n8n
Version:
n8n Workflow Automation Tool
172 lines • 9.21 kB
JavaScript
;
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.DynamicCredentialsController = void 0;
const constants_1 = require("@n8n/constants");
const decorators_1 = require("@n8n/decorators");
const di_1 = require("@n8n/di");
const n8n_core_1 = require("n8n-core");
const n8n_workflow_1 = require("n8n-workflow");
const credentials_service_ee_1 = require("../../credentials/credentials.service.ee");
const bad_request_error_1 = require("../../errors/response-errors/bad-request.error");
const not_found_error_1 = require("../../errors/response-errors/not-found.error");
const oauth_service_1 = require("../../oauth/oauth.service");
const credential_resolver_repository_1 = require("./database/repositories/credential-resolver.repository");
const dynamic_credentials_config_1 = require("./dynamic-credentials.config");
const services_1 = require("./services");
const dynamic_credential_cors_service_1 = require("./services/dynamic-credential-cors.service");
const dynamic_credential_web_service_1 = require("./services/dynamic-credential-web.service");
const utils_1 = require("./utils");
const dynamicCredentialsConfig = di_1.Container.get(dynamic_credentials_config_1.DynamicCredentialsConfig);
let DynamicCredentialsController = class DynamicCredentialsController {
constructor(enterpriseCredentialsService, oauthService, resolverRepository, resolverRegistry, cipher, dynamicCredentialCorsService, dynamicCredentialWebService) {
this.enterpriseCredentialsService = enterpriseCredentialsService;
this.oauthService = oauthService;
this.resolverRepository = resolverRepository;
this.resolverRegistry = resolverRegistry;
this.cipher = cipher;
this.dynamicCredentialCorsService = dynamicCredentialCorsService;
this.dynamicCredentialWebService = dynamicCredentialWebService;
}
async findCredentialToUse(credentialId) {
const credential = await this.enterpriseCredentialsService.getOne(credentialId);
if (!credential) {
throw new not_found_error_1.NotFoundError('Credential not found');
}
if (!credential.type.toLowerCase().includes('oauth2') &&
!credential.type.toLowerCase().includes('oauth1')) {
throw new bad_request_error_1.BadRequestError('Credential type not supported');
}
return credential;
}
async getResolverInstance(resolverId) {
if (!resolverId) {
throw new bad_request_error_1.BadRequestError('Missing resolverId query parameter');
}
const resolverEntity = await this.resolverRepository.findOneBy({
id: resolverId,
});
if (!resolverEntity) {
throw new not_found_error_1.NotFoundError('Resolver not found');
}
const resolver = this.resolverRegistry.getResolverByTypename(resolverEntity.type);
if (!resolver) {
throw new not_found_error_1.NotFoundError('Resolver type not found');
}
return { resolver, resolverEntity };
}
handlePreflightCredentialRevoke(req, res) {
this.dynamicCredentialCorsService.preflightHandler(req, res, ['delete', 'options']);
}
async revokeCredential(req, res) {
this.dynamicCredentialCorsService.applyCorsHeadersIfEnabled(req, res, ['delete', 'options']);
const credentialContext = this.dynamicCredentialWebService.getCredentialContextFromRequest(req);
const credential = await this.findCredentialToUse(req.params.id);
const resolverId = req.query.resolverId;
const { resolver, resolverEntity } = await this.getResolverInstance(resolverId);
if (resolver.deleteSecret) {
const decryptedConfig = await this.cipher.decryptV2(resolverEntity.config);
const resolverConfig = (0, n8n_workflow_1.jsonParse)(decryptedConfig);
await resolver.deleteSecret(credential.id, credentialContext, {
configuration: resolverConfig,
resolverId: resolverEntity.id,
resolverName: resolverEntity.type,
});
}
res.status(204).send();
}
handlePreflightCredentialAuthorize(req, res) {
this.dynamicCredentialCorsService.preflightHandler(req, res, ['post', 'options']);
}
async authorizeCredential(req, res) {
this.dynamicCredentialCorsService.applyCorsHeadersIfEnabled(req, res, ['post', 'options']);
const credentialContext = this.dynamicCredentialWebService.getCredentialContextFromRequest(req);
const credential = await this.findCredentialToUse(req.params.id);
const resolverId = req.query.resolverId;
const { resolver, resolverEntity } = await this.getResolverInstance(resolverId);
if (resolver.validateIdentity) {
const decryptedConfig = await this.cipher.decryptV2(resolverEntity.config);
const resolverConfig = (0, n8n_workflow_1.jsonParse)(decryptedConfig);
await resolver.validateIdentity(credentialContext, {
resolverId: resolverEntity.id,
resolverName: resolverEntity.type,
configuration: resolverConfig,
});
}
const callerData = [
credential,
{
cid: credential.id,
origin: 'dynamic-credential',
authorizationHeader: req.headers.authorization || `Bearer ${credentialContext.identity}`,
authMetadata: credentialContext.metadata,
credentialResolverId: req.query.resolverId,
},
];
if (credential.type.toLowerCase().includes('oauth2')) {
return await this.oauthService.generateAOauth2AuthUri(...callerData);
}
if (credential.type.toLowerCase().includes('oauth1')) {
return await this.oauthService.generateAOauth1AuthUri(...callerData);
}
throw new bad_request_error_1.BadRequestError('Credential type not supported');
}
};
exports.DynamicCredentialsController = DynamicCredentialsController;
__decorate([
(0, decorators_1.Options)('/:id/revoke', { skipAuth: true }),
__metadata("design:type", Function),
__metadata("design:paramtypes", [Object, Object]),
__metadata("design:returntype", void 0)
], DynamicCredentialsController.prototype, "handlePreflightCredentialRevoke", null);
__decorate([
(0, decorators_1.Delete)('/:id/revoke', {
allowUnauthenticated: true,
middlewares: (0, utils_1.getDynamicCredentialMiddlewares)(),
ipRateLimit: {
limit: dynamicCredentialsConfig.rateLimitPerMinute,
windowMs: 1 * constants_1.Time.minutes.toMilliseconds,
},
}),
__metadata("design:type", Function),
__metadata("design:paramtypes", [Object, Object]),
__metadata("design:returntype", Promise)
], DynamicCredentialsController.prototype, "revokeCredential", null);
__decorate([
(0, decorators_1.Options)('/:id/authorize', { skipAuth: true }),
__metadata("design:type", Function),
__metadata("design:paramtypes", [Object, Object]),
__metadata("design:returntype", void 0)
], DynamicCredentialsController.prototype, "handlePreflightCredentialAuthorize", null);
__decorate([
(0, decorators_1.Post)('/:id/authorize', {
allowUnauthenticated: true,
middlewares: (0, utils_1.getDynamicCredentialMiddlewares)(),
ipRateLimit: {
limit: dynamicCredentialsConfig.rateLimitAuthorizePerMinute,
windowMs: 1 * constants_1.Time.minutes.toMilliseconds,
},
}),
__metadata("design:type", Function),
__metadata("design:paramtypes", [Object, Object]),
__metadata("design:returntype", Promise)
], DynamicCredentialsController.prototype, "authorizeCredential", null);
exports.DynamicCredentialsController = DynamicCredentialsController = __decorate([
(0, decorators_1.RestController)('/credentials'),
__metadata("design:paramtypes", [credentials_service_ee_1.EnterpriseCredentialsService,
oauth_service_1.OauthService,
credential_resolver_repository_1.DynamicCredentialResolverRepository,
services_1.DynamicCredentialResolverRegistry,
n8n_core_1.Cipher,
dynamic_credential_cors_service_1.DynamicCredentialCorsService,
dynamic_credential_web_service_1.DynamicCredentialWebService])
], DynamicCredentialsController);
//# sourceMappingURL=dynamic-credentials.controller.js.map