TODO
At the end this workshop, you should be able to create a simple api with node-red Simple means you will be able to create a register/login, create task(s) attribute to one user.
- Clone this repository & move into the directory
- start docker
docker-compose up(it will run node-red & mongodb)
source: https://nodered.org/docs/getting-started/local
Security (source : https://nodered.org/docs/user-guide/runtime/securing-node-red)
By default, the Node-RED editor is not secured - anyone who can access its IP address can access the editor and deploy changes.
Let's securise it !
You will need to edit the settings.js in the .node-red folder...
If you want to go in this folder, you will need to run the cmd in the docker container:
-
get the container id with :
docker ps
-
run the bash of the container :
docker exec -it <container id> /bin/bash -
Welcome in the bash of the contrainer
-
generate a password and copy the result :
npx node-red-admin hash-pw(Don't forget to kill it ! You will get something like this : "$2a$08$71Vr0fW17O1Jl1BzfA7NGOYO6dSSANyZBwLxdr0QFd..0O3ihpzoS") -
Edit the
settings.jsfile :vi /data/settings.js -
Welcome in hell... (vim), go near the line 123, you will find a
adminAuthobject, just uncomment with theXkey (or pressIto get theinsert mode) (uncomment line 123 -> 130) -
With the insert mode change the password by the password you generated earlier
-
quit & save vi (
ESC + :wqorESC + maj + ZZ) -
if you want to leave the docker container bash :
ctrl + D -
turn off docker (
ctrl + C), restart docker (docker-compose up)
-
install MongoDB Compass (https://www.mongodb.com/download-center/compass)
-
connect to the local database (user: dev & password: dev)
Node-red is setup and "securised" !
You can go on this page : http://127.0.0.1:1880/
-
First drag-&-drop from the palette
injectanddebuginto the workspace -
Wire
injecttodebug -
Double click on
injectand change his value (modifytimestamptostringfor example) -
Click on
deploy(on the top right corner) & click on the button on the left ofinject. You will see in thedebug tab(on the top right corner) the value ofinject
inject node to "inject" information/variable in the flow
If you look at the debug button (named : msg.payload), you can see it return the content of msg.paylaod.
Node red use the playload object to pass variable between nodes.
The switch node is like a "if", if the condition in the node isn't good, it won't let it pass.
The change node is like a = in js, it change a value.
The template node just "format" a response and return a string.
In this example:
- first I put a
injectto inject a value in the flow (value : 5) - then I check with a
switchif the value is<= 5or< 5 - after the
switchI use asetnode to modify the payload to "failed" or "sucess" (it depend of the switch) - finaly I format the string with a
templatenode - (last node is a console.log)
Basically, node-red already have everything you need to connect the client & the server.
In the network block of the palette, you will find http in, http response, http request and more other network things...
But there is no node aboud database. The next step will help to install "new" node to manage your database (mongodb in this case)
-
first you will need to install mongodb2 (2 because the first version isn't really complete) in node-red
-
click on the menu icon in the top right of the window and click in
settings
-
in the
user settingspopup, click onPaletteand on theinstalltab
-
search for
mongodb2(node-red-contrib-mongodb2) and install it -
you'll need to install
node-red-contrib-objectid, it will help you to search by the id of the object in the database/collection -
after the installation you should find a
mongodb2 inin your nodes (in the storage bock) and anobjectidnode (in the function bock)
-
drag&drop a
http innode and edit his proteries
-
drag&drop a
http response -
place a
templatenode between them and edit it to return "hello world"
You should have something like this:
- try in your natigator : http://127.0.0.1:1880/hello, you should see
Hello world
-
drag&drop a
mongodb2 infrom the palette to the workspace -
edit it
- edit the server to get this (user :dev, password dev)
- edit the server to get this (user :dev, password dev)
-
First step: we will insert a todo in the database in the collection
todoso in the collection field of mongodb2 just writetodoand change to operation to getinsertOne
-
now you can add a
http innode and configure it aspostand for the/newUser("verification" just mean, if you want to do a real api, you should put some condictions there)
if you want to check the result you can test your route with postman. If you don't know how to use postman just click here ! -
now let's login, use the same parten as
newUserbut withfindOneand notinsertOne
How do fineOneandinsertOnework ?
It's very simple: when you callinsertOneit will put in the database all thepayloadobject ! So if you put the "email" and the "password" in body of your http request, it will put the "email" and the "password" in the database. (It only work with mongodb).
What aboutfindOne?
findOnewill check every document of you collection and check if all properties of thepayload(and his value) is in a document of the collection.If
findOnedoesn't have a match, it will just returnnull -
Try it with postman ! Normaly the return of
registershould be like this:
{
"n": 1,
"ok": 1
}
- and the result of
loginshould be like this:
{
"_id": "5dd5a491c1d8080010bd0992",
"email": "plow",
"pw": "plow"
}
Now keep this _id, it will be usefull in your next request with postman, we will use it as "login token".
Good job you just finished the login part !
If you have any question about this part, just ask them :)
Ok, insert something is easy... Now, you know how to do it ! But we will make it bit more complicated. if you don't specify anything, every user will see every task of every one... And we don't want it...
Earlier, I told you to save the _id of the user when you did the login request with postman. It's time to use it now.
In postman just place this _id in a new headers called Authorization like this:
- To create a task and assign it to a user, you will need a
http innode,http responsenode,mongodb2 innode (withinsertOne) and... afunctionnode !
In fact, you will need to write few code lines...
But what will we do ? And what will we write ?
We need to find the id in the headers (msg.req.headers.authorization) and put it in theidUserproperty in themsg.payload
Test in postman without forget to write the authorizationin theheaderstab
Find all task from a user is like the previous one but with a find.toArray and not insertOne
In mongodb, the _id isn't a string so we have to transforme it into a ObjectId to do this, you installed objectid node. It convert the msg.payload._id (string) to msg.payload._id (object) !
Don't worry, I will help you !
Like the 2 previous one, you will need to use a http in but you need to put :id at the end. It means this route have a "paramater" (like a variable)
Now we need to put the id and the userid in the msg.payload object to do a query.
Now we need to convert the _id (string) to _id (objectid) with the objectid node (in the function block)
Good job ! You did it !
You did 80% of a CRUD API, the 20 others percents are the delete/modify routes and few verification for the security or things like "You can't have 2 sames email in the database"...
