From af6e6f90c2247fd7852c9251ce7d54ca6f7bc3b0 Mon Sep 17 00:00:00 2001 From: Nick O'Leary Date: Thu, 17 Jan 2019 23:05:43 +0000 Subject: [PATCH] Created Design: adminAuth User Management (markdown) --- Design:-adminAuth-User-Management.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 Design:-adminAuth-User-Management.md diff --git a/Design:-adminAuth-User-Management.md b/Design:-adminAuth-User-Management.md new file mode 100644 index 0000000..278cb0e --- /dev/null +++ b/Design:-adminAuth-User-Management.md @@ -0,0 +1,18 @@ +**Work in progress - just some very early initial thoughts.** + +We need to make it much easier to secure Node-RED for first-time users. + +Today, a user must hand-edit their settings file to manage the users. + +*We* could provide an `adminAuth` implementation that is trivial to enable, which uses an external file to maintain their user information in. Once it is in a known external file, it could become writable by the runtime - allowing for some level of user-management UX in the editor. + +**This would be a feature than can be turned on/off (default tbd) for the OEM users who don't want this feature.** + +It could also be possible to manage the users from the command-line. There are a couple possible approaches: + +1. What if the `node-red` command did more than just run node-red. With the right set of arguments to could be used as a cli tool to manage users. + + +2. `node-red-admin` already exists as a remote client for the admin api. If we were planning to add elements in the UI, they must come with additional admin api end points - so `node-red-admin` could also be used here. However, no-one installs `node-red-admin`. What if `node-red-admin` was installed as a dependency of `node-red`? + +... more to come ... \ No newline at end of file