UNPKG

n8n

Version:

n8n Workflow Automation Tool

n8n.io

n8n-io/n8n

126 lines 6.2 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
"use strict"; var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) { var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc); else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r; return c > 3 && r && Object.defineProperty(target, key, r), r; }; var __metadata = (this && this.__metadata) || function (k, v) { if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v); }; Object.defineProperty(exports, "__esModule", { value: true }); exports.CredentialsPermissionChecker = void 0; const db_1 = require("@n8n/db"); const di_1 = require("@n8n/di"); const permissions_1 = require("@n8n/permissions"); const n8n_workflow_1 = require("n8n-workflow"); const node_types_1 = require("../../node-types"); const ownership_service_1 = require("../../services/ownership.service"); const project_service_ee_1 = require("../../services/project.service.ee"); class InvalidCredentialError extends n8n_workflow_1.UserError { constructor(node) { super(`Node "${node.name}" uses invalid credential`); this.node = node; this.description = 'Please recreate the credential.'; } } class InaccessibleCredentialError extends n8n_workflow_1.UserError { constructor(node, project) { super(`Node "${node.name}" does not have access to the credential`); this.node = node; this.project = project; this.description = this.project.type === 'personal' ? 'Please recreate the credential or ask its owner to share it with you.' : `Please make sure that the credential is shared with the project "${this.project.name}"`; } } let CredentialsPermissionChecker = class CredentialsPermissionChecker { constructor(sharedCredentialsRepository, credentialsRepository, ownershipService, projectService, nodeTypes) { this.sharedCredentialsRepository = sharedCredentialsRepository; this.credentialsRepository = credentialsRepository; this.ownershipService = ownershipService; this.projectService = projectService; this.nodeTypes = nodeTypes; } async check(workflowId, nodes) { const homeProject = await this.ownershipService.getWorkflowProjectCached(workflowId); const homeProjectOwner = await this.ownershipService.getPersonalProjectOwnerCached(homeProject.id); if (homeProject.type === 'personal' && homeProjectOwner && (0, permissions_1.hasGlobalScope)(homeProjectOwner, 'credential:list')) { return; } const projectIds = await this.projectService.findProjectsWorkflowIsIn(workflowId); const credIdsToNodes = this.mapCredIdsToNodes(nodes); const workflowCredIds = Object.keys(credIdsToNodes); if (workflowCredIds.length === 0) return; const accessible = await this.sharedCredentialsRepository.getFilteredAccessibleCredentials(projectIds, workflowCredIds); const accessibleSet = await this.addGlobalCredentialsToAccessibleSet(accessible); for (const credentialsId of workflowCredIds) { if (!accessibleSet.has(credentialsId)) { const nodeToFlag = credIdsToNodes[credentialsId][0]; throw new InaccessibleCredentialError(nodeToFlag, homeProject); } } } async addGlobalCredentialsToAccessibleSet(accessibleCredentialIds) { const accessibleSet = new Set(accessibleCredentialIds); const globalCredentials = await this.credentialsRepository.find({ where: { isGlobal: true }, select: ['id'], }); for (const globalCred of globalCredentials) { accessibleSet.add(globalCred.id); } return accessibleSet; } mapCredIdsToNodes(nodes) { return nodes.reduce((map, node) => { if (node.disabled || !node.credentials) return map; const activeCredTypes = this.getActiveCredentialTypes(node); for (const [credType, cred] of Object.entries(node.credentials)) { if (!cred.id) throw new InvalidCredentialError(node); if (activeCredTypes !== null && !activeCredTypes.has(credType)) continue; map[cred.id] = map[cred.id] ? [...map[cred.id], node] : [node]; } return map; }, {}); } getActiveCredentialTypes(node) { try { const nodeType = this.nodeTypes.getByNameAndVersion(node.type, node.typeVersion); const activeTypes = new Set(); for (const credDef of nodeType.description.credentials ?? []) { if ((0, n8n_workflow_1.displayParameter)(node.parameters, credDef, node, nodeType.description)) { activeTypes.add(credDef.name); } } const { nodeCredentialType } = node.parameters; if (typeof nodeCredentialType === 'string' && nodeCredentialType) { activeTypes.add(nodeCredentialType); } const { genericAuthType } = node.parameters; if (typeof genericAuthType === 'string' && genericAuthType) { activeTypes.add(genericAuthType); } return activeTypes; } catch { return null; } } }; exports.CredentialsPermissionChecker = CredentialsPermissionChecker; exports.CredentialsPermissionChecker = CredentialsPermissionChecker = __decorate([ (0, di_1.Service)(), __metadata("design:paramtypes", [db_1.SharedCredentialsRepository, db_1.CredentialsRepository, ownership_service_1.OwnershipService, project_service_ee_1.ProjectService, node_types_1.NodeTypes]) ], CredentialsPermissionChecker); //# sourceMappingURL=credentials-permission-checker.js.map