Problem after login

[ericzon]

Hello,

I'm trying to integrate gitlab login in my application (node-red embedded into express application). I read the documentation, filled all the required credentials and added the callback endpoint but I think I'm missing something related with scopes because I get 401 although I set username: "ericzon" with permissions: ["*"]

Here is my basic setup:

const http = require('http');
const path = require('path');
const express = require('express');
const RED = require('node-red');
const passport = require('passport');

const app = express();
console.log('Starting application...');

app.use('/', express.static('public'));

const server = http.createServer(app);
const HOME_DIR = '/red';
const settings = {
    httpAdminRoot: HOME_DIR,
    httpNodeRoot: '/api',
    userDir: path.join(__dirname, path.sep, 'userDir'),
    functionGlobalContext: { },    // enables global context
    
    adminAuth: require('./userDir/node_modules/node-red-auth-gitlab')({
        clientID: process.env.GITLAB_CLIENT_ID,
        clientSecret: process.env.GITLAB_SECRET,
        baseURL: "http://localhost:3000",
        gitlabURL: "https://gitlab.com/",
        users: [
           { username: "ericzon", permissions: ["*"]}
        ]
    })
};

RED.init(server, settings);

app.use(settings.httpAdminRoot, RED.httpAdmin);
app.use(settings.httpNodeRoot, RED.httpNode);

app.get('/auth/strategy/callback',
  passport.authenticate('gitlab', {
    failureRedirect: '/red-auth-failure'
  }),
  function(req, res) {
    res.redirect(HOME_DIR);
  });

const PORT = process.env.PORT || 3000;

server.listen(PORT), () => {
   console.log('Listening port ' + PORT);
};

RED.start();

I go through all the process of login against Gitlab, all seems ok but when I return to backoffice, settings request returns 401 and login appears:

I'm using node-red version: v1.0.6 & 1.1.0 in MACOS Mojave

Adding another log in @node-red/editor-api/lib/auth/index.js inside needsPermission method I can see that 401 is returned after failing settings.read

P.S 1: It works fine when I run this kind of auth in a version of node-red without embed in express.
P.S 2: Investigating more, I see that the problem seems to be caused by httpAdminRoot. If I set '/' it seems to work well in my version but if I add '/red' as prefix, it fails. Any way to work with different httpAdminRoot?

Thank you!

[ericzon]

@VincentSC any idea about this?

[VincentSC]

Sorry, missed the issue completely.

I'm not understanding what you're doing, as you're partly remaking this plugin! So just throw away your code, follow the instructions and it should work.

If your application cannot handle it the standard way, then I'm sorry to say that's out of scope for help I'm offering.