UNPKG

n8n

Version:

n8n Workflow Automation Tool

n8n.io

n8n-io/n8n

178 lines 9.15 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
"use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; var desc = Object.getOwnPropertyDescriptor(m, k); if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { desc = { enumerable: true, get: function() { return m[k]; } }; } Object.defineProperty(o, k2, desc); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) { var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc); else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r; return c > 3 && r && Object.defineProperty(target, key, r), r; }; var __importStar = (this && this.__importStar) || (function () { var ownKeys = function(o) { ownKeys = Object.getOwnPropertyNames || function (o) { var ar = []; for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; return ar; }; return ownKeys(o); }; return function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); __setModuleDefault(result, mod); return result; }; })(); var __metadata = (this && this.__metadata) || function (k, v) { if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v); }; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.AbstractOAuthController = exports.skipAuthOnOAuthCallback = void 0; const config_1 = require("@n8n/config"); const di_1 = require("@n8n/di"); const csrf_1 = __importDefault(require("csrf")); const n8n_core_1 = require("n8n-core"); const n8n_workflow_1 = require("n8n-workflow"); const constants_1 = require("../../constants"); const credentials_helper_1 = require("../../credentials-helper"); const credentials_repository_1 = require("../../databases/repositories/credentials.repository"); const shared_credentials_repository_1 = require("../../databases/repositories/shared-credentials.repository"); const auth_error_1 = require("../../errors/response-errors/auth.error"); const bad_request_error_1 = require("../../errors/response-errors/bad-request.error"); const not_found_error_1 = require("../../errors/response-errors/not-found.error"); const external_hooks_1 = require("../../external-hooks"); const url_service_1 = require("../../services/url.service"); const WorkflowExecuteAdditionalData = __importStar(require("../../workflow-execute-additional-data")); const MAX_CSRF_AGE = 5 * constants_1.Time.minutes.toMilliseconds; exports.skipAuthOnOAuthCallback = process.env.N8N_SKIP_AUTH_ON_OAUTH_CALLBACK !== 'true'; let AbstractOAuthController = class AbstractOAuthController { constructor(logger, externalHooks, credentialsHelper, credentialsRepository, sharedCredentialsRepository, urlService, globalConfig) { this.logger = logger; this.externalHooks = externalHooks; this.credentialsHelper = credentialsHelper; this.credentialsRepository = credentialsRepository; this.sharedCredentialsRepository = sharedCredentialsRepository; this.urlService = urlService; this.globalConfig = globalConfig; } get baseUrl() { const restUrl = `${this.urlService.getInstanceBaseUrl()}/${this.globalConfig.endpoints.rest}`; return `${restUrl}/oauth${this.oauthVersion}-credential`; } async getCredential(req) { const { id: credentialId } = req.query; if (!credentialId) { throw new bad_request_error_1.BadRequestError('Required credential ID is missing'); } const credential = await this.sharedCredentialsRepository.findCredentialForUser(credentialId, req.user, ['credential:read']); if (!credential) { this.logger.error(`OAuth${this.oauthVersion} credential authorization failed because the current user does not have the correct permissions`, { userId: req.user.id }); throw new not_found_error_1.NotFoundError(constants_1.RESPONSE_ERROR_MESSAGES.NO_CREDENTIAL); } return credential; } async getAdditionalData() { return await WorkflowExecuteAdditionalData.getBase(); } async getDecryptedDataForAuthUri(credential, additionalData) { return await this.getDecryptedData(credential, additionalData, false); } async getDecryptedDataForCallback(credential, additionalData) { return await this.getDecryptedData(credential, additionalData, true); } async getDecryptedData(credential, additionalData, raw) { return await this.credentialsHelper.getDecrypted(additionalData, credential, credential.type, 'internal', undefined, raw); } applyDefaultsAndOverwrites(credential, decryptedData, additionalData) { return this.credentialsHelper.applyDefaultsAndOverwrites(additionalData, decryptedData, credential.type, 'internal'); } async encryptAndSaveData(credential, toUpdate, toDelete = []) { const credentials = new n8n_core_1.Credentials(credential, credential.type, credential.data); credentials.updateData(toUpdate, toDelete); await this.credentialsRepository.update(credential.id, { ...credentials.getDataToSave(), updatedAt: new Date(), }); } async getCredentialWithoutUser(credentialId) { return await this.credentialsRepository.findOneBy({ id: credentialId }); } createCsrfState(credentialsId, userId) { const token = new csrf_1.default(); const csrfSecret = token.secretSync(); const state = { token: token.create(csrfSecret), cid: credentialsId, createdAt: Date.now(), userId, }; return [csrfSecret, Buffer.from(JSON.stringify(state)).toString('base64')]; } decodeCsrfState(encodedState, req) { const errorMessage = 'Invalid state format'; const decoded = (0, n8n_workflow_1.jsonParse)(Buffer.from(encodedState, 'base64').toString(), { errorMessage, }); if (typeof decoded.cid !== 'string' || typeof decoded.token !== 'string') { throw new n8n_workflow_1.UnexpectedError(errorMessage); } if (decoded.userId !== req.user?.id) { throw new auth_error_1.AuthError('Unauthorized'); } return decoded; } verifyCsrfState(decrypted, state) { const token = new csrf_1.default(); return (Date.now() - state.createdAt <= MAX_CSRF_AGE && decrypted.csrfSecret !== undefined && token.verify(decrypted.csrfSecret, state.token)); } async resolveCredential(req) { const { state: encodedState } = req.query; const state = this.decodeCsrfState(encodedState, req); const credential = await this.getCredentialWithoutUser(state.cid); if (!credential) { throw new n8n_workflow_1.UnexpectedError('OAuth callback failed because of insufficient permissions'); } const additionalData = await this.getAdditionalData(); const decryptedDataOriginal = await this.getDecryptedDataForCallback(credential, additionalData); const oauthCredentials = this.applyDefaultsAndOverwrites(credential, decryptedDataOriginal, additionalData); if (!this.verifyCsrfState(decryptedDataOriginal, state)) { throw new n8n_workflow_1.UnexpectedError('The OAuth callback state is invalid!'); } return [credential, decryptedDataOriginal, oauthCredentials]; } renderCallbackError(res, message, reason) { res.render('oauth-error-callback', { error: { message, reason } }); } }; exports.AbstractOAuthController = AbstractOAuthController; exports.AbstractOAuthController = AbstractOAuthController = __decorate([ (0, di_1.Service)(), __metadata("design:paramtypes", [n8n_core_1.Logger, external_hooks_1.ExternalHooks, credentials_helper_1.CredentialsHelper, credentials_repository_1.CredentialsRepository, shared_credentials_repository_1.SharedCredentialsRepository, url_service_1.UrlService, config_1.GlobalConfig]) ], AbstractOAuthController); //# sourceMappingURL=abstract-oauth.controller.js.map