FlowFuse / device-agent

An agent to run FlowFuse managed instances of Node-RED on devices
Apache License 2.0
16 stars 8 forks source link

Allow local (LAN) access to a device as a config option #216

Open robmarcer opened 10 months ago

robmarcer commented 10 months ago

Description

As a backup to being able to access a device's editor from FlowFuse, it would be helpful to be able to access the editor directly.

This has been requested by this existing customer - https://app-eu1.hubspot.com/contacts/26586079/record/0-1/503903

This will allow a user to make changes to their flow in an emergency situation where their network connection to FlowFuse is unstable or offline.

We would need to consider how the local connection to these devices is secured.

I would suggest that local access is disabled by default but can be switched on by editing the device's device.yml

MarianRaphael commented 10 months ago

See https://github.com/FlowFuse/flowfuse/issues/2855

robmarcer commented 6 months ago

This has also been discussed with https://app-eu1.hubspot.com/contacts/26586079/record/0-1/4909801 & https://app-eu1.hubspot.com/contacts/26586079/record/0-1/1956

joepavitt commented 5 months ago

Security is managed by FF OAuth, but a strong use case here is the ability to access the editor if the device has lost network connection. Open point of discussion here is how we handle the security of the offline access use case.

ZJvandeWeg commented 5 months ago

My worries are around having multiple ways of achieving the same thing (editing flows) which do have different features available to them.

One of these customers linked wanted a stable URL to the editor. This issue doesn't service that request. Also, all edge cases point to the problem that we cannot both provide the service level users are used to AND be partition tolerant. cap theorem is pretty clear on that, and FlowFuse shouldn't jump through hoops to reinvent the wheel.