From c70c00043bf033960989859cd61db0475d399ea6 Mon Sep 17 00:00:00 2001
From: Nick O'Leary <nick.oleary@gmail.com>
Date: Fri, 11 Dec 2015 13:42:44 +0000
Subject: [PATCH] Attached admin route before node route security

---
 red.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/red.js b/red.js
index 5d4e83c33..306a94750 100755
--- a/red.js
+++ b/red.js
@@ -195,12 +195,12 @@ if (settings.httpAdminRoot !== false && settings.httpAdminAuth) {
     app.use(settings.httpAdminRoot, basicAuthMiddleware(settings.httpAdminAuth.user,settings.httpAdminAuth.pass));
 }
 
-if (settings.httpNodeRoot !== false && settings.httpNodeAuth) {
-    app.use(settings.httpNodeRoot,basicAuthMiddleware(settings.httpNodeAuth.user,settings.httpNodeAuth.pass));
-}
 if (settings.httpAdminRoot !== false) {
     app.use(settings.httpAdminRoot,RED.httpAdmin);
 }
+if (settings.httpNodeRoot !== false && settings.httpNodeAuth) {
+    app.use(settings.httpNodeRoot,basicAuthMiddleware(settings.httpNodeAuth.user,settings.httpNodeAuth.pass));
+}
 if (settings.httpNodeRoot !== false) {
     app.use(settings.httpNodeRoot,RED.httpNode);
 }