diff --git a/docs/api/admin/oauth.md b/docs/api/admin/oauth.md
index 5760061f..1bc609a0 100644
--- a/docs/api/admin/oauth.md
+++ b/docs/api/admin/oauth.md
@@ -54,7 +54,7 @@ The API is secured by access token.
### Step 1 - Obtain an access token
An HTTP POST to `/auth/token` is used to exchange user credentials for an access
-token.
+token. This path is only available if an authentication scheme is enabled (see above).
The following parameters must be provided:
@@ -95,3 +95,14 @@ POST to `/auth/revoke`:
curl example:
curl --data 'token=A_SECRET_TOKEN' -H "Authorization: Bearer A_SECRET_TOKEN" http://localhost:1880/auth/revoke
+
+### A note on paths
+
+The above assumes that you are using the http scheme rather than https. It also assumes that you have not used the `httpAdminRoot` setting to change the path that admin resources are delivered from.
+
+If you have changed either of those, you will need to adjust the paths given in the examples.
+
+adjusted curl example:
+Assuming
httpAdminRoot
is set to
red
and
https
is configured
+
curl https://localhost:1880/red/auth/login
+
diff --git a/docs/creating-nodes/first-node.md b/docs/creating-nodes/first-node.md
index 9ec6412e..ebf0b17a 100644
--- a/docs/creating-nodes/first-node.md
+++ b/docs/creating-nodes/first-node.md
@@ -34,7 +34,7 @@ module.exports = function(RED) {
function LowerCaseNode(config) {
RED.nodes.createNode(this,config);
var node = this;
- this.on('input', function(msg) {
+ node.on('input', function(msg) {
msg.payload = msg.payload.toLowerCase();
node.send(msg);
});
@@ -62,6 +62,11 @@ on in the flow.
Finally, the `LowerCaseNode` function is registered with the runtime using the
name for the node, `lower-case`.
+In order to retain a consistent reference to the nodes `this`, a variable called
+`node` is created pointing to `this`. `this`/`node` contains the information
+related to the created instance of the node. You would typically pass the nodes
+properties, `config`. to to `node` as well.
+
If the node has any external module dependencies, they must be npm installed
alongside the node files.
diff --git a/docs/creating-nodes/properties.md b/docs/creating-nodes/properties.md
index 7d341ca7..fab0538f 100644
--- a/docs/creating-nodes/properties.md
+++ b/docs/creating-nodes/properties.md
@@ -36,9 +36,9 @@ property called `prefix` to the node:
function LowerCaseNode(config) {
RED.nodes.createNode(this,config);
- this.prefix = config.prefix;
var node = this;
- this.on('input', function(msg) {
+ node.prefix = config.prefix;
+ node.on('input', function(msg) {
msg.payload = node.prefix + msg.payload.toLowerCase();
node.send(msg);
});
diff --git a/docs/security.md b/docs/security.md
index 15bbb5e8..a7cd213e 100644
--- a/docs/security.md
+++ b/docs/security.md
@@ -14,6 +14,11 @@ two parts:
- the [editor and admin API](#editor--admin-api-security)
- the [HTTP Nodes and static content](#http-node-security).
+
+Note: When adding security, you should also switch from using `http` to `https` otherwise you are transmitting
+credentials in a way that can be intercepted. The setting `https` is used for this purpose.
+
+
### Editor & Admin API security
To enable user authentication on the Editor and Admin API, add the following to
@@ -202,3 +207,7 @@ was expected to be an MD5 hash. This is cryptographically insecure, so has been
superseded with bcrypt, as used by adminAuth
. For backwards compatibility, MD5
hashes are still supported - but they are not recommended.
+
+#### Alternatives
+
+As an alternative to using `httpNodeAuth`, the `httpNodeMiddleware` setting allows you to specify some ExpressJS middleware. This can be used to provide your own security function.