Tracking Who Has Opened a Dashboard
Using FlowFuse Authentication Audit Dashboard v2 Access
As we continue to add features to the Node-RED Dashboard v2 one feature request that came in was to track which users had visited a Dashboard. Multi user support for the Dashboard is on the backlog but this could be solved with the parts that are currently available.
# FlowFuse Authentication
One of the features we offer on FlowFuse is the ability to protect HTTP endpoints and Dashboards using the same FlowFuse user authentication that protects access to the FlowFuse Application and the Node-RED instances.
We even offer a specific RBAC 'viewer' role that just allows access to these endpoints but not the FlowFuse application.
FlowFuse authentication can be enabled from the Instance Settings page on the Security tab
This can be used to secure access to a Dashboard hosted in a Node-RED Instance. At the moment the Dashboard while protected by this authentication, it is not aware of which user is accessing it.
But if we include an element in the Dashboard loaded via a HTTP-in/HTTP-response node we gain access to details of the authenticated user.
# Implementation
First we will create a HTTP-in/HTTP-response pair to serve up a single pixel SVG image. I chose SVG as it doesn't require creating a binary image file to load.
The following flow snippet includes both the HTTP-in/HTTP-response nodes and a change node to set the msg.payload
to the SVG content and to set the HTTP headers to include the correct mime type.
There is also a second change node which extracts the user information.
Next we need to add the SVG to the Dashboard, this can be done by adding a Template node with the following HTML content.
<div>
<object data="/tracker" height="1" width="1"></object>
</div>
This will load the image every time the Dashboard page loads and hence trigger the earlier flow allowing the user to be logged.
# Linking to SSO Users
With the release of FlowFuse v1.14.0 the session object will also include the users email address which is the shared identifier between FlowFuse and the SSO system. This will allow the logging to use a single unified identifier.
Written By:
Published on:
Related Articles:
- Node-RED Dashboard Formally Deprecated
- How to add images to Node-RED dashboards when using FlowFuse
- Visual Layout Editor - Now Available in Dashboard
- MQTT Service Now Available on FlowFuse
- Dialogs, Customizable Icons and Histograms Now Available in FlowFuse Dashboard