@tier0/node-red-contrib-opcda-client 1.0.0 → 1.0.1

package/OPCDA_Bridge_Setup_Guide.md

@@ -0,0 +1,132 @@
+# OPC DA to MQTT Bridge - Deployment Guide
+
+## 1. Prerequisites (Offline Package Contents)
+
+Before you begin, ensure you have the following files from the provided offline package:
+
+| # | File | Purpose |
+|---|------|---------|
+| 1 | `python-2.7.amd64.msi` | Python 2.7 runtime |
+| 2 | `pywin32-221.win-amd64-py2.7.exe` | Windows COM/DCOM support for Python |
+| 3 | `OpenOPC-1.3.1.win-amd64-py2.7.exe` | OPC DA client library |
+| 4 | `paho-mqtt-1.6.1.tar.gz` | MQTT client library (offline) |
+| 5 | `opctest.py` | Bridge script |
+
+> **Note:** If the script fails with a DCOM/OPC error on a machine that does NOT have KEPServerEX or any OPC software installed, you may also need to install `OPC Core Components Redistributable (x64).msi` to register `opcdaauto.dll`.
+
+## 2. Installation Steps
+
+### Step 1: Install Python 2.7
+
+1. Run `python-2.7.amd64.msi`
+2. **Important:** In the installation options, check **"Add python.exe to Path"**
+3. Keep the default installation path: `C:\Python27\`
+4. After installation, open CMD and verify:
+   ```
+   C:\Python27\python.exe --version
+   ```
+   Expected output: `Python 2.7.x`
+
+### Step 2: Install pywin32 (DCOM Support)
+
+1. Run `pywin32-221.win-amd64-py2.7.exe`
+2. The installer will automatically detect the Python 2.7 path
+3. Click "Next" through the installation
+
+### Step 3: Install OpenOPC
+
+1. Run `OpenOPC-1.3.1.win-amd64-py2.7.exe`
+2. The installer will automatically detect the Python 2.7 path
+3. Click "Next" through the installation
+
+### Step 4: Install paho-mqtt (Offline)
+
+1. Extract `paho-mqtt-1.6.1.tar.gz` to a folder (e.g. `C:\temp\paho-mqtt-1.6.1\`)
+2. Open **Command Prompt (CMD)** and run:
+   ```
+   cd C:\yourpath\paho-mqtt-1.6.1
+   C:\Python27\python.exe setup.py install
+   ```
+
+## 3. Configuration
+
+Open `opctest.py` in a text editor (e.g. Notepad) and update the following settings at the top of the file:
+
+```
+OPC_SERVER = 'Kepware.KEPServerEX.V6'    # OPC DA server ProgID
+OPC_HOST = '192.168.31.75'               # IP of the OPC DA server machine
+MQTT_BROKER = '192.168.31.45'            # IP of the MQTT broker (Node-RED)
+MQTT_PORT = 1883                         # MQTT port
+POLL_INTERVAL = 1                        # Read interval in seconds
+```
+
+Update the `TAGS` list with the actual OPC DA tag names:
+
+```
+TAGS = [
+    u'TI2022.PV',
+    u'TI2022.SV',
+    u'TI2022.MV',
+    # Add more tags as needed...
+]
+```
+
+## 4. Run the Bridge
+
+1. Open **Command Prompt as Administrator** (right-click CMD > "Run as administrator")
+2. Navigate to the folder containing `opctest.py`:
+   ```
+   cd C:\path\to\opctest
+   ```
+3. Run the script:
+   ```
+   C:\Python27\python.exe opctest.py
+   ```
+4. You should see output like:
+   ```
+   [*] OPC DA -> MQTT Bridge
+       OPC Server: Kepware.KEPServerEX.V6 @ 192.168.31.75
+       MQTT Broker: 192.168.31.45:1883
+       Tags: 3
+
+   [+] UNS import JSON written to uns_import.json
+   [+] MQTT connected
+   [+] OPC DA connected
+   [*] Publishing data every 1s (Ctrl+C to stop)...
+   --------------------------------------------------
+   [18:30:01] Published 3 tags
+   [18:30:02] Published 3 tags
+   ```
+5. Press `Ctrl+C` to stop the bridge gracefully
+
+## 5. Import UNS Structure into Tier 0
+
+1. After the script runs, a file named `uns_import.json` is generated in the same folder
+2. Open the Tier 0 platform
+3. Navigate to the UNS import function
+4. Upload `uns_import.json`
+5. The topic tree will be created automatically (e.g. `opcda/TI2022/Metric/PV`)
+
+## 6. Troubleshooting
+
+| Error | Solution |
+|-------|----------|
+| `'python' is not recognized` | Python was not added to PATH. Use the full path: `C:\Python27\python.exe` |
+| `No module named OpenOPC` | OpenOPC not installed. Re-run Step 4 |
+| `No module named paho` | paho-mqtt not installed. Re-run Step 5 |
+| `Access denied` / DCOM error | Run CMD as **Administrator** |
+| `OPC server not found` | Verify `OPC_SERVER` name and that the OPC server is running on the target machine |
+| `MQTT connection refused` | Verify `MQTT_BROKER` IP and that the MQTT broker is running on port 1883 |
+| Script stops unexpectedly | Check network connectivity to both OPC and MQTT servers |
+
+## 7. Run as a Windows Service (Optional)
+
+To keep the bridge running in the background after logoff, you can use **NSSM** (Non-Sucking Service Manager):
+
+1. Download `nssm.exe` and place it in the script folder
+2. Open CMD as Administrator and run:
+   ```
+   nssm install OPCDABridge "C:\Python27\python.exe" "C:\path\to\opctest.py"
+   nssm start OPCDABridge
+   ```
+3. The bridge will now run automatically on system startup

package/README.md

@@ -1,20 +1,13 @@
 # @tier0/node-red-contrib-opcda-client
 
-Node-RED nodes for reading and writing to OPC DA servers via DCOM.
+> **Fork Note:** This is a fork of the original `node-red-contrib-opcda-client` package. 
+> This version introduces **full NTLMv2 authentication support** and packet signing for modern Windows DCOM environments, utilizing a custom-built [`FREEZONEX/node-dcom`](https://github.com/FREEZONEX/node-dcom) fork. It also resolves `/opcda/browse` route conflicts with the original package.
 
-Forked from [node-red-contrib-opcda-client](https://github.com/emrebekar/node-red-contrib-opcda-client) by emrebekar.
+This node can be used in order to read and write to OPC DA servers.
 
-## Installation
-
-```bash
-npm install @tier0/node-red-contrib-opcda-client
-```
-
-## Nodes
-
-- **opcda-server** -- Connection configuration for an OPC DA server
-- **opcda-read** -- Read tags from an OPC DA server
-- **opcda-write** -- Write values to an OPC DA server
+- opcda-server
+- opcda-read
+- opcda-write
 
 ## Input Parameters
 ### opcda-server
@@ -80,10 +73,10 @@ set msg.payload parameter with the following;
 #### Screenshots
 
 ##### opcda-server
-![opcda-server](https://raw.githubusercontent.com/FREEZONEX/opcda-client/main/images/opcda_server.png)
+![opcda-server](https://raw.githubusercontent.com/emrebekar/node-red-contrib-opcda-client/master/images/opcda_server.png)
 
 ##### opcda-read
-![opcda-read](https://raw.githubusercontent.com/FREEZONEX/opcda-client/main/images/opcda_read.png)
+![opcda-read](https://raw.githubusercontent.com/emrebekar/node-red-contrib-opcda-client/master/images/opcda_read.png)
 
 ##### opcda-write
-![opcda-write](https://raw.githubusercontent.com/FREEZONEX/opcda-client/main/images/opcda_write.png)
+![opcda-write](https://raw.githubusercontent.com/emrebekar/node-red-contrib-opcda-client/master/images/opcda_write.png)

package/docker-compose.yml

@@ -0,0 +1,460 @@
+networks:
+  edge_network:
+    driver: bridge
+
+services:
+  frontend:
+    image: tier0/tier0-frontend:1.0.1-R8
+    container_name: frontend
+    ports:
+      - "3010:3000"
+      - "4000:4000"
+    environment:
+      - LLM_MODEL=${LLM_MODEL}
+      - LLM_API_KEY=${LLM_API_KEY}
+      - LLM_TYPE=${LLM_TYPE}
+      - REACT_APP_OS_LANG=${LANGUAGE}
+      - TOKEN_MAX_AGE=${TOKEN_MAX_AGE}
+      - TZ=UTC
+    command: >
+      sh -c "
+        if [ -z \"$LLM_API_KEY\" ]; then
+          echo 'LLM_API_KEY为空，跳过Node.js服务启动'
+          concurrently \"serve -s /app/web-dist -l 3000\"
+        else
+          echo 'LLM_API_KEY已配置，启动所有服务'
+          concurrently \"serve -s /app/web-dist -l 3000\" \"node /app/services-express-dist/index.js\"
+        fi
+      "
+    volumes:
+      - /etc/docker/certs:/certs
+    networks:
+      - edge_network
+    restart: always
+  uns:
+    image: tier0/tier0-backend:1.0.1-R8
+    container_name: uns
+    environment:
+      - LLM_MODEL=${LLM_MODEL}
+      - LLM_API_KEY=${LLM_API_KEY}
+      - LLM_TYPE=${LLM_TYPE}
+      - REACT_APP_OS_LANG=${LANGUAGE}
+      - OAUTH_REDIRECT_URI=${BASE_URL}/inter-api/supos/auth/token
+      - OAUTH_SUPOS_HOME=${BASE_URL}/uns
+      - OAUTH_REALM=${OAUTH_REALM}
+      - OAUTH_CLIENT_NAME=${OAUTH_CLIENT_NAME}
+      - OAUTH_CLIENT_ID=${OAUTH_CLIENT_ID}
+      - OAUTH_CLIENT_SECRET=${OAUTH_CLIENT_SECRET}
+      - OAUTH_GRANT_TYPE=${OAUTH_GRANT_TYPE}
+      - OAUTH_ISSUER_URI=${OAUTH_ISSUER_URI}
+      - OAUTH_REFRESH_TOKEN_TIME=${OAUTH_REFRESH_TOKEN_TIME}
+      - SYS_OS_APP_TITLE=${OS_NAME}
+      - SYS_OS_LOGIN_PATH=${OS_LOGIN_PATH}
+      - SYS_OS_LANG=${LANGUAGE}
+      - TOKEN_MAX_AGE=${TOKEN_MAX_AGE}
+      - TZ=UTC
+      - GRPC_POOL_CORE_SIZE=2
+      - GRPC_POOL_MAX_SIZE=4
+      - dbDSN=${UNS_DB_URL}
+      - SINK_PG_URL=${SINK_PG_URL}
+      - SINK_TSDB_URL=${SINK_TSDB_URL}
+      - NODE_RED_HOST=nodered
+      - NODE_RED_PORT=1880
+      - SYS_OS_MULTIPLE_TOPIC=false
+      - SYS_OS_VERSION=${OS_VERSION}
+      - SYS_OS_AUTH_ENABLE=${OS_AUTH_ENABLE}
+      - SYS_OS_LLM_TYPE=${OS_LLM_TYPE}
+      - SYS_OS_MQTT_TCP_PORT=${OS_MQTT_TCP_PORT}
+      - SYS_OS_MQTT_WEBSOCKET_TSL_PORT=${OS_MQTT_WEBSOCKET_TSL_PORT}
+      - SYS_OS_PLATFORM_TYPE=${OS_PLATFORM_TYPE}
+      - SYS_OS_ENTRANCE_URL=${BASE_URL}
+      - SYS_OS_QUALITY_NAME=quality
+      - SYS_OS_TIMESTAMP_NAME=timeStamp
+      - SYS_OS_LAZY_TREE=${LAZY_TREE}
+      - UNS_ADD_BATCH_SIZE=1000
+    volumes:
+      - ${VOLUMES_PATH}/edge/system/:/app/go-edge/system/
+      - ${VOLUMES_PATH}/edge/attachment/:/app/go-edge/attachment/
+      - ${VOLUMES_PATH}/edge/apps/:/app/data/apps/
+      - /etc/docker/certs:/certs
+    ports:
+      - "18998:8080"
+    networks:
+      - edge_network
+    depends_on:
+      postgresql:
+        condition: service_healthy
+    restart: always
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+  marimo:
+    image: suposce/marimo:latest
+    container_name: marimo
+    environment:
+      - TSDB_URL=postgresql+psycopg2://postgres:${TSDB_PASSWORD}@tsdb:5432/postgres
+      - PG_URL=postgresql+psycopg2://postgres:${POSTGRES_PASSWORD}@postgresql:5432/postgres
+    volumes:
+      - ${VOLUMES_PATH}/marimo/data:/app
+    # command: marimo edit /app/main.py --host 0.0.0.0 --port 8080 --no-token
+    restart: always
+    deploy:
+      resources:
+        limits:
+          memory: 2g
+        reservations:
+          memory: 512M
+    networks:
+      - edge_network
+  emqx:
+    image: emqx/emqx:5.8
+    container_name: emqx
+    ports:
+      - "1883:1883" # MQTT端口
+      - "8883:8883" # MQTT加密端口
+      - "8083:8083" # WebSocket端口
+      - "8084:8084" # WebSocket加密端口
+      - "18083:18083" # EMQX Dashboard端口
+    environment:
+      - EMQX_NAME=emqx
+      - EMQX_NODE__COOKIE=secretcookie # 节点通信时的cookie
+      - service_logo=emqx-original.svg
+      - service_description=aboutus.emqxDescription
+      - service_redirect_url=/emqx/home/
+      - service_account=admin
+      - service_password=public
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - ${VOLUMES_PATH}/emqx/data:/opt/emqx/data
+      - ${VOLUMES_PATH}/emqx/log:/opt/emqx/log
+      - ${VOLUMES_PATH}/emqx/config/emqx.conf:/opt/emqx/etc/emqx.conf
+      - ${VOLUMES_PATH}/emqx/config/default_api_key.conf:/opt/emqx/etc/default_api_key.conf
+      - ${VOLUMES_PATH}/emqx/config/acl.conf:/opt/emqx/etc/acl.conf
+    restart: always
+    networks:
+      - edge_network
+  nodered:
+    image: nodered/node-red:4.0.8-22
+    container_name: nodered
+    user: root
+    ports:
+      - "1880:1880" # Node-RED web UI端口
+    environment:
+      - service_logo=nodered-original.svg
+      - service_description=aboutus.nodeRedDescription
+      - FLOWS=/data/flows.json
+      - USE_ALIAS_AS_TOPIC=false
+      - TIMESTAMP_NAME=timeStamp
+      - QUALITY_NAME=quality
+      - TZ=UTC
+      - OS_LANG=${LANGUAGE}
+      - NODE_OPTIONS=--openssl-legacy-provider
+      - NODE_HTTP_API_PREFIX=/nodered-api
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - ${VOLUMES_PATH}/node-red:/data # 使用当前目录的 data 目录
+    depends_on:
+      - emqx
+    restart: always
+    networks:
+      - edge_network
+  eventflow:
+    image: nodered/node-red:4.0.8-22
+    container_name: eventflow
+    user: root
+    ports:
+      - "1889:1889" # Node-RED web UI端口
+    environment:
+      - service_logo=nodered-original.svg
+      - service_description=aboutus.nodeRedDescription
+      - FLOWS=/data/flows.json
+      - USE_ALIAS_AS_TOPIC=false
+      - QUALITY_NAME=status
+      - TIMESTAMP_NAME=timeStamp
+      - TZ=UTC
+      - OS_LANG=${LANGUAGE}
+      - NODE_OPTIONS=--openssl-legacy-provider
+      - NODE_HTTP_API_PREFIX=/eventflow-api
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - ${VOLUMES_PATH}/eventflow:/data # 使用当前目录的 data 目录
+    restart: always
+    networks:
+      - edge_network
+  grafana:
+    image: grafana/grafana:11.5.6
+    profiles:
+      - grafana
+    container_name: grafana
+    user: root
+    ports:
+      - "3000:3000" # Grafana web UI端口
+    volumes:
+      - ${VOLUMES_PATH}/grafana/data:/var/lib/grafana
+      # - ${VOLUMES_PATH}/grafana/data/plugins:/var/lib/grafana/plugins  # 使用当前目录的 data 目录
+    environment:
+      service_logo: grafana-original.svg
+      service_description: aboutus.grafanaDescription
+      service_redirect_url: /grafana/home/dashboards/
+      # 设置管理员用户的初始密码
+      GF_SECURITY_ADMIN_PASSWORD: "supos"
+      # 开启 Grafana 的 Explore 功能
+      GF_EXPLORE_ENABLED: "true"
+      # 安装 Grafana 插件
+      # GF_INSTALL_PLUGINS: "grafana-clock-panel,grafana-mqtt-datasource,tdengine-datasource,yesoreyeram-infinity-datasource"
+      # 注释掉的设置，用于改变 Grafana 用户界面的语言
+      GF_VIEWER_LANGUAGE: "${GRAFANA_LANG:-en-US}"
+      GF_AUTH_ANONYMOUS_ENABLED: "true"
+      GF_AUTH_ANONYMOUS_ORG_ROLE: "Admin"
+      GF_SECURITY_ALLOW_EMBEDDING: "true"
+      GF_SERVER_ROOT_URL: "http://${ENTRANCE_DOMAIN}/grafana/home/"
+      GF_USERS_DEFAULT_THEME: "light"
+      GF_DATABASE_TYPE: postgres
+      GF_DATABASE_HOST: postgresql:5432
+      GF_DATABASE_NAME: grafana
+      GF_DATABASE_USER: postgres
+      GF_DATABASE_PASSWORD: ${POSTGRES_PASSWORD}
+    restart: always
+    depends_on:
+      postgresql:
+        condition: service_healthy # 依赖 PostgreSQL 的健康状态
+    networks:
+      - edge_network
+  portainer:
+    image: portainer/portainer-ce:2.23.0
+    container_name: portainer
+    environment:
+      service_logo: portainer.svg
+    command: --admin-password="$$2y$$05$$ZTAqF7Tn.hil8X.ifVmQTuKiJQoZDiKDW3t1lRR2/VPR06QoHv4AC"
+    ports:
+      - "8000:8000"
+      - "9443:9443"
+    restart: always
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ${VOLUMES_PATH}/portainer:/data
+    networks:
+      - edge_network
+  postgresql:
+    image: timescale/timescaledb:2.20.0-pg17
+    container_name: postgresql
+    environment:
+      TZ: UTC # 设置容器时区
+      service_logo: postgresql-original.svg
+      service_description: aboutus.postgresqlDescription
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+    ports:
+      - "5432:5432"
+    volumes:
+      - ${VOLUMES_PATH}/postgresql/conf/postgresql.conf:/etc/postgresql/custom.conf
+      - /etc/localtime:/etc/localtime:ro
+      - ${VOLUMES_PATH}/postgresql/pgdata:/var/lib/postgresql/data # 持久化数据
+      - ${VOLUMES_PATH}/postgresql/init-scripts:/docker-entrypoint-initdb.d # 加载初始化脚本
+    command:
+      - postgres
+      - -c
+      - config_file=/etc/postgresql/custom.conf
+    healthcheck:
+      test: [ "CMD-SHELL", "psql -U postgres -d keycloak -c '\\dt public.initialization_complete' | grep -q 'initialization_complete'" ]
+      interval: 15s
+      timeout: 15s
+      retries: 60
+      start_period: 120s
+      start_interval: 10s
+    restart: always
+    networks:
+      - edge_network
+  keycloak:
+    image: keycloak/keycloak:26.0 # 使用 Keycloak 的最新镜像
+    container_name: keycloak
+    ports:
+      - "8081:8080"
+    user: root
+    deploy:
+      resources:
+        limits:
+          memory: 2G
+        reservations:
+          memory: 512M
+    environment:
+      service_logo: keycloak-original.svg
+      JAVA_OPTS: >-
+        -Xms512m
+        -Xmx1g
+        -XX:MaxMetaspaceSize=256m
+        -XX:MetaspaceSize=256m
+        -Xss512k
+        -XX:+UseG1GC
+      service_description: aboutus.keycloakDescription
+      service_redirect_url: /keycloak/home/
+      service_account: admin
+      service_password: tier0
+      KC_SSL_REQUIRED: none  # 不要求 SSL
+      KC_PROXY: passthrough                       # 设置代理模式
+      KC_HOSTNAME: "${ENTRANCE_DOMAIN}"              # 指定主机名
+      KC_FRONTEND_URL: "${BASE_URL}"  # 设置前端 URL
+      KC_BOOTSTRAP_ADMIN_USERNAME: admin
+      KC_BOOTSTRAP_ADMIN_PASSWORD: tier0
+      KC_COOKIE_SECURE: false # 禁用安全 cookie
+      KC_DB: postgres
+      KC_DB_URL: "jdbc:postgresql://postgresql:5432/keycloak"
+      KC_DB_USERNAME: postgres
+      KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
+      KC_DB_POOL_INITIAL_SIZE: 2
+      KC_DB_POOL_MIN_SIZE: 2
+      KC_DB_POOL_MAX_SIZE: 4
+      KC_DB_POOL_MAX_LIFETIME: 1800
+      KC_HEALTH_ENABLED: true
+      KC_FEATURES: token-exchange
+      JAVA_OPTS_APPEND: -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - ${VOLUMES_PATH}/keycloak/data:/opt/keycloak/data # 将 Keycloak 的数据目录挂载到本地
+      - ${VOLUMES_PATH}/keycloak/theme/keycloak.v2:/opt/keycloak/themes/wenhao
+      - ${VOLUMES_PATH}/keycloak/ca/ca.crt:/opt/keycloak/ca.crt
+      - ${VOLUMES_PATH}/keycloak/ca/init-ldaps-cert.sh:/opt/keycloak/init-ldaps-cert.sh
+    depends_on:
+      postgresql:
+        condition: service_healthy # 依赖 PostgreSQL 的健康状态
+    command: start-dev --hostname ${BASE_URL}/keycloak/home/auth  --proxy-headers forwarded
+    healthcheck:
+      test: >
+        /bin/bash -c " exec 3<>/dev/tcp/localhost/8080"
+      interval: 10s
+      timeout: 5s
+      retries: 60
+      start_period: 120s # 新增：给予2分钟的启动宽限期
+      start_interval: 10s # 新增：宽限期内的检查间隔
+    restart: always
+    networks:
+      - edge_network
+  tsdb:
+    image: timescale/timescaledb:2.20.0-pg17
+    container_name: tsdb
+    environment:
+      TZ: UTC # 设置容器时区
+      service_logo: postgresql-original.svg
+      service_description: aboutus.postgresqlDescription
+      POSTGRES_PASSWORD: ${TSDB_PASSWORD}
+    ports:
+      - "2345:5432"
+    volumes:
+      - ${VOLUMES_PATH}/tsdb/conf/postgresql.conf:/etc/postgresql/custom.conf
+      - ${VOLUMES_PATH}/tsdb/data:/var/lib/postgresql/data # 持久化数据
+      - ${VOLUMES_PATH}/tsdb/init-scripts:/docker-entrypoint-initdb.d # 加载初始化脚本
+    command:
+      - postgres
+      - -c
+      - config_file=/etc/postgresql/custom.conf
+    healthcheck:
+      test: [ "CMD-SHELL", "pg_isready -U postgres" ]
+      interval: 10s
+      timeout: 5s
+      retries: 10
+      start_period: 30s
+      start_interval: 60s
+    restart: always
+    networks:
+      - edge_network
+  kong:
+    image: kong:3.9.0
+    container_name: kong
+    environment:
+      KONG_WORKER_STATE_UPDATE_FREQUENCY: 30
+      KONG_DB_CACHE_TTL: 600
+      KONG_NGINX_WORKER_PROCESSES: 2
+      KONG_LUA_GC_PAUSE: 100 # 提高暂停率，降低 GC 触发频率
+      KONG_LUA_GC_STEPMUL: 200 # 增加单次回收强度
+      service_logo: konga-original.svg
+      service_description: aboutus.kongaDescription
+      service_redirect_url: /konga/home/
+      KONG_DATABASE: postgres
+      KONG_PG_HOST: postgresql
+      KONG_PG_PASSWORD: ${POSTGRES_PASSWORD}
+      KONG_PG_USER: postgres
+      KONG_ADMIN_LISTEN: 0.0.0.0:8001
+      KONG_SSL_CERT: /etc/kong/ssl/fullchain.cer
+      KONG_SSL_CERT_KEY: /etc/kong/ssl/private.key
+      KONG_PROXY_LISTEN: 0.0.0.0:8000, 0.0.0.0:8443 ssl
+      KONG_PLUGINS: bundled,supos-auth-checker,supos-url-transformer
+      KONG_PG_POOL_SIZE: 2
+      KONG_LOG_LEVEL: error
+      KONG_NGINX_HTTP_CLIENT_MAX_BODY_SIZE: 2048m
+      KONG_NGINX_PROXY_CLIENT_MAX_BODY_SIZE: 2048m
+      KONG_NGINX_HTTP_PROXY_CONNECT_TIMEOUT: 300000
+      KONG_NGINX_HTTP_PROXY_SEND_TIMEOUT: 300000
+      KONG_NGINX_HTTP_PROXY_READ_TIMEOUT: 300000
+    volumes:
+      - ${VOLUMES_PATH}/kong/certificationfile:/etc/kong/ssl:ro
+      - ${VOLUMES_PATH}/kong/kong_config.yml:/etc/kong/kong_config.yml
+      - ${VOLUMES_PATH}/kong/start.sh:/usr/local/bin/start.sh
+      - ${VOLUMES_PATH}/kong/kong-plugin-auth-checker:/usr/local/share/lua/5.1/kong/plugins/supos-auth-checker
+      - ${VOLUMES_PATH}/kong/kong-plugin-url-transformer:/usr/local/share/lua/5.1/kong/plugins/supos-url-transformer
+    ports:
+      - "${ENTRANCE_PORT:-8088}:8000"
+      - "${ENTRANCE_SSL_PORT:-8443}:8443"
+      - "8001:8001"
+      - "8444:8444"
+    depends_on:
+      - emqx
+      - uns
+      - keycloak
+      - postgresql
+    command: >
+      sh -c "kong migrations bootstrap &&
+             kong config db_import /etc/kong/kong_config.yml &&
+             kong start"
+    restart: always # 确保 Kong 自动重启
+    networks:
+      - edge_network
+  konga:
+    image: suposce/konga:1.0.0
+    container_name: konga
+    profiles:
+      - konga
+    environment:
+      # DB_ADAPTER: mysql           # 使用 MySQL 作为数据库
+      # DB_HOST: konga_mysql_database # MySQL 容器的主机名
+      # DB_USER: konga               # MySQL 用户
+      # DB_PASSWORD: konga           # MySQL 用户密码
+      # DB_DATABASE: konga          # MySQL 数据库名
+      # NODE_ENV: production           # 设置 NODE_ENV 为生产环境
+      NO_AUTH: "true" # 禁用认证
+      KONGA_SEED_KONG_NODE_DATA_SOURCE_FILE: /node.data
+    ports:
+      - "1337:1337" # 映射 Konga 的端口到主机
+    volumes:
+      - ${VOLUMES_PATH}/konga/db/:/app/kongadata/
+      - ${VOLUMES_PATH}/konga/node.data:/node.data # 持久化数据库数据
+    restart: always
+    networks:
+      - edge_network
+  minio:
+    image: minio/minio:RELEASE.2024-12-18T13-15-44Z
+    container_name: minio
+    profiles:
+      - minio
+    environment:
+      - service_logo=minio-original.svg
+      - service_description=aboutus.minioDescription
+      - service_redirect_url=/minio/home/
+      - MINIO_ACCESS_KEY=admin
+      - MINIO_SECRET_KEY=adminpassword
+      - MINIO_BROWSER_REDIRECT_URL=${BASE_URL}/minio/home
+      - MINIO_IDENTITY_OPENID_CONFIG_URL=${OAUTH_ISSUER_URI}/realms/supos/.well-known/openid-configuration
+      - MINIO_IDENTITY_OPENID_CLIENT_ID=${OAUTH_CLIENT_ID}
+      - MINIO_IDENTITY_OPENID_CLIENT_SECRET=${OAUTH_CLIENT_SECRET}
+      - MINIO_IDENTITY_OPENID_SCOPES=openid
+      - MINIO_IDENTITY_OPENID_ROLE_POLICY=public-delete-policy
+      - MINIO_IDENTITY_OPENID_REDIRECT_URI=${BASE_URL}/minio/home/oauth_callback
+    ports:
+      - "9000:9000" # Web UI 端口
+      - "9001:9001" # Admin API 端口 (如果需要访问管理接口)
+    volumes:
+      - ${VOLUMES_PATH}/minio/data:/data # 数据存储位置
+    command: server /data --console-address ":9001"
+    depends_on:
+      keycloak:
+        condition: service_healthy
+    restart: always
+    networks:
+      - edge_network

package/opcda/opcda-read.js

@@ -26,11 +26,35 @@ module.exports = function(RED) {
 	};
 
 	function resolveError(e) {
+		if (typeof e === "number") {
+			const u = e >>> 0;
+			if (errorCode[e] !== undefined) return errorCode[e];
+			if (errorCode[u] !== undefined) return errorCode[u];
+			return "HRESULT 0x" + u.toString(16).toUpperCase() + " (" + e + ")";
+		}
+		if (e instanceof Error && e.message) {
+			const asNum = Number(e.message);
+			if (!Number.isNaN(asNum) && String(asNum) === String(e.message).trim()) {
+				return resolveError(asNum);
+			}
+			return e.message;
+		}
 		if (errorCode[e]) return errorCode[e];
-		if (typeof e === 'number') return `DCOM error code: 0x${(e >>> 0).toString(16).toUpperCase()}`;
-		if (e instanceof Error) return e.message || e.toString();
-		if (typeof e === 'string') return e;
-		try { return JSON.stringify(e); } catch (_) { return String(e); }
+		if (typeof e === "string") return e;
+		try {
+			return JSON.stringify(e);
+		} catch (_) {
+			return String(e);
+		}
+	}
+
+	/** IOPCItemMgt::Add per-item result (may be signed negative in JS). */
+	function describeOpcItemResult(code) {
+		if (code === 0) return "OK";
+		const unsigned = code >>> 0;
+		const fromOpc = opcda.constants.opc.errorDesc[String(unsigned)];
+		if (fromOpc) return fromOpc + " (0x" + unsigned.toString(16).toUpperCase() + ")";
+		return "OPC/DCOM result 0x" + unsigned.toString(16).toUpperCase() + " (" + code + ")";
 	}
 	    
 	function OPCDARead(config) {
@@ -105,9 +129,12 @@ module.exports = function(RED) {
 					try{
 						node.updateStatus('connecting');
 		
-						var timeout = parseInt(server.config.timeout);
+						var timeout = parseInt(server.config.timeout, 10);
+						if (!Number.isFinite(timeout) || timeout <= 0) {
+							timeout = 15000;
+						}
 						var comSession = new Session();
-			
+
 						comSession = comSession.createSession(server.config.domain, server.credentials.username, server.credentials.password);
 						comSession.setGlobalSocketTimeout(timeout);
 		
@@ -144,7 +171,7 @@ module.exports = function(RED) {
 							const item = itemsList[i];
 			
 							if (addedItem[0] !== 0) {
-								node.warn(`Error adding item '${item.itemID}'`);
+								node.warn("Error adding item '" + item.itemID + "': " + describeOpcItemResult(addedItem[0]));
 							} 
 							else {
 								serverHandles.push(addedItem[1].serverHandle);