diff --git a/lib/commands/init/index.js b/lib/commands/init/index.js index 0b23aa0..193cdbe 100644 --- a/lib/commands/init/index.js +++ b/lib/commands/init/index.js @@ -105,10 +105,10 @@ async function promptUser() { { type: 'password', name: 'password', - message: "Password", + message: "Password (>15 characters)", validate(val) { - if (val.length < 8) { - return "Password too short. Must be at least 8 characters" + if (val.length < 16) { + return "Password too short. Must be at least 16 characters" } return true } @@ -135,7 +135,7 @@ async function promptSecurity() { type: 'select', name: 'adminAuth', initial: "Yes", - message: 'Do you want to setup user security?', + message: 'Do you want to setup user security?\n DO NOT select No if you will expose Node-RED to the internet - or you will be hacked!\n If you select No we will restrict browser access to only the machine Node-RED is running on.\n This can be changed by editing the uiHost entry in settings.js', choices: ['Yes', 'No'], result(value) { return value === "Yes" @@ -160,6 +160,11 @@ async function promptSecurity() { break; } } + responses.uiHost = '//uiHost: "0.0.0.0",' + } + else { + responses.uiHost = 'uiHost: "127.0.0.1",' + console.log("\nuiHost set to 127.0.0.1 to restrict access to local machine ONLY."); } return responses; } @@ -287,6 +292,7 @@ async function command(argv, result) { }; config.adminAuth = JSON.stringify(adminAuth,"",4).replace(/\n/g,"\n "); } + config.uiHost = securityResponses.uiHost; const projectsResponses = await promptProjects(); let flowFileSettings = {}; diff --git a/lib/commands/init/resources/settings.js.mustache b/lib/commands/init/resources/settings.js.mustache index 5d3103f..70ccc44 100644 --- a/lib/commands/init/resources/settings.js.mustache +++ b/lib/commands/init/resources/settings.js.mustache @@ -71,7 +71,7 @@ module.exports = { ******************************************************************************/ /** To password protect the Node-RED editor and admin API, the following - * property can be used. See http://nodered.org/docs/security.html for details. + * property can be used. See https://nodered.org/docs/security.html for details. */ {{^adminAuth}} //adminAuth: { @@ -123,7 +123,7 @@ module.exports = { * including node-red-dashboard, or the static content (httpStatic), the * following properties can be used. * The `pass` field is a bcrypt hash of the password. - * See http://nodered.org/docs/security.html#generating-the-password-hash + * See https://nodered.org/docs/security.html#generating-the-password-hash */ //httpNodeAuth: {user:"user",pass:"$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN."}, //httpStaticAuth: {user:"user",pass:"$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN."}, @@ -140,7 +140,7 @@ module.exports = { * - httpNodeCors * - httpNodeMiddleware * - httpStatic - * - httpStaticRoot + * - httpStaticRoot ******************************************************************************/ /** the tcp port that the Node-RED web server is listening on */ @@ -151,7 +151,7 @@ module.exports = { * The following property can be used to listen on a specific interface. For * example, the following would only allow connections from the local machine. */ - //uiHost: "127.0.0.1", + {{uiHost}}, /** The maximum size of HTTP request that will be accepted by the runtime api. * Default: 5mb @@ -184,7 +184,7 @@ module.exports = { /** Some nodes, such as HTTP In, can be used to listen for incoming http requests. * By default, these are served relative to '/'. The following property - * can be used to specifiy a different root path. If set to false, this is + * can be used to specify a different root path. If set to false, this is * disabled. */ //httpNodeRoot: '/red-nodes', @@ -222,17 +222,22 @@ module.exports = { /** When httpAdminRoot is used to move the UI to a different root path, the * following property can be used to identify a directory of static content * that should be served at http://localhost:1880/. - * When httpStaticRoot is set differently to httpAdminRoot, there is no need + * When httpStaticRoot is set differently to httpAdminRoot, there is no need * to move httpAdminRoot */ //httpStatic: '/home/nol/node-red-static/', //single static source - /* OR multiple static sources can be created using an array of objects... */ + /** + * OR multiple static sources can be created using an array of objects... + * Each object can also contain an options object for further configuration. + * See https://expressjs.com/en/api.html#express.static for available options. + */ //httpStatic: [ - // {path: '/home/nol/pics/', root: "/img/"}, - // {path: '/home/nol/reports/', root: "/doc/"}, + // {path: '/home/nol/pics/', root: "/img/"}, + // {path: '/home/nol/reports/', root: "/doc/"}, + // {path: '/home/nol/videos/', root: "/vid/", options: {maxAge: '1d'}} //], - /** + /** * All static routes will be appended to httpStaticRoot * e.g. if httpStatic = "/home/nol/docs" and httpStaticRoot = "/static/" * then "/home/nol/docs" will be served at "/static/" @@ -245,83 +250,113 @@ module.exports = { /******************************************************************************* * Runtime Settings * - lang + * - runtimeState + * - diagnostics * - logging * - contextStorage * - exportGlobalContextKeys * - externalModules ******************************************************************************/ - /** Uncomment the following to run node-red in your preferred language. - * Available languages include: en-US (default), ja, de, zh-CN, zh-TW, ru, ko - * Some languages are more complete than others. - */ - // lang: "de", - - /** Configure the logging output */ - logging: { - /** Only console logging is currently supported */ - console: { - /** Level of logging to be recorded. Options are: - * fatal - only those errors which make the application unusable should be recorded - * error - record errors which are deemed fatal for a particular request + fatal errors - * warn - record problems which are non fatal + errors + fatal errors - * info - record information about the general running of the application + warn + error + fatal errors - * debug - record information which is more verbose than info + info + warn + error + fatal errors - * trace - record very detailed logging + debug + info + warn + error + fatal errors - * off - turn off all logging (doesn't affect metrics or audit) - */ - level: "info", - /** Whether or not to include metric events in the log output */ - metrics: false, - /** Whether or not to include audit events in the log output */ - audit: false - } - }, - - /** Context Storage - * The following property can be used to enable context storage. The configuration - * provided here will enable file-based context that flushes to disk every 30 seconds. - * Refer to the documentation for further options: https://nodered.org/docs/api/context/ - */ - //contextStorage: { - // default: { - // module:"localfilesystem" - // }, - //}, - - /** `global.keys()` returns a list of all properties set in global context. - * This allows them to be displayed in the Context Sidebar within the editor. - * In some circumstances it is not desirable to expose them to the editor. The - * following property can be used to hide any property set in `functionGlobalContext` - * from being list by `global.keys()`. - * By default, the property is set to false to avoid accidental exposure of - * their values. Setting this to true will cause the keys to be listed. - */ - exportGlobalContextKeys: false, - - /** Configure how the runtime will handle external npm modules. - * This covers: - * - whether the editor will allow new node modules to be installed - * - whether nodes, such as the Function node are allowed to have their - * own dynamically configured dependencies. - * The allow/denyList options can be used to limit what modules the runtime - * will install/load. It can use '*' as a wildcard that matches anything. - */ - externalModules: { - // autoInstall: false, /** Whether the runtime will attempt to automatically install missing modules */ - // autoInstallRetry: 30, /** Interval, in seconds, between reinstall attempts */ - // palette: { /** Configuration for the Palette Manager */ - // allowInstall: true, /** Enable the Palette Manager in the editor */ - // allowUpload: true, /** Allow module tgz files to be uploaded and installed */ - // allowList: [], - // denyList: [] - // }, - // modules: { /** Configuration for node-specified modules */ - // allowInstall: true, - // allowList: [], - // denyList: [] - // } - }, + /** Uncomment the following to run node-red in your preferred language. + * Available languages include: en-US (default), ja, de, zh-CN, zh-TW, ru, ko + * Some languages are more complete than others. + */ + // lang: "de", + + /** Configure diagnostics options + * - enabled: When `enabled` is `true` (or unset), diagnostics data will + * be available at http://localhost:1880/diagnostics + * - ui: When `ui` is `true` (or unset), the action `show-system-info` will + * be available to logged in users of node-red editor + */ + diagnostics: { + /** enable or disable diagnostics endpoint. Must be set to `false` to disable */ + enabled: true, + /** enable or disable diagnostics display in the node-red editor. Must be set to `false` to disable */ + ui: true, + }, + /** Configure runtimeState options + * - enabled: When `enabled` is `true` flows runtime can be Started/Stopped + * by POSTing to available at http://localhost:1880/flows/state + * - ui: When `ui` is `true`, the action `core:start-flows` and + * `core:stop-flows` will be available to logged in users of node-red editor + * Also, the deploy menu (when set to default) will show a stop or start button + */ + runtimeState: { + /** enable or disable flows/state endpoint. Must be set to `false` to disable */ + enabled: false, + /** show or hide runtime stop/start options in the node-red editor. Must be set to `false` to hide */ + ui: false, + }, + /** Configure the logging output */ + logging: { + /** Only console logging is currently supported */ + console: { + /** Level of logging to be recorded. Options are: + * fatal - only those errors which make the application unusable should be recorded + * error - record errors which are deemed fatal for a particular request + fatal errors + * warn - record problems which are non fatal + errors + fatal errors + * info - record information about the general running of the application + warn + error + fatal errors + * debug - record information which is more verbose than info + info + warn + error + fatal errors + * trace - record very detailed logging + debug + info + warn + error + fatal errors + * off - turn off all logging (doesn't affect metrics or audit) + */ + level: "info", + /** Whether or not to include metric events in the log output */ + metrics: false, + /** Whether or not to include audit events in the log output */ + audit: false + } + }, + + /** Context Storage + * The following property can be used to enable context storage. The configuration + * provided here will enable file-based context that flushes to disk every 30 seconds. + * Refer to the documentation for further options: https://nodered.org/docs/api/context/ + */ + //contextStorage: { + // default: { + // module:"localfilesystem" + // }, + //}, + + /** `global.keys()` returns a list of all properties set in global context. + * This allows them to be displayed in the Context Sidebar within the editor. + * In some circumstances it is not desirable to expose them to the editor. The + * following property can be used to hide any property set in `functionGlobalContext` + * from being list by `global.keys()`. + * By default, the property is set to false to avoid accidental exposure of + * their values. Setting this to true will cause the keys to be listed. + */ + exportGlobalContextKeys: false, + + /** Configure how the runtime will handle external npm modules. + * This covers: + * - whether the editor will allow new node modules to be installed + * - whether nodes, such as the Function node are allowed to have their + * own dynamically configured dependencies. + * The allow/denyList options can be used to limit what modules the runtime + * will install/load. It can use '*' as a wildcard that matches anything. + */ + externalModules: { + // autoInstall: false, /** Whether the runtime will attempt to automatically install missing modules */ + // autoInstallRetry: 30, /** Interval, in seconds, between reinstall attempts */ + // palette: { /** Configuration for the Palette Manager */ + // allowInstall: true, /** Enable the Palette Manager in the editor */ + // allowUpdate: true, /** Allow modules to be updated in the Palette Manager */ + // allowUpload: true, /** Allow module tgz files to be uploaded and installed */ + // allowList: ['*'], + // denyList: [], + // allowUpdateList: ['*'], + // denyUpdateList: [] + // }, + // modules: { /** Configuration for node-specified modules */ + // allowInstall: true, + // allowList: [], + // denyList: [] + // } + }, /******************************************************************************* @@ -346,6 +381,12 @@ module.exports = { * a collection of themes to chose from. */ {{^editorTheme}}//{{/editorTheme}}theme: "{{editorTheme}}", + + /** To disable the 'Welcome to Node-RED' tour that is displayed the first + * time you access the editor for each release of Node-RED, set this to false + */ + //tours: false, + palette: { /** The following property can be used to order the categories in the editor * palette. If a node's category is not in the list, the category will get @@ -379,7 +420,7 @@ module.exports = { * packages/node_modules/@node-red/editor-client/src/vendor/monaco/dist/theme * e.g. "tomorrow-night", "upstream-sunburst", "github", "my-theme" */ - //theme: "vs", + // theme: "vs", /** other overrides can be set e.g. fontSize, fontFamily, fontLigatures etc. * for the full list, see https://microsoft.github.io/monaco-editor/docs.html#interfaces/editor.IStandaloneEditorConstructionOptions.html */ @@ -387,7 +428,16 @@ module.exports = { //fontFamily: "Cascadia Code, Fira Code, Consolas, 'Courier New', monospace", //fontLigatures: true, } - } + }, + + markdownEditor: { + mermaid: { + /** enable or disable mermaid diagram in markdown document + */ + enabled: true + } + }, + }, /******************************************************************************* @@ -488,7 +538,7 @@ module.exports = { */ //tlsConfigDisableLocalFiles: true, - /** The following property can be used to verify websocket connection attempts. + /** The following property can be used to verify WebSocket connection attempts. * This allows, for example, the HTTP request headers to be checked to ensure * they include valid authentication information. */