UNPKG

n8n

Version:

n8n Workflow Automation Tool

n8n.io

n8n-io/n8n

181 lines 8.76 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
"use strict"; var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) { var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc); else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r; return c > 3 && r && Object.defineProperty(target, key, r), r; }; var __metadata = (this && this.__metadata) || function (k, v) { if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v); }; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.OAuthCredentialResolver = void 0; const backend_common_1 = require("@n8n/backend-common"); const decorators_1 = require("@n8n/decorators"); const n8n_core_1 = require("n8n-core"); const n8n_workflow_1 = require("n8n-workflow"); const zod_1 = __importDefault(require("zod")); const oauth2_introspection_identifier_1 = require("./identifiers/oauth2-introspection-identifier"); const oauth2_userinfo_identifier_1 = require("./identifiers/oauth2-userinfo-identifier"); const dynamic_credential_entry_storage_1 = require("./storage/dynamic-credential-entry-storage"); const OAuthCredentialResolverOptionsSchema = zod_1.default.discriminatedUnion('validation', [ oauth2_introspection_identifier_1.OAuth2IntrospectionOptionsSchema, oauth2_userinfo_identifier_1.OAuth2UserInfoOptionsSchema, ]); let OAuthCredentialResolver = class OAuthCredentialResolver { constructor(logger, oAuth2TokenIntrospectionIdentifier, oAuth2UserInfoIdentifier, storage, cipher) { this.logger = logger; this.oAuth2TokenIntrospectionIdentifier = oAuth2TokenIntrospectionIdentifier; this.oAuth2UserInfoIdentifier = oAuth2UserInfoIdentifier; this.storage = storage; this.cipher = cipher; this.metadata = { name: 'credential-resolver.oauth2-1.0', description: 'OAuth2 based credential resolver', displayName: 'OAuth2 Resolver', options: [ { displayName: 'Metadata URL', name: 'metadataUri', type: 'string', required: true, default: '', placeholder: 'https://auth.example.com/.well-known/openid-configuration', description: 'OAuth2 server metadata endpoint URL', }, { displayName: 'Validation Method', name: 'validation', type: 'options', options: [ { name: 'OAuth2 Token Introspection', value: 'oauth2-introspection', description: 'Validate token via OAuth2 Token Introspection Endpoint', }, { name: 'OAuth2 UserInfo Endpoint', value: 'oauth2-userinfo', description: 'Validate token via OAuth2 UserInfo Endpoint', }, ], default: 'oauth2-introspection', description: 'Validation method to use for token validation', }, { displayName: 'Client ID', name: 'clientId', type: 'string', default: '', description: 'OAuth2 client ID for introspection', displayOptions: { hide: { validation: ['oauth2-userinfo'], }, show: { validation: ['oauth2-introspection'], }, }, }, { displayName: 'Client Secret', name: 'clientSecret', type: 'string', default: '', typeOptions: { password: true }, description: 'OAuth2 client secret for introspection', displayOptions: { hide: { validation: ['oauth2-userinfo'], }, show: { validation: ['oauth2-introspection'], }, }, }, { displayName: 'Subject Claim', name: 'subjectClaim', type: 'string', default: 'sub', description: 'Token claim to use as subject identifier', }, ], }; } async getSecret(credentialId, context, handle) { const parsedOptions = await this.parseOptions(handle.configuration); const key = await this.resolveIdentifier(context, parsedOptions); const data = await this.storage.getCredentialData(credentialId, key, handle.resolverId, parsedOptions); if (!data) { throw new decorators_1.CredentialResolverDataNotFoundError(); } const plaintext = await this.cipher.decryptV2(data); try { const secret = (0, n8n_workflow_1.jsonParse)(plaintext); return secret; } catch (error) { this.logger.error('Failed to parse decrypted credential data', { error }); throw new decorators_1.CredentialResolverDataNotFoundError(); } } async setSecret(credentialId, context, data, handle) { const parsedOptions = await this.parseOptions(handle.configuration); const key = await this.resolveIdentifier(context, parsedOptions); const encryptedData = await this.cipher.encryptV2(data); await this.storage.setCredentialData(credentialId, key, handle.resolverId, encryptedData, parsedOptions); } async deleteSecret(credentialId, context, handle) { const parsedOptions = await this.parseOptions(handle.configuration); const key = await this.resolveIdentifier(context, parsedOptions); await this.storage.deleteCredentialData(credentialId, key, handle.resolverId, parsedOptions); } async deleteAllSecrets(handle) { await this.storage.deleteAllCredentialData(handle); } async parseOptions(options) { const result = await OAuthCredentialResolverOptionsSchema.safeParseAsync(options); if (result.error) { this.logger.error('Invalid options provided to OAuthCredentialResolver', { error: result.error, }); throw new decorators_1.CredentialResolverValidationError(`Invalid options for OAuthCredentialResolver: ${result.error.message}`); } return result.data; } async validateOptions(options) { const [identifier, parsedOptions] = await this.getIdentifier(options); await identifier.validateOptions(parsedOptions); } async getIdentifier(options) { const parsedOptions = await this.parseOptions(options); if (parsedOptions.validation === 'oauth2-introspection') { return [this.oAuth2TokenIntrospectionIdentifier, parsedOptions]; } else { return [this.oAuth2UserInfoIdentifier, parsedOptions]; } } async resolveIdentifier(context, options) { const [identifier, parsedOptions] = await this.getIdentifier(options); return await identifier.resolve(context, parsedOptions); } async validateIdentity(context, handle) { const parsedOptions = await this.parseOptions(handle.configuration); await this.resolveIdentifier(context, parsedOptions); } }; exports.OAuthCredentialResolver = OAuthCredentialResolver; exports.OAuthCredentialResolver = OAuthCredentialResolver = __decorate([ (0, decorators_1.CredentialResolver)(), __metadata("design:paramtypes", [backend_common_1.Logger, oauth2_introspection_identifier_1.OAuth2TokenIntrospectionIdentifier, oauth2_userinfo_identifier_1.OAuth2UserInfoIdentifier, dynamic_credential_entry_storage_1.DynamicCredentialEntryStorage, n8n_core_1.Cipher]) ], OAuthCredentialResolver); //# sourceMappingURL=oauth-credential-resolver.js.map