[Feature]: 企业版 docker 预装node-red，并集成身份验证 #7002

steedos · Sep 20, 2024 · 3162f37 · 3162f37
1 parent 49efa4f
commit 3162f37
Show file tree

Hide file tree

Showing 4 changed files with 89 additions and 17 deletions.
diff --git a/deploy/enterprise/app/nodered/package.json b/deploy/enterprise/app/nodered/package.json
@@ -1,17 +1,19 @@
 {
-    "name": "nodered-app",
-    "version": "1.0.0",
-    "private": "true",
-    "license": "MIT",
-    "scripts": {
-      "start": "node-red --settings settings.js"
-    },
-    "dependencies": {
-      "@steedos/node-red-contrib-steedos": "^2.4.1",
-      "ioredis": "^5.3.2",
-      "lodash": "^4.17.21",
-      "node-red": "^3.1.12",
-      "node-red-dashboard": "^3.4.0"
-    }
+  "name": "nodered-app",
+  "version": "1.0.0",
+  "private": "true",
+  "license": "MIT",
+  "scripts": {
+    "start": "node-red --settings settings.js"
+  },
+  "dependencies": {
+    "@steedos/node-red-contrib-steedos": "^2.4.1",
+    "axios": "1.7.7",
+    "ioredis": "^5.3.2",
+    "lodash": "^4.17.21",
+    "node-red": "^3.1.12",
+    "node-red-dashboard": "^3.4.0",
+    "passport": "0.7.0",
+    "passport-custom": "1.1.1"
   }
-  
+}
diff --git a/deploy/enterprise/app/nodered/settings.js b/deploy/enterprise/app/nodered/settings.js
@@ -2,10 +2,15 @@
 const path = require('path');
 const fs = require('fs');
 const lodash = require('lodash');
+const bcrypt = require('bcryptjs');
+const CustomStrategy = require('passport-custom').Strategy;
+const axios = require('axios');
 
 // Node-Red Configuration
 // https://nodered.org/docs/user-guide/runtime/configuration
 
+const steedosRootUrl =  process.env.ROOT_URL || "http://127.0.0.1";
+
 const uiPort = process.env.NODERED_PORT || "1880";
 const storageDir = path.join(process.env.STEEDOS_STORAGE_DIR || "./storage", "data", "nodered");
 
@@ -33,6 +38,64 @@ module.exports = {
         title: "Steedos Flows",
     },
     uiPort,
+    // adminAuth: {
+    //     type: "credentials",
+    //     users: [{
+    //         username: "admin",
+    //         permissions: "*"
+    //     }],
+    //     authenticate: function(username, password) {
+    //         if (username === 'admin') {
+    //             // 将环境变量中的密码与输入的密码进行比较
+    //             if (password === process.env.NODERED_PASSWORD) {
+    //                 return Promise.resolve({username: "admin", permissions: "*"});
+    //             } else {
+    //                 return Promise.resolve(null);
+    //             }
+    //         } else {
+    //             return Promise.resolve(null);
+    //         }
+    //     }
+    // },
     httpStatic: path.join(__dirname, 'public'),
-    httpRoot: "/flows/"
+    httpRoot: "/flows/",
+    adminAuth: {
+        type: "credentials",
+        users: function(username) {
+            // 返回一个 Promise
+            return new Promise(function(resolve) {
+                // 不需要在这里验证密码，因为密码在 authenticate 函数中处理
+                // 返回包含用户名的用户对象，但不包含密码
+                resolve({ username: username, permissions: "*" });
+            });
+        },
+        authenticate: function(username, password) {
+            return new Promise(function(resolve) {
+                // 构建请求体
+                const requestBody = {
+                    "user": { "email": username },
+                    "password-unencrypted": password
+                };
+
+                // 发送 POST 请求到身份验证接口
+                axios.post(`${steedosRootUrl}/accounts/password/login`, requestBody)
+                    .then(response => {
+                        console.log(response)
+                        // 根据接口返回的数据判断验证是否成功
+                        if (response.status === 200) {
+                            // 验证成功，返回包含用户名和权限的用户对象
+                            resolve({ username: username, permissions: "*" });
+                        } else {
+                            // 验证失败
+                            resolve(null);
+                        }
+                    })
+                    .catch(error => {
+                        // 处理错误，拒绝 Promise
+                        console.error('Authentication error:', error);
+                        resolve(null);
+                    });
+            });
+        }
+    },
 };
diff --git a/deploy/enterprise/fs/opt/steedos/entrypoint.sh b/deploy/enterprise/fs/opt/steedos/entrypoint.sh
@@ -27,6 +27,10 @@ init_env_file() {
       tr -dc A-Za-z0-9 </dev/urandom | head -c 13
       echo ""
     )
+    local generated_steedos_nodered_password=$(
+      tr -dc A-Za-z0-9 </dev/urandom | head -c 13
+      echo ""
+    )
     local generated_steedos_encryption_password=$(
       tr -dc A-Za-z0-9 </dev/urandom | head -c 13
       echo ""
@@ -39,7 +43,7 @@ init_env_file() {
       tr -dc A-Za-z0-9 </dev/urandom | head -c 13
       echo ''
     )
-    bash "$TEMPLATES_PATH/docker.env.sh" "$default_steedos_mongodb_user" "$generated_steedos_mongodb_password" "$generated_steedos_encryption_password" "$generated_steedos_encription_salt" "$generated_steedos_supervisor_password" > "$ENV_PATH"
+    bash "$TEMPLATES_PATH/docker.env.sh" "$default_steedos_mongodb_user" "$generated_steedos_mongodb_password" "$generated_steedos_encryption_password" "$generated_steedos_encription_salt" "$generated_steedos_supervisor_password" "$generated_steedos_nodered_password" > "$ENV_PATH"
   fi
 
 

diff --git a/deploy/enterprise/fs/opt/steedos/templates/docker.env.sh b/deploy/enterprise/fs/opt/steedos/templates/docker.env.sh
@@ -6,6 +6,7 @@ MONGO_PASSWORD="$2"
 ENCRYPTION_PASSWORD="$3"
 ENCRYPTION_SALT="$4"
 SUPERVISOR_PASSWORD="$5"
+NODERED_PASSWORD="$5"
 
 cat <<EOF
 
@@ -27,6 +28,8 @@ STEEDOS_ENCRYPTION_SALT=$ENCRYPTION_SALT
 STEEDOS_SUPERVISOR_USER=steedos
 STEEDOS_SUPERVISOR_PASSWORD=$SUPERVISOR_PASSWORD
 
+NODERED_PASSWORD=$NODERED_PASSWORD
+
 UNPKG_BASE_URL=/unpkg
 
 NPM_CACHE_ENABLED=true