frodovdr
/
node-red
mirror of https://github.com/node-red/node-red.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Created Design: adminAuth User Management (markdown)

Nick O'Leary 2019-01-17 23:05:43 +00:00
parent 549663b56c
commit af6e6f90c2
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Design:-adminAuth-User-Management.md Normal file

@ -0,0 +1,18 @@
**Work in progress - just some very early initial thoughts.**
We need to make it much easier to secure Node-RED for first-time users.
Today, a user must hand-edit their settings file to manage the users.
*We* could provide an `adminAuth` implementation that is trivial to enable, which uses an external file to maintain their user information in. Once it is in a known external file, it could become writable by the runtime - allowing for some level of user-management UX in the editor.
**This would be a feature than can be turned on/off (default tbd) for the OEM users who don't want this feature.**
It could also be possible to manage the users from the command-line. There are a couple possible approaches:
1. What if the `node-red` command did more than just run node-red. With the right set of arguments to could be used as a cli tool to manage users.
2. `node-red-admin` already exists as a remote client for the admin api. If we were planning to add elements in the UI, they must come with additional admin api end points - so `node-red-admin` could also be used here. However, no-one installs `node-red-admin`. What if `node-red-admin` was installed as a dependency of `node-red`?
... more to come ...