Home Assistant Community Add-on: Node-RED

Ok so the
!secret nodered_password

can be used for credential_secret and the password for the username as well?

Yes, you can use it on all ā€œstringsā€ / text fields.

1 Like

I have included all the needed credentials now but getting another error now:

18 Aug 16:29:16 - [warn] Error loading credentials: SyntaxError: Unexpected token ļæ½ in JSON at position 0
18 Aug 16:29:16 - [warn] Error loading flows: Error: Failed to decrypt credentials

Do you happen to have changed the ā€˜credential secretā€™?

If yes, documentation clearly states:

Once you set this property, do not change it - doing so will prevent Node-RED from being able to decrypt your existing credentials and they will be lost.

You might be able to gain access again by changing it to what it was before.
Otherwise youā€™ll have to reinstall the add-on/delete a file/folder, not sure.

Upgraded to 0.6.0 and everything seems working ok (as before)

Is there any way to install a node from a local or network file? (for example a node that is not avaliable in npm)

Probably, there should be a ā€˜node-red/nodes/ā€™-folder in ā€˜config/ā€™. From the Node-RED documentation:

Installing individual node files

During development it is also possible to install nodes by copying their .js and .html files into a nodes directory within your user data directory. If these nodes have any npm dependencies, they must be also be installed within the user data directory. This is only really recommended for development purposes.

Thats itā€¦ should have read that. Thanks!

Update:
Had to switch back to the old credentials but i could not use the secrets file anymore. This did not workā€¦ I have to use the normal config of the addon again.

Yeah me too, the secrets is not working for the user/pass , works only for credential_secret.

Same issue here, after upgrade to latest 0.6.0 version, I only can login the WEB UI using the following credentials:
!secret red_user
!secret red_password

:wink:

Found an issue with this! Thank you very much. This is just me being stupid.

Update:
For those interested: The secrets feature is part of the Community Add-ons base images, that takes care of getting user settings (and resolving secrets). The cool thing about this is, any add-on using that base image, gains that feature automatically.

The Node-RED add-on is different from all the other add-ons, since the Node-RED configuration takes care of user settings itself (and therefore bypasses the features offered by the base image).

So yeahā€¦ Iā€™m going to look into providing similar functionality, or maybe removing that from the documentation / release notes all together.

3 Likes

:tada: Release v0.6.1

Bug fix release!

Special thanks to @tielemans.jorim for submitting an PR that fixes the use of secrets with Node-RED :+1:

Full Changelog

Fixed

Changed

  • Upgrades base image to v2.1.2

Questions? Join our Discord server! https://discord.me/hassioaddons
Enjoying my add-ons? Consider supporting my work: https://patreon.com/frenck

2 Likes

I am getting this error

20 Aug 02:07:49 - [error] [server:Home Assistant] Home assistant connection failed with error: Connection to home assistant could not be established with config: https://aabbcc.duckdns.org:8123

Even after a fresh installā€¦

You should not use that URL. Please use http://hassio/homeassistant as the server URL.
After inserting / setting that URL, restart the add-on so the add-on can take care of the authentication for you.

Please check previous posts in this topic, for more details, which makes your question obsolete to begin with.

Thank you for the quick response. I am new to Node-RED. I just installed this an hour ago. This worked like magic. Thanks a ton @frenck.

Anyway to disable this or is it checked locally?

Just use a different, better password, security first! Otherwise, please read the documentation.

I sense a small concern here. If this is the case, let me explain:

The password are not checked locally, since the Password database of HaveIBeenPwned is about 10Gb.
So the password is checked against HaveIBeenPwned.com using their API.

However, we are not sending your password and are using the K-Anomity model for this. It works as follows:

  • You password will be hashed using SHA-1.
  • The first 5 characters of this resulting hash is send to the API of HaveIBeenPwned.
  • HaveIBeenPwned will respond with all the hashes, in their database, that start with those 5 characters.
  • We locally check the received hashes from HaveIBeenPwned against the full hash of your password in step one.
  • If weā€™ve found a match, wellā€¦ We stop with a warning.

TL;DR: We do use a public service, but we DO NOT send your password over the wire. NEVER EVER.

The code is publicly available, so feel free to check it out:

https://github.com/hassio-addons/addon-base/blob/1902ff1f3cbe6a17e7baf072c664c8c544028fb2/base/rootfs/usr/lib/hassio-addons/modules/pwned.sh#L74

1 Like

I am using node-red-contrib-moment which is my workaround for the relative_time bug in template sensors.
Sadfully, the payloads are generated in English like ā€œa minute agoā€.
Is it possible to change the locale of Node-RED somehow?

greetz Bob

Wow, what a nice explanation. Thank you really much :slight_smile:

My Node-RED is stuck in a boot loop. It began right after I tried to add alexa-local to my palette. Getting this repeatedly:

> 21 Aug 11:31:46 - [info] Started flows
> 21 Aug 11:31:46 - [red] Uncaught Exception:
> 21 Aug 11:31:46 - Error: bind EADDRINUSE 0.0.0.0:1900
>     at Object._errnoException (util.js:992:11)
>     at _exceptionWithHostPort (util.js:1014:20)
>     at _handle.lookup (dgram.js:266:18)
>     at _combinedTickCallback (internal/process/next_tick.js:141:11)
>     at process._tickCallback (internal/process/next_tick.js:180:9)
> npm ERR! code ELIFECYCLE
> npm ERR! errno 1
> npm ERR! [email protected] start: `node $NODE_OPTIONS node_modules/node-red/red.js "--settings" "/etc/node-red/config.js"`
> npm ERR! Exit status 1
> npm ERR! 
> npm ERR! Failed at the [email protected] start script.
> npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
> npm ERR! A complete log of this run can be found in:
> npm ERR!     /root/.npm/_logs/2018-08-21T16_31_46_909Z-debug.log

I tried deleting the 2 json package files in config/node-red, but it didnā€™t help. I have a backup from a week ago, but Iā€™d really like to get a current copy of my data before I reinstall. Where can I find it?

EDIT: \\hassio\config\node-red\.flows.json.backup

Whew. Didnā€™t see in in Windows initially, since it starts with a period.

1 Like