Apply httpAdminCookieOptions to session cookie

Allow session cookie options to be customised
Closes #4717
2025-03-01 10:36:34 +00:00 · 2024-05-23 17:01:48 +01:00 · 2024-05-23 16:56:43 +01:00 · 2024-05-21 17:14:48 +01:00 · 2024-05-17 17:36:41 +01:00 · 2024-05-17 17:16:01 +01:00
13 changed files with 90 additions and 31 deletions
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
    "name": "node-red",
-    "version": "4.0.0-beta.3",
+    "version": "4.0.0-beta.3-1",
    "description": "Low-code programming for event-driven applications",
    "homepage": "https://nodered.org",
    "license": "Apache-2.0",
--- a/packages/node_modules/@node-red/editor-api/lib/auth/index.js
+++ b/packages/node_modules/@node-red/editor-api/lib/auth/index.js
@@ -160,20 +160,30 @@ function completeVerify(profile,done) {


 function genericStrategy(adminApp,strategy) {
-    var crypto = require("crypto")
-    var session = require('express-session')
-    var MemoryStore = require('memorystore')(session)
+    const crypto = require("crypto")
+    const session = require('express-session')
+    const MemoryStore = require('memorystore')(session)

-    adminApp.use(session({
-      // As the session is only used across the life-span of an auth
-      // hand-shake, we can use a instance specific random string
-      secret: crypto.randomBytes(20).toString('hex'),
-      resave: false,
-      saveUninitialized: false,
-      store: new MemoryStore({
-        checkPeriod: 86400000 // prune expired entries every 24h
-      })
-    }));
+    const sessionOptions = {
+        // As the session is only used across the life-span of an auth
+        // hand-shake, we can use a instance specific random string
+        secret: crypto.randomBytes(20).toString('hex'),
+        resave: false,
+        saveUninitialized: false,
+        store: new MemoryStore({
+          checkPeriod: 86400000 // prune expired entries every 24h
+        })
+    }
+    if (settings.httpAdminCookieOptions) {
+        sessionOptions.cookie = {
+            path: '/',
+            httpOnly: true,
+            secure: false,
+            maxAge: null,
+            ...settings.httpAdminCookieOptions
+        }
+    }
+    adminApp.use(session(sessionOptions));
    //TODO: all passport references ought to be in ./auth
    adminApp.use(passport.initialize());
    adminApp.use(passport.session());
--- a/packages/node_modules/@node-red/editor-api/package.json
+++ b/packages/node_modules/@node-red/editor-api/package.json
@@ -1,6 +1,6 @@
 {
    "name": "@node-red/editor-api",
-    "version": "4.0.0-beta.3",
+    "version": "4.0.0-beta.3-1",
    "license": "Apache-2.0",
    "main": "./lib/index.js",
    "repository": {
@@ -16,8 +16,8 @@
        }
    ],
    "dependencies": {
-        "@node-red/util": "4.0.0-beta.3",
-        "@node-red/editor-client": "4.0.0-beta.3",
+        "@node-red/util": "4.0.0-beta.3-1",
+        "@node-red/editor-client": "4.0.0-beta.3-1",
        "bcryptjs": "2.4.3",
        "body-parser": "1.20.2",
        "clone": "2.1.2",
--- a/packages/node_modules/@node-red/editor-client/package.json
+++ b/packages/node_modules/@node-red/editor-client/package.json
@@ -1,6 +1,6 @@
 {
    "name": "@node-red/editor-client",
-    "version": "4.0.0-beta.3",
+    "version": "4.0.0-beta.3-1",
    "license": "Apache-2.0",
    "repository": {
        "type": "git",
--- a/packages/node_modules/@node-red/editor-client/src/js/ui/deploy.js
+++ b/packages/node_modules/@node-red/editor-client/src/js/ui/deploy.js
@@ -63,7 +63,7 @@ RED.deploy = (function() {
                 '<img src="red/images/spin.svg"/>'+
                '</span>'+
              '</a>'+
-              '<a id="red-ui-header-button-deploy-options" class="red-ui-deploy-button" href="#"><i class="fa fa-caret-down"></i></a>'+
+              '<a id="red-ui-header-button-deploy-options" class="red-ui-deploy-button" href="#"><i class="fa fa-caret-down"></i><i class="fa fa-lock"></i></a>'+
              '</span></li>').prependTo(".red-ui-header-toolbar");
            const mainMenuItems = [
                    {id:"deploymenu-item-full",toggle:"deploy-type",icon:"red/images/deploy-full.svg",label:RED._("deploy.full"),sublabel:RED._("deploy.fullDesc"),selected: true, onselect:function(s) { if(s){changeDeploymentType("full")}}},
@@ -124,6 +124,9 @@ RED.deploy = (function() {
        })

        RED.events.on('workspace:dirty',function(state) {
+            if (RED.settings.user?.permissions === 'read') {
+                return
+            }
            if (state.dirty) {
                // window.onbeforeunload = function() {
                //     return 
@@ -169,6 +172,22 @@ RED.deploy = (function() {
                activeBackgroundDeployNotification.update(message, options)
            }
        });
+
+
+        updateLockedState()
+        RED.events.on('login', updateLockedState)
+    }
+
+    function updateLockedState() {
+        if (RED.settings.user?.permissions === 'read') {
+            $(".red-ui-deploy-button-group").addClass("readOnly");
+            $("#red-ui-header-button-deploy").addClass("disabled");
+        } else {
+            $(".red-ui-deploy-button-group").removeClass("readOnly");
+            if (RED.nodes.dirty()) {
+                $("#red-ui-header-button-deploy").removeClass("disabled");
+            }
+        }
    }

    function getNodeInfo(node) {
--- a/packages/node_modules/@node-red/editor-client/src/sass/header.scss
+++ b/packages/node_modules/@node-red/editor-client/src/sass/header.scss
@@ -186,6 +186,20 @@
        }
    }

+    .red-ui-deploy-button-group.readOnly {
+        .fa-caret-down { display: none; }
+        .fa-lock { display: inline-block; }
+    }
+    .red-ui-deploy-button-group:not(.readOnly) {
+        .fa-caret-down { display: inline-block; }
+        .fa-lock { display: none; }
+    }
+    .red-ui-deploy-button-group.readOnly {
+        a {
+            pointer-events: none;
+        }
+    }
+
    li.open .button {
        background: var(--red-ui-header-button-background-active);
        border-color: var(--red-ui-header-button-background-active);
--- a/packages/node_modules/@node-red/nodes/package.json
+++ b/packages/node_modules/@node-red/nodes/package.json
@@ -1,6 +1,6 @@
 {
    "name": "@node-red/nodes",
-    "version": "4.0.0-beta.3",
+    "version": "4.0.0-beta.3-1",
    "license": "Apache-2.0",
    "repository": {
        "type": "git",
--- a/packages/node_modules/@node-red/registry/package.json
+++ b/packages/node_modules/@node-red/registry/package.json
@@ -1,6 +1,6 @@
 {
    "name": "@node-red/registry",
-    "version": "4.0.0-beta.3",
+    "version": "4.0.0-beta.3-1",
    "license": "Apache-2.0",
    "main": "./lib/index.js",
    "repository": {
@@ -16,7 +16,7 @@
        }
    ],
    "dependencies": {
-        "@node-red/util": "4.0.0-beta.3",
+        "@node-red/util": "4.0.0-beta.3-1",
        "clone": "2.1.2",
        "fs-extra": "11.1.1",
        "semver": "7.5.4",
--- a/packages/node_modules/@node-red/runtime/package.json
+++ b/packages/node_modules/@node-red/runtime/package.json
@@ -1,6 +1,6 @@
 {
    "name": "@node-red/runtime",
-    "version": "4.0.0-beta.3",
+    "version": "4.0.0-beta.3-1",
    "license": "Apache-2.0",
    "main": "./lib/index.js",
    "repository": {
@@ -16,8 +16,8 @@
        }
    ],
    "dependencies": {
-        "@node-red/registry": "4.0.0-beta.3",
-        "@node-red/util": "4.0.0-beta.3",
+        "@node-red/registry": "4.0.0-beta.3-1",
+        "@node-red/util": "4.0.0-beta.3-1",
        "async-mutex": "0.4.0",
        "clone": "2.1.2",
        "express": "4.19.2",
--- a/packages/node_modules/@node-red/util/package.json
+++ b/packages/node_modules/@node-red/util/package.json
@@ -1,6 +1,6 @@
 {
    "name": "@node-red/util",
-    "version": "4.0.0-beta.3",
+    "version": "4.0.0-beta.3-1",
    "license": "Apache-2.0",
    "repository": {
        "type": "git",
--- a/packages/node_modules/node-red/package.json
+++ b/packages/node_modules/node-red/package.json
@@ -1,6 +1,6 @@
 {
    "name": "node-red",
-    "version": "4.0.0-beta.3",
+    "version": "4.0.0-beta.3-1",
    "description": "Low-code programming for event-driven applications",
    "homepage": "https://nodered.org",
    "license": "Apache-2.0",
@@ -31,10 +31,10 @@
        "flow"
    ],
    "dependencies": {
-        "@node-red/editor-api": "4.0.0-beta.3",
-        "@node-red/runtime": "4.0.0-beta.3",
-        "@node-red/util": "4.0.0-beta.3",
-        "@node-red/nodes": "4.0.0-beta.3",
+        "@node-red/editor-api": "4.0.0-beta.3-1",
+        "@node-red/runtime": "4.0.0-beta.3-1",
+        "@node-red/util": "4.0.0-beta.3-1",
+        "@node-red/nodes": "4.0.0-beta.3-1",
        "basic-auth": "2.0.1",
        "bcryptjs": "2.4.3",
        "express": "4.19.2",
--- a/packages/node_modules/node-red/red.js
+++ b/packages/node_modules/node-red/red.js
@@ -42,6 +42,7 @@ try { bcrypt = require('bcrypt'); }
 catch(e) { bcrypt = require('bcryptjs'); }
 var nopt = require("nopt");
 var path = require("path");
+const os = require("os")
 var fs = require("fs-extra");
 var RED = require("./lib/red.js");

@@ -59,6 +60,7 @@ var knownOpts = {
    "userDir": [path],
    "verbose": Boolean,
    "safe": Boolean,
+    "version": Boolean,
    "define": [String, Array]
 };
 var shortHands = {
@@ -92,6 +94,7 @@ if (parsedArgs.help) {
    console.log("  -v, --verbose        enable verbose output");
    console.log("      --safe           enable safe mode");
    console.log("  -D, --define   X=Y   overwrite value in settings file");
+    console.log("      --version        show version information");
    console.log("  -?, --help           show this help");
    console.log("  admin <command>      run an admin command");
    console.log("");
@@ -99,6 +102,13 @@ if (parsedArgs.help) {
    process.exit();
 }

+if (parsedArgs.version) {
+    console.log("Node-RED v"+RED.version())
+    console.log("Node.js "+process.version)
+    console.log(os.type()+" "+os.release()+" "+os.arch()+" "+os.endianness())
+    process.exit()
+}
+
 if (parsedArgs.argv.remain.length > 0) {
    flowFile = parsedArgs.argv.remain[0];
 }
--- a/packages/node_modules/node-red/settings.js
+++ b/packages/node_modules/node-red/settings.js
@@ -133,6 +133,7 @@ module.exports = {
 *  - httpServerOptions
 *  - httpAdminRoot
 *  - httpAdminMiddleware
+ *  - httpAdminCookieOptions
 *  - httpNodeRoot
 *  - httpNodeCors
 *  - httpNodeMiddleware
@@ -178,6 +179,11 @@ module.exports = {
    //    next();
    // },

+    /** The following property can be used to set addition options on the session
+     * cookie used as part of adminAuth authentication system
+     * Available options are documented here: https://www.npmjs.com/package/express-session#cookie
+     */
+    // httpAdminCookieOptions: { },

    /** Some nodes, such as HTTP In, can be used to listen for incoming http requests.
     * By default, these are served relative to '/'. The following property
Author	SHA1	Message	Date
Nick O'Leary	805ed593fb	Apply httpAdminCookieOptions to session cookie	2024-05-23 17:01:48 +01:00
Nick O'Leary	c604ac2207	Allow session cookie options to be customised Closes #4717	2024-05-23 16:56:43 +01:00
Nick O'Leary	3fd2d07c75	Merge pull request #4706 from node-red/4648-readonly-feedback Show lock on deploy if user is read-only	2024-05-21 17:14:48 +01:00
Stephen McLaughlin	b76d692a65	Merge pull request #4707 from node-red/4569-cli-version Add --version cli args	2024-05-17 17:36:41 +01:00
Nick O'Leary	6600910163	Add os details to --version output	2024-05-17 17:16:01 +01:00
Nick O'Leary	a6973bd7ed	Add node.js version to --version output	2024-05-17 17:13:50 +01:00
Nick O'Leary	d58127730f	Add --version cli arg	2024-05-17 17:10:37 +01:00
Nick O'Leary	5494c167fc	Show lock on deploy if user is read-only	2024-05-17 17:04:08 +01:00
Nick O'Leary	c5ae0be7b1	Merge pull request #4705 from node-red/rel4b31 Bump for beta 4-beta3-1	2024-05-16 10:39:08 +01:00
Nick O'Leary	b653914ee0	Bump for beta3-1 repackage	2024-05-16 10:37:16 +01:00