✨ MQTT node: Add SSL/TLS support (#1828)

* MQTT node: Add SSL/TLS support * Add import IDisplayOptions * Remove as NodePropertyTypes
2025-12-17 10:02:05 +00:00 · 2021-09-03 14:37:19 +02:00
parent e928fb182b
commit 7b752ce492
3 changed files with 166 additions and 18 deletions
--- a/packages/nodes-base/credentials/Mqtt.credentials.ts
+++ b/packages/nodes-base/credentials/Mqtt.credentials.ts
@@ -1,5 +1,6 @@
 import {
 	ICredentialType,
+	IDisplayOptions,
 	INodeProperties,
 } from 'n8n-workflow';

@@ -69,5 +70,99 @@ export class Mqtt implements ICredentialType {
 			default: '',
 			description: 'Client ID. If left empty, one is autogenrated for you',
 		},
+		{
+			displayName: 'SSL',
+			name: 'ssl',
+			type: 'boolean',
+			default: false,
+		},
+		{
+			displayName: 'Passwordless',
+			name: 'passwordless',
+			type: 'boolean',
+			displayOptions: {
+				show: {
+					ssl: [
+						true,
+					],
+				},
+			},
+			default: true,
+			description: 'Passwordless connection with certificates (SASL mechanism EXTERNAL)',
+		},
+		{
+			displayName: 'CA Certificates',
+			name: 'ca',
+			type: 'string',
+			typeOptions: {
+				password: true,
+			},
+			displayOptions: {
+				show: {
+					ssl: [
+						true,
+					],
+				},
+			},
+			default: '',
+			description: 'SSL CA Certificates to use.',
+		},
+		{
+			displayName: 'Reject Unauthorized Certificate',
+			name: 'rejectUnauthorized',
+			type: 'boolean',			
+			displayOptions: {
+				show: {
+					ssl: [
+						true,
+					],
+					passwordless: [
+						true,
+					],
+				},
+			} as IDisplayOptions,
+			default: '',
+			description: 'Validate Certificate.',
+		},
+		{
+			displayName: 'Client Certificate',
+			name: 'cert',
+			type: 'string',
+			typeOptions: {
+				password: true,
+			},
+			displayOptions: {
+				show: {
+					ssl: [
+						true,
+					],
+					passwordless: [
+						true,
+					],
+				},
+			} as IDisplayOptions,
+			default: '',
+			description: 'SSL Client Certificate to use.',
+		},
+		{
+			displayName: 'Client Key',
+			name: 'key',
+			type: 'string',
+			typeOptions: {
+				password: true,
+			},
+			displayOptions: {
+				show: {
+					ssl: [
+						true,
+					],
+					passwordless: [
+						true,
+					],
+				},
+			},
+			default: '',
+			description: 'SSL Client Key to use.',
+		},
 	];
 }
--- a/packages/nodes-base/nodes/MQTT/Mqtt.node.ts
+++ b/packages/nodes-base/nodes/MQTT/Mqtt.node.ts
@@ -119,7 +119,15 @@ export class Mqtt implements INodeType {
 		const port = credentials.port as number || 1883;
 		const clientId = credentials.clientId as string || `mqttjs_${Math.random().toString(16).substr(2, 8)}`;
 		const clean = credentials.clean as boolean;
+		const ssl = credentials.ssl as boolean;
+		const ca = credentials.ca as string;
+		const cert = credentials.cert as string;
+		const key = credentials.key as string;
+		const rejectUnauthorized = credentials.rejectUnauthorized as boolean;

+		let client: mqtt.MqttClient;
+
+		if (ssl === false) {
 			const clientOptions: IClientOptions = {
 				port,
 				clean,
@@ -131,7 +139,26 @@ export class Mqtt implements INodeType {
 					clientOptions.password = credentials.password as string;
 			}

-		const client = mqtt.connect(brokerUrl, clientOptions);
+			 client = mqtt.connect(brokerUrl, clientOptions);
+		}
+		else {
+			const clientOptions: IClientOptions = {
+				port,
+				clean,
+				clientId,
+				ca,
+				cert,
+				key,
+				rejectUnauthorized,	
+			};
+			if (credentials.username && credentials.password) {
+				clientOptions.username = credentials.username as string;
+				clientOptions.password = credentials.password as string;
+			}
+
+			 client = mqtt.connect(brokerUrl, clientOptions);
+		}
+		
 		const sendInputData = this.getNodeParameter('sendInputData', 0) as boolean;

 		// tslint:disable-next-line: no-any
--- a/packages/nodes-base/nodes/MQTT/MqttTrigger.node.ts
+++ b/packages/nodes-base/nodes/MQTT/MqttTrigger.node.ts
@@ -102,7 +102,15 @@ export class MqttTrigger implements INodeType {
 		const port = credentials.port as number || 1883;
 		const clientId = credentials.clientId as string || `mqttjs_${Math.random().toString(16).substr(2, 8)}`;
 		const clean = credentials.clean as boolean;
+		const ssl = credentials.ssl as boolean;
+		const ca = credentials.ca as string;
+		const cert = credentials.cert as string;
+		const key = credentials.key as string;
+		const rejectUnauthorized = credentials.rejectUnauthorized as boolean;

+		let client: mqtt.MqttClient;
+
+		if (ssl === false) {
 			const clientOptions: IClientOptions = {
 				port,
 				clean,
@@ -114,7 +122,25 @@ export class MqttTrigger implements INodeType {
 					clientOptions.password = credentials.password as string;
 			}

-		const client = mqtt.connect(brokerUrl, clientOptions);
+			 client = mqtt.connect(brokerUrl, clientOptions);
+		}
+		else {
+			const clientOptions: IClientOptions = {
+				port,
+				clean,
+				clientId,
+				ca,
+				cert,
+				key,
+				rejectUnauthorized,	
+			};
+			if (credentials.username && credentials.password) {
+				clientOptions.username = credentials.username as string;
+				clientOptions.password = credentials.password as string;
+			}
+
+			 client = mqtt.connect(brokerUrl, clientOptions);
+		}

 		const self = this;