure the editor with
- Click Save.
回答2:
If you want the editor to be viewable by everyone, but only changeable by yourself, see below:
Once you have added a user name and password environment variables a login screen will appear every time you go to your node-RED editor for your Bluemix application. If you want the editor to be viewable by everyone, but only changeable by yourself you can modify the bluemix-settings.js file. This will allow everyone to view the application but not save any changes made or deploy the application. You will need to login in the upper right corner of the editor now before you deploy.
The trick to get this to work was to add the following line "default: { permissions: "read" }" along with a leading comma in the bluemix-settings.js where the permissions are being set. This file is accessed by downloading the source code for your Bluemix application in the dashboard. Once changed then you will need to use the cloud foundries command and push back your code changes (cf push ). Any updates you make to your Bluemix application source code will not affect the node-RED editor since they are completely different entities and changed in different places.
Code snippet from bluemix-settings.js:
if (process.env.NODE_RED_USERNAME && process.env.NODE_RED_PASSWORD) {
settings.adminAuth = {
type: "credentials",
users: function(username) {
if (process.env.NODE_RED_USERNAME == username) {
return when.resolve({username:username,permissions:"*"});
} else {
return when.resolve(null);
}
},
authenticate: function(username, password) {
if (process.env.NODE_RED_USERNAME == username &&
process.env.NODE_RED_PASSWORD == password) {
return when.resolve({username:username,permissions:"*"});
} else {
return when.resolve(null);
}
},
default: { permissions: "read" }
}
}
来源:https://stackoverflow.com/questions/31936786/is-there-a-way-to-prohibit-anonymous-access-to-my-nodered-flow-editor-on-bluemix