WebSocket Headers in NodeRED on IBM bluemix

Question

I know that WebSocket api not defined headers.

As per this we can set the basic auth with the URL.

ws = new WebSocket("ws://username:password@example.com/service")

In NodeRED(WebSocket IN node) need to authenticate users that connect only with provided username and password. Please let me know handle this in NodeRED ?

Next alternative is Sec-WebSocket-Protocol header on client. I have tried with that also. But Node-RED unable to view, what ever I have set.

var token = "eyJhbGci";
var options = {
    headers: {
        "Authorization" : token
    }
};
var ws = new WebSocket("wss://example.com/path", options);

Please let me know how to view these client inputs in NodeRED and do proper client authentication ? I only see the following.

{ "payload": "Hi1", "_session": { "type": "websocket", "id": "fddc366c.0223c8" }, "_msgid": "47061971.b8f9e8" }

It's not clear what your asking here. Are you trying to authenticate incoming connections to a WebSocket listener in Node-RED? — hardillb, Jan 19 '17 at 10:07
Yes. I am trying to authenticate incoming connections to WebSocket In node. — Ruchira Kariyawasam, Jan 19 '17 at 12:45

score 1 · Accepted Answer · answered Jan 19 '17 at 12:53

1

At this time I don't think it's possible.

Node-RED doesn't have access to the HTTP Upgrade request that converts the HTTP connection to a WS connection which is where any authentication would have to happen.

It is something that should probably be looked at in more detail to see if there is anything that could be done.

answered Jan 19 '17 at 12:53

hardillb

54,545
11
67
105

This is very bad. So that how to block unauthorized requests, from unauthorized users ? – Ruchira Kariyawasam Jan 20 '17 at 05:50
Currently this is not available and NodeRED development team will add this in future. I have made change request to them in January. – Ruchira Kariyawasam Mar 18 '17 at 15:07

WebSocket Headers in NodeRED on IBM bluemix

1 Answers1