n8n/dist/services/public-api-key.service.js

n8n Workflow Automation Tool

"use strict";
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
    return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.PublicApiKeyService = void 0;
const di_1 = require("@n8n/di");
const jsonwebtoken_1 = require("jsonwebtoken");
const api_key_1 = require("../databases/entities/api-key");
const api_key_repository_1 = require("../databases/repositories/api-key.repository");
const user_repository_1 = require("../databases/repositories/user.repository");
const event_service_1 = require("../events/event.service");
const jwt_service_1 = require("./jwt.service");
const API_KEY_AUDIENCE = 'public-api';
const API_KEY_ISSUER = 'n8n';
const REDACT_API_KEY_REVEAL_COUNT = 4;
const REDACT_API_KEY_MAX_LENGTH = 10;
const PREFIX_LEGACY_API_KEY = 'n8n_api_';
let PublicApiKeyService = class PublicApiKeyService {
    constructor(apiKeyRepository, userRepository, jwtService, eventService) {
        this.apiKeyRepository = apiKeyRepository;
        this.userRepository = userRepository;
        this.jwtService = jwtService;
        this.eventService = eventService;
        this.generateApiKey = (user, expiresAt) => {
            const nowInSeconds = Math.floor(Date.now() / 1000);
            return this.jwtService.sign({ sub: user.id, iss: API_KEY_ISSUER, aud: API_KEY_AUDIENCE }, { ...(expiresAt && { expiresIn: expiresAt - nowInSeconds }) });
        };
        this.getApiKeyExpiration = (apiKey) => {
            const decoded = this.jwtService.decode(apiKey);
            return decoded?.exp ?? null;
        };
    }
    async createPublicApiKeyForUser(user, { label, expiresAt }) {
        const apiKey = this.generateApiKey(user, expiresAt);
        await this.apiKeyRepository.insert(this.apiKeyRepository.create({
            userId: user.id,
            apiKey,
            label,
        }));
        return await this.apiKeyRepository.findOneByOrFail({ apiKey });
    }
    async getRedactedApiKeysForUser(user) {
        const apiKeys = await this.apiKeyRepository.findBy({ userId: user.id });
        return apiKeys.map((apiKeyRecord) => ({
            ...apiKeyRecord,
            apiKey: this.redactApiKey(apiKeyRecord.apiKey),
            expiresAt: this.getApiKeyExpiration(apiKeyRecord.apiKey),
        }));
    }
    async deleteApiKeyForUser(user, apiKeyId) {
        await this.apiKeyRepository.delete({ userId: user.id, id: apiKeyId });
    }
    async updateApiKeyForUser(user, apiKeyId, { label }) {
        await this.apiKeyRepository.update({ id: apiKeyId, userId: user.id }, { label });
    }
    async getUserForApiKey(apiKey) {
        return await this.userRepository
            .createQueryBuilder('user')
            .innerJoin(api_key_1.ApiKey, 'apiKey', 'apiKey.userId = user.id')
            .where('apiKey.apiKey = :apiKey', { apiKey })
            .select('user')
            .getOne();
    }
    redactApiKey(apiKey) {
        const visiblePart = apiKey.slice(-REDACT_API_KEY_REVEAL_COUNT);
        const redactedPart = '*'.repeat(Math.max(0, REDACT_API_KEY_MAX_LENGTH - REDACT_API_KEY_REVEAL_COUNT));
        return redactedPart + visiblePart;
    }
    getAuthMiddleware(version) {
        return async (req, _scopes, schema) => {
            const providedApiKey = req.headers[schema.name.toLowerCase()];
            const user = await this.getUserForApiKey(providedApiKey);
            if (!user)
                return false;
            if (!providedApiKey.startsWith(PREFIX_LEGACY_API_KEY)) {
                try {
                    this.jwtService.verify(providedApiKey, {
                        issuer: API_KEY_ISSUER,
                        audience: API_KEY_AUDIENCE,
                    });
                }
                catch (e) {
                    if (e instanceof jsonwebtoken_1.TokenExpiredError)
                        return false;
                    throw e;
                }
            }
            this.eventService.emit('public-api-invoked', {
                userId: user.id,
                path: req.path,
                method: req.method,
                apiVersion: version,
            });
            req.user = user;
            return true;
        };
    }
};
exports.PublicApiKeyService = PublicApiKeyService;
exports.PublicApiKeyService = PublicApiKeyService = __decorate([
    (0, di_1.Service)(),
    __metadata("design:paramtypes", [api_key_repository_1.ApiKeyRepository,
        user_repository_1.UserRepository,
        jwt_service_1.JwtService,
        event_service_1.EventService])
], PublicApiKeyService);
//# sourceMappingURL=public-api-key.service.js.map