n8n/dist/controllers/oauth/oAuth1Credential.controller.js

n8n Workflow Automation Tool

"use strict";
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
    return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.OAuth1CredentialController = void 0;
const axios_1 = __importDefault(require("axios"));
const oauth_1_0a_1 = __importDefault(require("oauth-1.0a"));
const crypto_1 = require("crypto");
const decorators_1 = require("../../decorators");
const ResponseHelper_1 = require("../../ResponseHelper");
const abstractOAuth_controller_1 = require("./abstractOAuth.controller");
const not_found_error_1 = require("../../errors/response-errors/not-found.error");
const algorithmMap = {
    'HMAC-SHA256': 'sha256',
    'HMAC-SHA512': 'sha512',
    'HMAC-SHA1': 'sha1',
};
let OAuth1CredentialController = class OAuth1CredentialController extends abstractOAuth_controller_1.AbstractOAuthController {
    constructor() {
        super(...arguments);
        this.oauthVersion = 1;
    }
    async getAuthUri(req) {
        const credential = await this.getCredential(req);
        const additionalData = await this.getAdditionalData();
        const decryptedDataOriginal = await this.getDecryptedData(credential, additionalData);
        const oauthCredentials = this.applyDefaultsAndOverwrites(credential, decryptedDataOriginal, additionalData);
        const [csrfSecret, state] = this.createCsrfState(credential.id);
        const signatureMethod = oauthCredentials.signatureMethod;
        const oAuthOptions = {
            consumer: {
                key: oauthCredentials.consumerKey,
                secret: oauthCredentials.consumerSecret,
            },
            signature_method: signatureMethod,
            hash_function(base, key) {
                var _a;
                const algorithm = (_a = algorithmMap[signatureMethod]) !== null && _a !== void 0 ? _a : 'sha1';
                return (0, crypto_1.createHmac)(algorithm, key).update(base).digest('base64');
            },
        };
        const oauthRequestData = {
            oauth_callback: `${this.baseUrl}/callback?state=${state}`,
        };
        await this.externalHooks.run('oauth1.authenticate', [oAuthOptions, oauthRequestData]);
        const oauth = new oauth_1_0a_1.default(oAuthOptions);
        const options = {
            method: 'POST',
            url: oauthCredentials.requestTokenUrl,
            data: oauthRequestData,
        };
        const data = oauth.toHeader(oauth.authorize(options));
        options.headers = data;
        const { data: response } = await axios_1.default.request(options);
        const paramsParser = new URLSearchParams(response);
        const responseJson = Object.fromEntries(paramsParser.entries());
        const returnUri = `${oauthCredentials.authUrl}?oauth_token=${responseJson.oauth_token}`;
        decryptedDataOriginal.csrfSecret = csrfSecret;
        await this.encryptAndSaveData(credential, decryptedDataOriginal);
        this.logger.verbose('OAuth1 authorization successful for new credential', {
            userId: req.user.id,
            credentialId: credential.id,
        });
        return returnUri;
    }
    async handleCallback(req, res) {
        try {
            const { oauth_verifier, oauth_token, state: encodedState } = req.query;
            if (!oauth_verifier || !oauth_token || !encodedState) {
                return this.renderCallbackError(res, 'Insufficient parameters for OAuth1 callback.', `Received following query parameters: ${JSON.stringify(req.query)}`);
            }
            let state;
            try {
                state = this.decodeCsrfState(encodedState);
            }
            catch (error) {
                return this.renderCallbackError(res, error.message);
            }
            const credentialId = state.cid;
            const credential = await this.getCredentialWithoutUser(credentialId);
            if (!credential) {
                const errorMessage = 'OAuth1 callback failed because of insufficient permissions';
                this.logger.error(errorMessage, { credentialId });
                return this.renderCallbackError(res, errorMessage);
            }
            const additionalData = await this.getAdditionalData();
            const decryptedDataOriginal = await this.getDecryptedData(credential, additionalData);
            const oauthCredentials = this.applyDefaultsAndOverwrites(credential, decryptedDataOriginal, additionalData);
            if (this.verifyCsrfState(decryptedDataOriginal, state)) {
                const errorMessage = 'The OAuth1 callback state is invalid!';
                this.logger.debug(errorMessage, { credentialId });
                return this.renderCallbackError(res, errorMessage);
            }
            const options = {
                method: 'POST',
                url: oauthCredentials.accessTokenUrl,
                params: {
                    oauth_token,
                    oauth_verifier,
                },
            };
            let oauthToken;
            try {
                oauthToken = await axios_1.default.request(options);
            }
            catch (error) {
                this.logger.error('Unable to fetch tokens for OAuth1 callback', { credentialId });
                const errorResponse = new not_found_error_1.NotFoundError('Unable to get access tokens!');
                return (0, ResponseHelper_1.sendErrorResponse)(res, errorResponse);
            }
            const paramParser = new URLSearchParams(oauthToken.data);
            const oauthTokenJson = Object.fromEntries(paramParser.entries());
            decryptedDataOriginal.oauthTokenData = oauthTokenJson;
            await this.encryptAndSaveData(credential, decryptedDataOriginal);
            this.logger.verbose('OAuth1 callback successful for new credential', {
                credentialId,
            });
            return res.render('oauth-callback');
        }
        catch (error) {
            this.logger.error('OAuth1 callback failed because of insufficient user permissions');
            return (0, ResponseHelper_1.sendErrorResponse)(res, error);
        }
    }
};
exports.OAuth1CredentialController = OAuth1CredentialController;
__decorate([
    (0, decorators_1.Get)('/auth'),
    __metadata("design:type", Function),
    __metadata("design:paramtypes", [Object]),
    __metadata("design:returntype", Promise)
], OAuth1CredentialController.prototype, "getAuthUri", null);
__decorate([
    (0, decorators_1.Get)('/callback', { usesTemplates: true, skipAuth: true }),
    __metadata("design:type", Function),
    __metadata("design:paramtypes", [Object, Object]),
    __metadata("design:returntype", Promise)
], OAuth1CredentialController.prototype, "handleCallback", null);
exports.OAuth1CredentialController = OAuth1CredentialController = __decorate([
    (0, decorators_1.RestController)('/oauth1-credential')
], OAuth1CredentialController);
//# sourceMappingURL=oAuth1Credential.controller.js.map