npm - n8n - Versions diffs - 2.16.0 → 2.17.0 - Mend

n8n 2.16.0 → 2.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (323) hide show

package/dist/modules/source-control.ee/types/source-control-context.d.ts CHANGED Viewed

@@ -1,7 +1,15 @@
-import type { User } from '@n8n/db';
+import type { Project, User } from '@n8n/db';
+import type { RemoteResourceOwner } from './resource-owner';
 export declare class SourceControlContext {
-    private readonly userInternal;
-    constructor(userInternal: User);
-    get user(): User;
+    readonly user: User;
+    readonly authorizedProjects: Project[];
+    readonly accessibleWorkflowIds: string[];
+    private readonly _hasAccessToAllProjects;
+    private readonly authorizedProjectIds;
+    private readonly authorizedProjectsByTeamId;
+    private readonly authorizedProjectsByOwnerEmail;
+    constructor(user: User, authorizedProjects: Project[], accessibleWorkflowIds: string[]);
     hasAccessToAllProjects(): boolean;
+    canAccessProject(projectId: string): boolean;
+    findAuthorizedProjectByOwner(owner: RemoteResourceOwner): Project | undefined;
 }

package/dist/modules/source-control.ee/types/source-control-context.js CHANGED Viewed

@@ -3,14 +3,40 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.SourceControlContext = void 0;
 const permissions_1 = require("@n8n/permissions");
 class SourceControlContext {
-    constructor(userInternal) {
-        this.userInternal = userInternal;
-    }
-    get user() {
-        return this.userInternal;
+    constructor(user, authorizedProjects, accessibleWorkflowIds) {
+        this.user = user;
+        this.authorizedProjects = authorizedProjects;
+        this.accessibleWorkflowIds = accessibleWorkflowIds;
+        this.authorizedProjectsByTeamId = new Map();
+        this.authorizedProjectsByOwnerEmail = new Map();
+        this._hasAccessToAllProjects = (0, permissions_1.hasGlobalScope)(this.user, 'project:update');
+        this.authorizedProjectIds = new Set(this.authorizedProjects.map((project) => project.id));
+        for (const project of this.authorizedProjects) {
+            if (project.type === 'team') {
+                this.authorizedProjectsByTeamId.set(project.id, project);
+            }
+            if (project.type === 'personal') {
+                const ownerEmail = project.projectRelations?.find((relation) => relation.role.slug === permissions_1.PROJECT_OWNER_ROLE_SLUG)?.user?.email;
+                if (ownerEmail) {
+                    this.authorizedProjectsByOwnerEmail.set(ownerEmail, project);
+                }
+            }
+        }
     }
     hasAccessToAllProjects() {
-        return (0, permissions_1.hasGlobalScope)(this.userInternal, 'project:update');
+        return this._hasAccessToAllProjects;
+    }
+    canAccessProject(projectId) {
+        return this._hasAccessToAllProjects || this.authorizedProjectIds.has(projectId);
+    }
+    findAuthorizedProjectByOwner(owner) {
+        if (typeof owner === 'string') {
+            return this.authorizedProjectsByOwnerEmail.get(owner);
+        }
+        if (owner.type === 'personal') {
+            return this.authorizedProjectsByOwnerEmail.get(owner.personalEmail);
+        }
+        return this.authorizedProjectsByTeamId.get(owner.teamId);
     }
 }
 exports.SourceControlContext = SourceControlContext;

package/dist/modules/source-control.ee/types/source-control-context.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"source-control-context.js","sourceRoot":"","sources":["../../../../src/modules/source-control.ee/types/source-control-context.ts"],"names":[],"mappings":";;;AACA,~~kDAAkD~~;~~AAElD~~,MAAa,oBAAoB;~~IAChC~~,~~YAA6B~~,~~YAAkB~~;~~QAAlB~~,~~iBAAY~~,~~GAAZ~~,~~YAAY~~,CAAM;~~IAAG~~,CAAC;~~IAEnD~~,IAAI,IAAI;~~QACP~~,OAAO,IAAI,CAAC,~~YAAY~~,CAAC;~~IAC1B~~,CAAC;IAED,sBAAsB;QACrB,OAAO,~~IAAA~~,~~4BAAc~~,~~EAAC~~,IAAI,CAAC,~~YAAY~~,EAAE,~~gBAAgB~~,CAAC,CAAC;~~IAC5D~~,CAAC;CACD;~~AAVD~~,~~oDAUC~~"}
1	+ {"version":3,"file":"source-control-context.js","sourceRoot":"","sources":["../../../../src/modules/source-control.ee/types/source-control-context.ts"],"names":[],"mappings":";;;AACA,kDAA2E;AAI3E,MAAa,oBAAoB;IAShC,YACU,IAAU,EACV,kBAA6B,EAC7B,qBAA+B;QAF/B,SAAI,GAAJ,IAAI,CAAM;QACV,uBAAkB,GAAlB,kBAAkB,CAAW;QAC7B,0BAAqB,GAArB,qBAAqB,CAAU;QAPxB,+BAA0B,GAAG,IAAI,GAAG,EAAmB,CAAC;QAExD,mCAA8B,GAAG,IAAI,GAAG,EAAmB,CAAC;QAO5E,IAAI,CAAC,uBAAuB,GAAG,IAAA,4BAAc,EAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;QAC3E,IAAI,CAAC,oBAAoB,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC;QAC1F,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC/C,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBAC7B,IAAI,CAAC,0BAA0B,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;YAC1D,CAAC;YACD,IAAI,OAAO,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;gBACjC,MAAM,UAAU,GAAG,OAAO,CAAC,gBAAgB,EAAE,IAAI,CAChD,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,qCAAuB,CAC5D,EAAE,IAAI,EAAE,KAAK,CAAC;gBACf,IAAI,UAAU,EAAE,CAAC;oBAChB,IAAI,CAAC,8BAA8B,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;gBAC9D,CAAC;YACF,CAAC;QACF,CAAC;IACF,CAAC;IAED,sBAAsB;QACrB,OAAO,IAAI,CAAC,uBAAuB,CAAC;IACrC,CAAC;IAED,gBAAgB,CAAC,SAAiB;QACjC,OAAO,IAAI,CAAC,uBAAuB,IAAI,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACjF,CAAC;IAED,4BAA4B,CAAC,KAA0B;QACtD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC,8BAA8B,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,KAAK,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC,8BAA8B,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QACrE,CAAC;QACD,OAAO,IAAI,CAAC,0BAA0B,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC1D,CAAC;CACD;AAhDD,oDAgDC"}

package/dist/modules/sso-saml/saml.controller.ee.d.ts CHANGED Viewed

@@ -31,6 +31,7 @@ export declare class SamlController {
             };
         };
         relayState: string;
+        metadata?: string | undefined;
         mapping?: {
             email: string;
             firstName: string;
@@ -39,7 +40,6 @@ export declare class SamlController {
             n8nInstanceRole?: string | undefined;
             n8nProjectRoles?: string[] | undefined;
         } | undefined;
-        metadata?: string | undefined;
         metadataUrl?: string | undefined;
         loginEnabled?: boolean | undefined;
         loginLabel?: string | undefined;
@@ -61,6 +61,7 @@ export declare class SamlController {
             };
         };
         relayState: string;
+        metadata?: string | undefined;
         mapping?: {
             email: string;
             firstName: string;
@@ -69,7 +70,6 @@ export declare class SamlController {
             n8nInstanceRole?: string | undefined;
             n8nProjectRoles?: string[] | undefined;
         } | undefined;
-        metadata?: string | undefined;
         metadataUrl?: string | undefined;
         loginEnabled?: boolean | undefined;
         loginLabel?: string | undefined;
@@ -84,5 +84,4 @@ export declare class SamlController {
     }>, res: Response): Promise<string | Response<any, Record<string, any>>>;
     configTestPost(_req: AuthenticatedRequest, res: Response, payload: SamlPreferences): Promise<string | Response<any, Record<string, any>>>;
     private handleInitSSO;
-    private validateRedirectUrl;
 }

package/dist/modules/sso-saml/saml.controller.ee.js CHANGED Viewed

@@ -26,6 +26,7 @@ const auth_error_1 = require("../../errors/response-errors/auth.error");
 const event_service_1 = require("../../events/event.service");
 const response_helper_1 = require("../../response-helper");
 const url_service_1 = require("../../services/url.service");
+const validate_redirect_url_1 = require("../../utils/validate-redirect-url");
 const sso_helpers_1 = require("../../sso.ee/sso-helpers");
 const saml_enabled_middleware_1 = require("./middleware/saml-enabled-middleware");
 const saml_helpers_1 = require("./saml-helpers");
@@ -98,7 +99,7 @@ let SamlController = class SamlController {
                     }
                     else {
                         const safeRedirectUrl = payload.RelayState
-                            ? this.validateRedirectUrl(payload.RelayState)
+                            ? (0, validate_redirect_url_1.validateRedirectUrl)(payload.RelayState)
                             : '/';
                         return res.redirect(this.urlService.getInstanceBaseUrl() + safeRedirectUrl);
                     }
@@ -140,7 +141,7 @@ let SamlController = class SamlController {
         }
         catch {
         }
-        return await this.handleInitSSO(res, this.validateRedirectUrl(redirectUrl));
+        return await this.handleInitSSO(res, (0, validate_redirect_url_1.validateRedirectUrl)(redirectUrl));
     }
     async configTestPost(_req, res, payload) {
         return await this.handleInitSSO(res, (0, service_provider_ee_1.getServiceProviderConfigTestReturnUrl)(), payload);
@@ -165,19 +166,6 @@ let SamlController = class SamlController {
             throw new auth_error_1.AuthError('SAML redirect failed, please check your SAML configuration.');
         }
     }
-    validateRedirectUrl(redirectUrl) {
-        if (typeof redirectUrl !== 'string' || redirectUrl.trim() === '') {
-            return '/';
-        }
-        const trimmed = redirectUrl.trim();
-        if (!trimmed.startsWith('/')) {
-            return '/';
-        }
-        if (trimmed.startsWith('//')) {
-            return '/';
-        }
-        return trimmed;
-    }
 };
 exports.SamlController = SamlController;
 __decorate([

package/dist/modules/sso-saml/saml.controller.ee.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"saml.controller.ee.js","sourceRoot":"","sources":["../../../src/modules/sso-saml/saml.controller.ee.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;AAAA,8CAA4E;AAC5E,+CAAyD;AAEzD,gDAA+E;AAE/E,8DAAsC;AAEtC,8CAAsB;AAEtB,sDAAkD;AAClD,oEAAgE;AAChE,0DAAsD;AAEtD,uDAAsD;AACtD,wDAAoD;AACpD,sDAAgE;AAEhE,kFAG8C;AAC9C,iDAAyD;AACzD,uDAAgD;AAChD,+DAI+B;AAE/B,yDAA2D;AAGpD,IAAM,cAAc,GAApB,MAAM,cAAc;IAC1B,YACkB,WAAwB,EACxB,WAAwB,EACxB,UAAsB,EACtB,YAA0B;QAH1B,gBAAW,GAAX,WAAW,CAAa;QACxB,gBAAW,GAAX,WAAW,CAAa;QACxB,eAAU,GAAV,UAAU,CAAY;QACtB,iBAAY,GAAZ,YAAY,CAAc;IACzC,CAAC;IAGE,AAAN,KAAK,CAAC,0BAA0B,CAAC,CAAkB,EAAE,GAAa;QACjE,OAAO,GAAG;aACR,MAAM,CAAC,cAAc,EAAE,UAAU,CAAC;aAClC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,0BAA0B,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;IACrE,CAAC;IAMK,AAAN,KAAK,CAAC,SAAS;QACd,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC;QAC/C,OAAO;YACN,GAAG,KAAK;YACR,iBAAiB,EAAE,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,wCAAyB,CAAC,CAAC,CAAC,SAAS;YAClF,QAAQ,EAAE,IAAA,gDAA0B,GAAE;YACtC,SAAS,EAAE,IAAA,iDAA2B,GAAE;SACxC,CAAC;IACH,CAAC;IAOK,AAAN,KAAK,CAAC,UAAU,CAAC,IAA0B,EAAE,IAAc,EAAQ,OAAwB;QAC1F,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAClE,IAAI,CAAC,MAAM;YAAE,OAAO;QACpB,OAAO;YACN,GAAG,MAAM;YACT,iBAAiB,EAAE,MAAM,CAAC,iBAAiB,CAAC,CAAC,CAAC,wCAAyB,CAAC,CAAC,CAAC,SAAS;SACnF,CAAC;IACH,CAAC;IAOK,AAAN,KAAK,CAAC,iBAAiB,CACtB,IAA0B,EAC1B,GAAa,EACP,EAAE,YAAY,EAAiB;QAErC,MAAM,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC;QAC5D,OAAO,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC;IAMK,AAAN,KAAK,CAAC,MAAM,CAAC,GAAoB,EAAE,GAAa;QAC/C,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;IACpD,CAAC;IAMK,AAAN,KAAK,CAAC,OAAO,CAAC,GAAoB,EAAE,GAAa,EAAQ,OAAmB;QAC3E,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IACzD,CAAC;IAOO,KAAK,CAAC,UAAU,CACvB,GAAoB,EACpB,GAAa,EACb,OAAyB,EACzB,UAAsB,EAAE;QAExB,IAAI,CAAC;YACJ,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAEzE,IAAI,IAAA,sCAAuB,EAAC,OAAO,CAAC,EAAE,CAAC;gBACtC,IAAI,WAAW,CAAC,iBAAiB,EAAE,CAAC;oBACnC,OAAO,GAAG,CAAC,MAAM,CAAC,8BAA8B,EAAE,WAAW,CAAC,UAAU,CAAC,CAAC;gBAC3E,CAAC;qBAAM,CAAC;oBACP,OAAO,GAAG,CAAC,MAAM,CAAC,6BAA6B,EAAE;wBAChD,OAAO,EAAE,EAAE;wBACX,UAAU,EAAE,WAAW,CAAC,UAAU;qBAClC,CAAC,CAAC;gBACJ,CAAC;YACF,CAAC;YACD,IAAI,WAAW,CAAC,iBAAiB,EAAE,CAAC;gBACnC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE;oBACxC,IAAI,EAAE,WAAW,CAAC,iBAAiB;oBACnC,oBAAoB,EAAE,MAAM;iBAC5B,CAAC,CAAC;gBAGH,IAAI,IAAA,sCAAwB,GAAE,EAAE,CAAC;oBAChC,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,GAAG,EAAE,WAAW,CAAC,iBAAiB,EAAE,IAAI,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;oBAEtF,IAAI,WAAW,CAAC,kBAAkB,EAAE,CAAC;wBACpC,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,kBAAkB,EAAE,GAAG,kBAAkB,CAAC,CAAC;oBAChF,CAAC;yBAAM,CAAC;wBACP,MAAM,eAAe,GAAG,OAAO,CAAC,UAAU;4BACzC,CAAC,CAAC,~~IAAI~~,~~CAAC~~,~~mBAAmB~~,~~CAAC,~~OAAO,CAAC,UAAU,CAAC;~~4BAC9C~~,CAAC,CAAC,GAAG,CAAC;wBACP,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,kBAAkB,EAAE,GAAG,eAAe,CAAC,CAAC;oBAC7E,CAAC;gBACF,CAAC;qBAAM,CAAC;oBACP,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;gBACrD,CAAC;YACF,CAAC;YACD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,mBAAmB,EAAE;gBAC3C,SAAS,EAAE,WAAW,CAAC,UAAU,CAAC,KAAK,IAAI,SAAS;gBACpD,oBAAoB,EAAE,MAAM;aAC5B,CAAC,CAAC;YAEH,OAAO,IAAA,mCAAiB,EAAC,GAAG,EAAE,IAAI,sBAAS,CAAC,4BAA4B,CAAC,CAAC,CAAC;QAC5E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,IAAA,sCAAuB,EAAC,OAAO,CAAC,EAAE,CAAC;gBACtC,OAAO,GAAG,CAAC,MAAM,CAAC,6BAA6B,EAAE,EAAE,OAAO,EAAG,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YACzF,CAAC;YACD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,mBAAmB,EAAE;gBAC3C,SAAS,EAAE,SAAS;gBACpB,oBAAoB,EAAE,MAAM;aAC5B,CAAC,CAAC;YAEH,OAAO,IAAA,mCAAiB,EACvB,GAAG,EACH,IAAI,sBAAS,CAAC,8BAA8B,GAAI,KAAe,CAAC,OAAO,CAAC,CACxE,CAAC;QACH,CAAC;IACF,CAAC;IAOK,AAAN,KAAK,CAAC,UAAU,CAAC,GAAuD,EAAE,GAAa;QACtF,IAAI,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,QAAQ,IAAI,EAAE,CAAC;QAC3C,IAAI,CAAC;YACJ,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC;YACvC,IAAI,UAAU,EAAE,CAAC;gBAChB,MAAM,SAAS,GAAG,aAAG,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;gBACxC,IAAI,SAAS,EAAE,KAAK,EAAE,CAAC;oBACtB,MAAM,iBAAiB,GAAG,qBAAW,CAAC,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;oBAC7D,IAAI,iBAAiB,CAAC,QAAQ,IAAI,OAAO,iBAAiB,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;wBAClF,WAAW,GAAG,qBAAW,CAAC,QAAQ,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;oBAChE,CAAC;gBACF,CAAC;YACF,CAAC;QACF,CAAC;QAAC,MAAM,CAAC;QAET,CAAC;QAED,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,~~IAAI~~,~~CAAC~~,~~mBAAmB~~,~~CAAC,~~WAAW,CAAC,CAAC,CAAC;~~IAC7E~~,CAAC;IASK,AAAN,KAAK,CAAC,cAAc,CAAC,IAA0B,EAAE,GAAa,EAAQ,OAAwB;QAC7F,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,IAAA,2DAAqC,GAAE,EAAE,OAAO,CAAC,CAAC;IACxF,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,GAAa,EAAE,UAAmB,EAAE,MAAwB;QACvF,IAAI,QAA4B,CAAC;QACjC,IAAI,MAAM,EAAE,CAAC;YACZ,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;YAC3B,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;gBACrC,QAAQ;oBACP,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,oBAAoB,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5F,CAAC;QACF,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,kBAAkB,CACvD,UAAU,EACV,MAAM,EAAE,YAAY,EACpB,QAAQ,CACR,CAAC;QACF,IAAI,MAAM,EAAE,OAAO,KAAK,UAAU,EAAE,CAAC;YACpC,OAAO,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;QAC/B,CAAC;aAAM,IAAI,MAAM,EAAE,OAAO,KAAK,MAAM,EAAE,CAAC;YACvC,OAAO,GAAG,CAAC,IAAI,CAAC,IAAA,kCAAkB,EAAC,MAAM,CAAC,OAA6B,CAAC,CAAC,CAAC;QAC3E,CAAC;aAAM,CAAC;YACP,MAAM,IAAI,sBAAS,CAAC,6DAA6D,CAAC,CAAC;QACpF,CAAC;IACF,CAAC;IAKO,mBAAmB,CAAC,WAAmB;QAC9C,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAClE,OAAO,GAAG,CAAC;QACZ,CAAC;QAED,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,EAAE,CAAC;QAGnC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9B,OAAO,GAAG,CAAC;QACZ,CAAC;QAED,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,OAAO,GAAG,CAAC;QACZ,CAAC;QAED,OAAO,OAAO,CAAC;IAChB,CAAC;CACD,CAAA;~~AA9NY~~,wCAAc;AASpB;IADL,IAAA,gBAAG,EAAC,WAAW,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;;;gEAKpC;AAMK;IADL,IAAA,gBAAG,EAAC,SAAS,EAAE,EAAE,WAAW,EAAE,CAAC,gDAAsB,CAAC,EAAE,CAAC;;;;+CASzD;AAOK;IAFL,IAAA,iBAAI,EAAC,SAAS,EAAE,EAAE,WAAW,EAAE,CAAC,gDAAsB,CAAC,EAAE,CAAC;IAC1D,IAAA,wBAAW,EAAC,aAAa,CAAC;IACmC,WAAA,iBAAI,CAAA;;qDAAU,2BAAe;;gDAO1F;AAOK;IAFL,IAAA,iBAAI,EAAC,gBAAgB,EAAE,EAAE,WAAW,EAAE,CAAC,gDAAsB,CAAC,EAAE,CAAC;IACjE,IAAA,wBAAW,EAAC,aAAa,CAAC;IAIzB,WAAA,iBAAI,CAAA;;qDAAmB,yBAAa;;uDAIrC;AAMK;IADL,IAAA,gBAAG,EAAC,MAAM,EAAE,EAAE,WAAW,EAAE,CAAC,gDAAsB,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;;;;4CAG3F;AAMK;IADL,IAAA,iBAAI,EAAC,MAAM,EAAE,EAAE,WAAW,EAAE,CAAC,gDAAsB,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IACzC,WAAA,iBAAI,CAAA;;qDAAU,sBAAU;;6CAE3E;AA2EK;IADL,IAAA,gBAAG,EAAC,UAAU,EAAE,EAAE,WAAW,EAAE,CAAC,0DAAgC,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;;;gDAmBpF;AASK;IAFL,IAAA,iBAAI,EAAC,cAAc,EAAE,EAAE,WAAW,EAAE,CAAC,gDAAsB,CAAC,EAAE,CAAC;IAC/D,IAAA,wBAAW,EAAC,aAAa,CAAC;IACsC,WAAA,iBAAI,CAAA;;qDAAU,2BAAe;;oDAE7F;yBA/KW,cAAc;IAD1B,IAAA,2BAAc,EAAC,WAAW,CAAC;qCAGI,0BAAW;QACX,6BAAW;QACZ,wBAAU;QACR,4BAAY;GALhC,cAAc,~~CA8N1B~~"}
1	+ {"version":3,"file":"saml.controller.ee.js","sourceRoot":"","sources":["../../../src/modules/sso-saml/saml.controller.ee.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;AAAA,8CAA4E;AAC5E,+CAAyD;AAEzD,gDAA+E;AAE/E,8DAAsC;AAEtC,8CAAsB;AAEtB,sDAAkD;AAClD,oEAAgE;AAChE,0DAAsD;AAEtD,uDAAsD;AACtD,wDAAoD;AACpD,yEAAoE;AACpE,sDAAgE;AAEhE,kFAG8C;AAC9C,iDAAyD;AACzD,uDAAgD;AAChD,+DAI+B;AAE/B,yDAA2D;AAGpD,IAAM,cAAc,GAApB,MAAM,cAAc;IAC1B,YACkB,WAAwB,EACxB,WAAwB,EACxB,UAAsB,EACtB,YAA0B;QAH1B,gBAAW,GAAX,WAAW,CAAa;QACxB,gBAAW,GAAX,WAAW,CAAa;QACxB,eAAU,GAAV,UAAU,CAAY;QACtB,iBAAY,GAAZ,YAAY,CAAc;IACzC,CAAC;IAGE,AAAN,KAAK,CAAC,0BAA0B,CAAC,CAAkB,EAAE,GAAa;QACjE,OAAO,GAAG;aACR,MAAM,CAAC,cAAc,EAAE,UAAU,CAAC;aAClC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,0BAA0B,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;IACrE,CAAC;IAMK,AAAN,KAAK,CAAC,SAAS;QACd,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC;QAC/C,OAAO;YACN,GAAG,KAAK;YACR,iBAAiB,EAAE,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,wCAAyB,CAAC,CAAC,CAAC,SAAS;YAClF,QAAQ,EAAE,IAAA,gDAA0B,GAAE;YACtC,SAAS,EAAE,IAAA,iDAA2B,GAAE;SACxC,CAAC;IACH,CAAC;IAOK,AAAN,KAAK,CAAC,UAAU,CAAC,IAA0B,EAAE,IAAc,EAAQ,OAAwB;QAC1F,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAClE,IAAI,CAAC,MAAM;YAAE,OAAO;QACpB,OAAO;YACN,GAAG,MAAM;YACT,iBAAiB,EAAE,MAAM,CAAC,iBAAiB,CAAC,CAAC,CAAC,wCAAyB,CAAC,CAAC,CAAC,SAAS;SACnF,CAAC;IACH,CAAC;IAOK,AAAN,KAAK,CAAC,iBAAiB,CACtB,IAA0B,EAC1B,GAAa,EACP,EAAE,YAAY,EAAiB;QAErC,MAAM,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC;QAC5D,OAAO,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC;IAMK,AAAN,KAAK,CAAC,MAAM,CAAC,GAAoB,EAAE,GAAa;QAC/C,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;IACpD,CAAC;IAMK,AAAN,KAAK,CAAC,OAAO,CAAC,GAAoB,EAAE,GAAa,EAAQ,OAAmB;QAC3E,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IACzD,CAAC;IAOO,KAAK,CAAC,UAAU,CACvB,GAAoB,EACpB,GAAa,EACb,OAAyB,EACzB,UAAsB,EAAE;QAExB,IAAI,CAAC;YACJ,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAEzE,IAAI,IAAA,sCAAuB,EAAC,OAAO,CAAC,EAAE,CAAC;gBACtC,IAAI,WAAW,CAAC,iBAAiB,EAAE,CAAC;oBACnC,OAAO,GAAG,CAAC,MAAM,CAAC,8BAA8B,EAAE,WAAW,CAAC,UAAU,CAAC,CAAC;gBAC3E,CAAC;qBAAM,CAAC;oBACP,OAAO,GAAG,CAAC,MAAM,CAAC,6BAA6B,EAAE;wBAChD,OAAO,EAAE,EAAE;wBACX,UAAU,EAAE,WAAW,CAAC,UAAU;qBAClC,CAAC,CAAC;gBACJ,CAAC;YACF,CAAC;YACD,IAAI,WAAW,CAAC,iBAAiB,EAAE,CAAC;gBACnC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE;oBACxC,IAAI,EAAE,WAAW,CAAC,iBAAiB;oBACnC,oBAAoB,EAAE,MAAM;iBAC5B,CAAC,CAAC;gBAGH,IAAI,IAAA,sCAAwB,GAAE,EAAE,CAAC;oBAChC,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,GAAG,EAAE,WAAW,CAAC,iBAAiB,EAAE,IAAI,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;oBAEtF,IAAI,WAAW,CAAC,kBAAkB,EAAE,CAAC;wBACpC,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,kBAAkB,EAAE,GAAG,kBAAkB,CAAC,CAAC;oBAChF,CAAC;yBAAM,CAAC;wBACP,MAAM,eAAe,GAAG,OAAO,CAAC,UAAU;4BACzC,CAAC,CAAC,IAAA,2CAAmB,EAAC,OAAO,CAAC,UAAU,CAAC;4BACzC,CAAC,CAAC,GAAG,CAAC;wBACP,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,kBAAkB,EAAE,GAAG,eAAe,CAAC,CAAC;oBAC7E,CAAC;gBACF,CAAC;qBAAM,CAAC;oBACP,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;gBACrD,CAAC;YACF,CAAC;YACD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,mBAAmB,EAAE;gBAC3C,SAAS,EAAE,WAAW,CAAC,UAAU,CAAC,KAAK,IAAI,SAAS;gBACpD,oBAAoB,EAAE,MAAM;aAC5B,CAAC,CAAC;YAEH,OAAO,IAAA,mCAAiB,EAAC,GAAG,EAAE,IAAI,sBAAS,CAAC,4BAA4B,CAAC,CAAC,CAAC;QAC5E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,IAAA,sCAAuB,EAAC,OAAO,CAAC,EAAE,CAAC;gBACtC,OAAO,GAAG,CAAC,MAAM,CAAC,6BAA6B,EAAE,EAAE,OAAO,EAAG,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YACzF,CAAC;YACD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,mBAAmB,EAAE;gBAC3C,SAAS,EAAE,SAAS;gBACpB,oBAAoB,EAAE,MAAM;aAC5B,CAAC,CAAC;YAEH,OAAO,IAAA,mCAAiB,EACvB,GAAG,EACH,IAAI,sBAAS,CAAC,8BAA8B,GAAI,KAAe,CAAC,OAAO,CAAC,CACxE,CAAC;QACH,CAAC;IACF,CAAC;IAOK,AAAN,KAAK,CAAC,UAAU,CAAC,GAAuD,EAAE,GAAa;QACtF,IAAI,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,QAAQ,IAAI,EAAE,CAAC;QAC3C,IAAI,CAAC;YACJ,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC;YACvC,IAAI,UAAU,EAAE,CAAC;gBAChB,MAAM,SAAS,GAAG,aAAG,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;gBACxC,IAAI,SAAS,EAAE,KAAK,EAAE,CAAC;oBACtB,MAAM,iBAAiB,GAAG,qBAAW,CAAC,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;oBAC7D,IAAI,iBAAiB,CAAC,QAAQ,IAAI,OAAO,iBAAiB,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;wBAClF,WAAW,GAAG,qBAAW,CAAC,QAAQ,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;oBAChE,CAAC;gBACF,CAAC;YACF,CAAC;QACF,CAAC;QAAC,MAAM,CAAC;QAET,CAAC;QAED,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,IAAA,2CAAmB,EAAC,WAAW,CAAC,CAAC,CAAC;IACxE,CAAC;IASK,AAAN,KAAK,CAAC,cAAc,CAAC,IAA0B,EAAE,GAAa,EAAQ,OAAwB;QAC7F,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,IAAA,2DAAqC,GAAE,EAAE,OAAO,CAAC,CAAC;IACxF,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,GAAa,EAAE,UAAmB,EAAE,MAAwB;QACvF,IAAI,QAA4B,CAAC;QACjC,IAAI,MAAM,EAAE,CAAC;YACZ,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;YAC3B,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;gBACrC,QAAQ;oBACP,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,oBAAoB,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5F,CAAC;QACF,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,kBAAkB,CACvD,UAAU,EACV,MAAM,EAAE,YAAY,EACpB,QAAQ,CACR,CAAC;QACF,IAAI,MAAM,EAAE,OAAO,KAAK,UAAU,EAAE,CAAC;YACpC,OAAO,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;QAC/B,CAAC;aAAM,IAAI,MAAM,EAAE,OAAO,KAAK,MAAM,EAAE,CAAC;YACvC,OAAO,GAAG,CAAC,IAAI,CAAC,IAAA,kCAAkB,EAAC,MAAM,CAAC,OAA6B,CAAC,CAAC,CAAC;QAC3E,CAAC;aAAM,CAAC;YACP,MAAM,IAAI,sBAAS,CAAC,6DAA6D,CAAC,CAAC;QACpF,CAAC;IACF,CAAC;CACD,CAAA;AAxMY,wCAAc;AASpB;IADL,IAAA,gBAAG,EAAC,WAAW,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;;;gEAKpC;AAMK;IADL,IAAA,gBAAG,EAAC,SAAS,EAAE,EAAE,WAAW,EAAE,CAAC,gDAAsB,CAAC,EAAE,CAAC;;;;+CASzD;AAOK;IAFL,IAAA,iBAAI,EAAC,SAAS,EAAE,EAAE,WAAW,EAAE,CAAC,gDAAsB,CAAC,EAAE,CAAC;IAC1D,IAAA,wBAAW,EAAC,aAAa,CAAC;IACmC,WAAA,iBAAI,CAAA;;qDAAU,2BAAe;;gDAO1F;AAOK;IAFL,IAAA,iBAAI,EAAC,gBAAgB,EAAE,EAAE,WAAW,EAAE,CAAC,gDAAsB,CAAC,EAAE,CAAC;IACjE,IAAA,wBAAW,EAAC,aAAa,CAAC;IAIzB,WAAA,iBAAI,CAAA;;qDAAmB,yBAAa;;uDAIrC;AAMK;IADL,IAAA,gBAAG,EAAC,MAAM,EAAE,EAAE,WAAW,EAAE,CAAC,gDAAsB,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;;;;4CAG3F;AAMK;IADL,IAAA,iBAAI,EAAC,MAAM,EAAE,EAAE,WAAW,EAAE,CAAC,gDAAsB,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IACzC,WAAA,iBAAI,CAAA;;qDAAU,sBAAU;;6CAE3E;AA2EK;IADL,IAAA,gBAAG,EAAC,UAAU,EAAE,EAAE,WAAW,EAAE,CAAC,0DAAgC,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;;;gDAmBpF;AASK;IAFL,IAAA,iBAAI,EAAC,cAAc,EAAE,EAAE,WAAW,EAAE,CAAC,gDAAsB,CAAC,EAAE,CAAC;IAC/D,IAAA,wBAAW,EAAC,aAAa,CAAC;IACsC,WAAA,iBAAI,CAAA;;qDAAU,2BAAe;;oDAE7F;yBA/KW,cAAc;IAD1B,IAAA,2BAAc,EAAC,WAAW,CAAC;qCAGI,0BAAW;QACX,6BAAW;QACZ,wBAAU;QACR,4BAAY;GALhC,cAAc,CAwM1B"}

package/dist/modules/token-exchange/controllers/embed-auth.controller.d.ts CHANGED Viewed

@@ -1,14 +1,18 @@
 import { EmbedLoginBodyDto, EmbedLoginQueryDto } from '@n8n/api-types';
 import type { Response } from 'express';
 import { AuthService } from '../../../auth/auth.service';
+import { EventService } from '../../../events/event.service';
 import { AuthlessRequest } from '../../../requests';
 import { UrlService } from '../../../services/url.service';
 import { TokenExchangeService } from '../services/token-exchange.service';
+import { TokenExchangeConfig } from '../token-exchange.config';
 export declare class EmbedAuthController {
+    private readonly config;
     private readonly tokenExchangeService;
     private readonly authService;
     private readonly urlService;
-    constructor(tokenExchangeService: TokenExchangeService, authService: AuthService, urlService: UrlService);
+    private readonly eventService;
+    constructor(config: TokenExchangeConfig, tokenExchangeService: TokenExchangeService, authService: AuthService, urlService: UrlService, eventService: EventService);
     getLogin(req: AuthlessRequest, res: Response, query: EmbedLoginQueryDto): Promise<void>;
     postLogin(req: AuthlessRequest, res: Response, body: EmbedLoginBodyDto): Promise<void>;
     private handleLogin;

package/dist/modules/token-exchange/controllers/embed-auth.controller.js CHANGED Viewed

@@ -17,31 +17,65 @@ const api_types_1 = require("@n8n/api-types");
 const constants_1 = require("@n8n/constants");
 const decorators_1 = require("@n8n/decorators");
 const auth_service_1 = require("../../../auth/auth.service");
+const event_service_1 = require("../../../events/event.service");
 const url_service_1 = require("../../../services/url.service");
+const validate_redirect_url_1 = require("../../../utils/validate-redirect-url");
 const token_exchange_service_1 = require("../services/token-exchange.service");
+const token_exchange_config_1 = require("../token-exchange.config");
+const di_1 = require("@n8n/di");
+const configService = di_1.Container.get(token_exchange_config_1.TokenExchangeConfig);
 let EmbedAuthController = class EmbedAuthController {
-    constructor(tokenExchangeService, authService, urlService) {
+    constructor(config, tokenExchangeService, authService, urlService, eventService) {
+        this.config = config;
         this.tokenExchangeService = tokenExchangeService;
         this.authService = authService;
         this.urlService = urlService;
+        this.eventService = eventService;
     }
     async getLogin(req, res, query) {
-        return await this.handleLogin(query.token, req, res);
+        if (!this.config.embedEnabled) {
+            res.status(501).json({
+                error: 'server_error',
+                error_description: 'Embed login is not enabled on this instance',
+            });
+            return;
+        }
+        return await this.handleLogin(query.token, req, res, query.redirectTo);
     }
     async postLogin(req, res, body) {
-        return await this.handleLogin(body.token, req, res);
+        if (!this.config.embedEnabled) {
+            res.status(501).json({
+                error: 'server_error',
+                error_description: 'Embed login is not enabled on this instance',
+            });
+            return;
+        }
+        return await this.handleLogin(body.token, req, res, body.redirectTo);
     }
-    async handleLogin(subjectToken, req, res) {
-        const user = await this.tokenExchangeService.embedLogin(subjectToken);
-        this.authService.issueCookie(res, user, true, req.browserId);
-        res.redirect(this.urlService.getInstanceBaseUrl() + '/');
+    async handleLogin(subjectToken, req, res, redirect) {
+        const { user, subject, issuer, kid } = await this.tokenExchangeService.embedLogin(subjectToken);
+        this.authService.issueCookie(res, user, true, req.browserId, true, {
+            sameSite: 'none',
+            secure: true,
+        });
+        this.eventService.emit('embed-login', {
+            subject,
+            issuer,
+            kid,
+            clientIp: req.ip ?? 'unknown',
+        });
+        const safePath = (0, validate_redirect_url_1.validateRedirectUrl)(redirect ?? '');
+        res.redirect(this.urlService.getInstanceBaseUrl() + safePath);
     }
 };
 exports.EmbedAuthController = EmbedAuthController;
 __decorate([
     (0, decorators_1.Get)('/', {
         skipAuth: true,
-        ipRateLimit: { limit: 20, windowMs: 1 * constants_1.Time.minutes.toMilliseconds },
+        ipRateLimit: {
+            limit: configService.rateLimitEmbedLogin,
+            windowMs: 1 * constants_1.Time.minutes.toMilliseconds,
+        },
     }),
     __param(2, decorators_1.Query),
     __metadata("design:type", Function),
@@ -51,7 +85,10 @@ __decorate([
 __decorate([
     (0, decorators_1.Post)('/', {
         skipAuth: true,
-        ipRateLimit: { limit: 20, windowMs: 1 * constants_1.Time.minutes.toMilliseconds },
+        ipRateLimit: {
+            limit: configService.rateLimitEmbedLogin,
+            windowMs: 1 * constants_1.Time.minutes.toMilliseconds,
+        },
     }),
     __param(2, decorators_1.Body),
     __metadata("design:type", Function),
@@ -60,8 +97,10 @@ __decorate([
 ], EmbedAuthController.prototype, "postLogin", null);
 exports.EmbedAuthController = EmbedAuthController = __decorate([
     (0, decorators_1.RestController)('/auth/embed'),
-    __metadata("design:paramtypes", [token_exchange_service_1.TokenExchangeService,
+    __metadata("design:paramtypes", [token_exchange_config_1.TokenExchangeConfig,
+        token_exchange_service_1.TokenExchangeService,
         auth_service_1.AuthService,
-        url_service_1.UrlService])
+        url_service_1.UrlService,
+        event_service_1.EventService])
 ], EmbedAuthController);
 //# sourceMappingURL=embed-auth.controller.js.map

package/dist/modules/token-exchange/controllers/embed-auth.controller.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"embed-auth.controller.js","sourceRoot":"","sources":["../../../../src/modules/token-exchange/controllers/embed-auth.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,8CAAuE;AACvE,8CAAsC;AACtC,gDAAyE;AAGzE,sDAAkD;~~AAElD~~,wDAAoD;~~AAEpD~~,+EAA0E;~~AAGnE~~,IAAM,mBAAmB,GAAzB,MAAM,mBAAmB;IAC/B,YACkB,oBAA0C,EAC1C,WAAwB,EACxB,UAAsB;~~QAFtB~~,yBAAoB,GAApB,oBAAoB,CAAsB;QAC1C,gBAAW,GAAX,WAAW,CAAa;QACxB,eAAU,GAAV,UAAU,CAAY;~~IACrC~~,CAAC;~~IAME~~,AAAN,KAAK,CAAC,QAAQ,CAAC,GAAoB,EAAE,GAAa,EAAS,KAAyB;QACnF,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;~~IACtD~~,CAAC;~~IAMK~~,AAAN,KAAK,CAAC,SAAS,CAAC,GAAoB,EAAE,GAAa,EAAQ,IAAuB;QACjF,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;~~IACrD~~,CAAC;IAEO,KAAK,CAAC,WAAW,~~CAAC~~,YAAoB,~~EAAE~~,GAAoB,~~EAAE~~,GAAa;~~QAClF~~,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;~~QAEtE~~,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;~~QAM7D~~,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,kBAAkB,EAAE,GAAG,~~GAAG~~,CAAC,CAAC;~~IAC1D~~,CAAC;CACD,CAAA;~~AAlCY~~,kDAAmB;~~AAWzB~~;~~IAJL~~,IAAA,gBAAG,EAAC,GAAG,EAAE;QACT,QAAQ,EAAE,IAAI;QACd,WAAW,EAAE,~~EAAE,~~KAAK,EAAE,~~EAAE~~,~~EAAE~~,QAAQ,EAAE,CAAC,GAAG,gBAAI,CAAC,OAAO,CAAC,cAAc~~,EAAE~~;~~KACrE~~,CAAC;IACmD,WAAA,kBAAK,CAAA;;qDAAQ,8BAAkB;;~~mDAEnF~~;~~AAMK~~;~~IAJL~~,IAAA,iBAAI,EAAC,GAAG,EAAE;QACV,QAAQ,EAAE,IAAI;QACd,WAAW,EAAE,~~EAAE,~~KAAK,EAAE,~~EAAE~~,~~EAAE~~,QAAQ,EAAE,CAAC,GAAG,gBAAI,CAAC,OAAO,CAAC,cAAc~~,EAAE~~;~~KACrE~~,CAAC;IACoD,WAAA,iBAAI,CAAA;;qDAAO,6BAAiB;;~~oDAEjF~~;~~8BArBW~~,mBAAmB;IAD/B,IAAA,2BAAc,EAAC,aAAa,CAAC;~~qCAGW~~,6CAAoB;QAC7B,0BAAW;QACZ,wBAAU;~~GAJ5B~~,mBAAmB,~~CAkC~~/B"}
1	+ {"version":3,"file":"embed-auth.controller.js","sourceRoot":"","sources":["../../../../src/modules/token-exchange/controllers/embed-auth.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,8CAAuE;AACvE,8CAAsC;AACtC,gDAAyE;AAGzE,sDAAkD;AAClD,0DAAsD;AAEtD,wDAAoD;AACpD,yEAAoE;AAEpE,+EAA0E;AAC1E,oEAA+D;AAC/D,gCAAoC;AAEpC,MAAM,aAAa,GAAG,cAAS,CAAC,GAAG,CAAC,2CAAmB,CAAC,CAAC;AAGlD,IAAM,mBAAmB,GAAzB,MAAM,mBAAmB;IAC/B,YACkB,MAA2B,EAC3B,oBAA0C,EAC1C,WAAwB,EACxB,UAAsB,EACtB,YAA0B;QAJ1B,WAAM,GAAN,MAAM,CAAqB;QAC3B,yBAAoB,GAApB,oBAAoB,CAAsB;QAC1C,gBAAW,GAAX,WAAW,CAAa;QACxB,eAAU,GAAV,UAAU,CAAY;QACtB,iBAAY,GAAZ,YAAY,CAAc;IACzC,CAAC;IASE,AAAN,KAAK,CAAC,QAAQ,CAAC,GAAoB,EAAE,GAAa,EAAS,KAAyB;QACnF,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YAC/B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,cAAc;gBACrB,iBAAiB,EAAE,6CAA6C;aAChE,CAAC,CAAC;YACH,OAAO;QACR,CAAC;QACD,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC;IACxE,CAAC;IASK,AAAN,KAAK,CAAC,SAAS,CAAC,GAAoB,EAAE,GAAa,EAAQ,IAAuB;QACjF,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YAC/B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,cAAc;gBACrB,iBAAiB,EAAE,6CAA6C;aAChE,CAAC,CAAC;YACH,OAAO;QACR,CAAC;QACD,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACtE,CAAC;IAEO,KAAK,CAAC,WAAW,CACxB,YAAoB,EACpB,GAAoB,EACpB,GAAa,EACb,QAAiB;QAEjB,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QAEhG,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,SAAS,EAAE,IAAI,EAAE;YAClE,QAAQ,EAAE,MAAM;YAChB,MAAM,EAAE,IAAI;SACZ,CAAC,CAAC;QAEH,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,aAAa,EAAE;YACrC,OAAO;YACP,MAAM;YACN,GAAG;YACH,QAAQ,EAAE,GAAG,CAAC,EAAE,IAAI,SAAS;SAC7B,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,IAAA,2CAAmB,EAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;QACrD,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,kBAAkB,EAAE,GAAG,QAAQ,CAAC,CAAC;IAC/D,CAAC;CACD,CAAA;AApEY,kDAAmB;AAgBzB;IAPL,IAAA,gBAAG,EAAC,GAAG,EAAE;QACT,QAAQ,EAAE,IAAI;QACd,WAAW,EAAE;YACZ,KAAK,EAAE,aAAa,CAAC,mBAAmB;YACxC,QAAQ,EAAE,CAAC,GAAG,gBAAI,CAAC,OAAO,CAAC,cAAc;SACzC;KACD,CAAC;IACmD,WAAA,kBAAK,CAAA;;qDAAQ,8BAAkB;;mDASnF;AASK;IAPL,IAAA,iBAAI,EAAC,GAAG,EAAE;QACV,QAAQ,EAAE,IAAI;QACd,WAAW,EAAE;YACZ,KAAK,EAAE,aAAa,CAAC,mBAAmB;YACxC,QAAQ,EAAE,CAAC,GAAG,gBAAI,CAAC,OAAO,CAAC,cAAc;SACzC;KACD,CAAC;IACoD,WAAA,iBAAI,CAAA;;qDAAO,6BAAiB;;oDASjF;8BA3CW,mBAAmB;IAD/B,IAAA,2BAAc,EAAC,aAAa,CAAC;qCAGH,2CAAmB;QACL,6CAAoB;QAC7B,0BAAW;QACZ,wBAAU;QACR,4BAAY;GANhC,mBAAmB,CAoE/B"}

package/dist/modules/token-exchange/{token-exchange.controller.d.ts → controllers/token-exchange.controller.d.ts} RENAMED Viewed

@@ -1,5 +1,5 @@
 import type { Response } from 'express';
-import { AuthlessRequest } from '../../requests';
+import { AuthlessRequest } from '../../../requests';
 export declare class TokenExchangeController {
     private readonly config;
     private readonly errorReporter;

package/dist/modules/token-exchange/{token-exchange.controller.js → controllers/token-exchange.controller.js} RENAMED Viewed

@@ -14,11 +14,14 @@ const constants_1 = require("@n8n/constants");
 const decorators_1 = require("@n8n/decorators");
 const di_1 = require("@n8n/di");
 const n8n_core_1 = require("n8n-core");
-const event_service_1 = require("../../events/event.service");
 const zod_1 = require("zod");
-const token_exchange_config_1 = require("./token-exchange.config");
-const token_exchange_schemas_1 = require("./token-exchange.schemas");
-const token_exchange_service_1 = require("./token-exchange.service");
+const auth_error_1 = require("../../../errors/response-errors/auth.error");
+const bad_request_error_1 = require("../../../errors/response-errors/bad-request.error");
+const event_service_1 = require("../../../events/event.service");
+const token_exchange_service_1 = require("../services/token-exchange.service");
+const token_exchange_config_1 = require("../token-exchange.config");
+const token_exchange_schemas_1 = require("../token-exchange.schemas");
+const configService = di_1.Container.get(token_exchange_config_1.TokenExchangeConfig);
 let TokenExchangeController = class TokenExchangeController {
     constructor() {
         this.config = di_1.Container.get(token_exchange_config_1.TokenExchangeConfig);
@@ -73,6 +76,45 @@ let TokenExchangeController = class TokenExchangeController {
             });
         }
         catch (error) {
+            if (error instanceof auth_error_1.AuthError) {
+                this.eventService.emit('token-exchange-failed', {
+                    subject: '',
+                    failureReason: error.message,
+                    grantType: parsed.data.grant_type,
+                    clientIp,
+                });
+                res.status(400).json({
+                    error: 'invalid_grant',
+                    error_description: 'Token exchange failed',
+                });
+                return;
+            }
+            if (error instanceof bad_request_error_1.BadRequestError) {
+                this.eventService.emit('token-exchange-failed', {
+                    subject: '',
+                    failureReason: error.message,
+                    grantType: parsed.data.grant_type,
+                    clientIp,
+                });
+                res.status(400).json({
+                    error: 'invalid_request',
+                    error_description: error.message,
+                });
+                return;
+            }
+            if (error instanceof zod_1.ZodError) {
+                this.eventService.emit('token-exchange-failed', {
+                    subject: '',
+                    failureReason: 'invalid_claims',
+                    grantType: parsed.data.grant_type,
+                    clientIp,
+                });
+                res.status(400).json({
+                    error: 'invalid_request',
+                    error_description: 'Token claims validation failed',
+                });
+                return;
+            }
             this.errorReporter.error(error instanceof Error ? error : new Error(String(error)));
             this.eventService.emit('token-exchange-failed', {
                 subject: '',
@@ -91,7 +133,10 @@ exports.TokenExchangeController = TokenExchangeController;
 __decorate([
     (0, decorators_1.Post)('/token', {
         skipAuth: true,
-        ipRateLimit: { limit: 20, windowMs: 1 * constants_1.Time.minutes.toMilliseconds },
+        ipRateLimit: {
+            limit: configService.rateLimitTokenExchange,
+            windowMs: 1 * constants_1.Time.minutes.toMilliseconds,
+        },
     }),
     __metadata("design:type", Function),
     __metadata("design:paramtypes", [Object, Object]),

package/dist/modules/token-exchange/controllers/token-exchange.controller.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"token-exchange.controller.js","sourceRoot":"","sources":["../../../../src/modules/token-exchange/controllers/token-exchange.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAsC;AACtC,gDAAuD;AACvD,gCAAoC;AAEpC,uCAAyC;AACzC,6BAAkC;AAElC,oEAAgE;AAChE,kFAA6E;AAC7E,0DAAsD;AAGtD,+EAA0E;AAC1E,oEAA+D;AAC/D,sEAAkG;AAElG,MAAM,aAAa,GAAG,cAAS,CAAC,GAAG,CAAC,2CAAmB,CAAC,CAAC;AAGlD,IAAM,uBAAuB,GAA7B,MAAM,uBAAuB;IAA7B;QACW,WAAM,GAAG,cAAS,CAAC,GAAG,CAAC,2CAAmB,CAAC,CAAC;QAE5C,kBAAa,GAAG,cAAS,CAAC,GAAG,CAAC,wBAAa,CAAC,CAAC;QAE7C,iBAAY,GAAG,cAAS,CAAC,GAAG,CAAC,4BAAY,CAAC,CAAC;QAE3C,yBAAoB,GAAG,cAAS,CAAC,GAAG,CAAC,6CAAoB,CAAC,CAAC;IA6H7E,CAAC;IA/GM,AAAN,KAAK,CAAC,aAAa,CAAC,GAAoB,EAAE,GAAa;QACtD,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YAC1B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,cAAc;gBACrB,iBAAiB,EAAE,gDAAgD;aACnE,CAAC,CAAC;YACH,OAAO;QACR,CAAC;QAED,MAAM,QAAQ,GAAG,GAAG,CAAC,EAAE,IAAI,SAAS,CAAC;QAIrC,MAAM,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,OAAC;aAC/B,MAAM,CAAC,EAAE,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC;aAC7C,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACtB,IAAI,aAAa,EAAE,UAAU,KAAK,kDAAyB,EAAE,CAAC;YAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,wBAAwB;gBAC/B,iBAAiB,EAAE,uBAAuB,kDAAyB,GAAG;aACtE,CAAC,CAAC;YACH,OAAO;QACR,CAAC;QAGD,MAAM,MAAM,GAAG,mDAA0B,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC9D,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACrB,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAC1C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,iBAAiB;gBACxB,iBAAiB,EAAE,UAAU,EAAE,OAAO,IAAI,4BAA4B;aACtE,CAAC,CAAC;YACH,OAAO;QACR,CAAC;QAGD,IAAI,CAAC;YACJ,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAErE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBAClD,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK;gBACzB,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ;gBAC9B,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU;gBACjC,QAAQ;gBACR,MAAM,EAAE,MAAM,CAAC,MAAM;aACrB,CAAC,CAAC;YAEH,GAAG,CAAC,IAAI,CAAC;gBACR,YAAY,EAAE,MAAM,CAAC,WAAW;gBAChC,UAAU,EAAE,QAAQ;gBACpB,UAAU,EAAE,MAAM,CAAC,SAAS;gBAC5B,iBAAiB,EAAE,+CAA+C;aAClE,CAAC,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,KAAK,YAAY,sBAAS,EAAE,CAAC;gBAChC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,uBAAuB,EAAE;oBAC/C,OAAO,EAAE,EAAE;oBACX,aAAa,EAAE,KAAK,CAAC,OAAO;oBAC5B,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU;oBACjC,QAAQ;iBACR,CAAC,CAAC;gBACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACpB,KAAK,EAAE,eAAe;oBACtB,iBAAiB,EAAE,uBAAuB;iBAC1C,CAAC,CAAC;gBACH,OAAO;YACR,CAAC;YAED,IAAI,KAAK,YAAY,mCAAe,EAAE,CAAC;gBACtC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,uBAAuB,EAAE;oBAC/C,OAAO,EAAE,EAAE;oBACX,aAAa,EAAE,KAAK,CAAC,OAAO;oBAC5B,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU;oBACjC,QAAQ;iBACR,CAAC,CAAC;gBACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACpB,KAAK,EAAE,iBAAiB;oBACxB,iBAAiB,EAAE,KAAK,CAAC,OAAO;iBAChC,CAAC,CAAC;gBACH,OAAO;YACR,CAAC;YAED,IAAI,KAAK,YAAY,cAAQ,EAAE,CAAC;gBAC/B,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,uBAAuB,EAAE;oBAC/C,OAAO,EAAE,EAAE;oBACX,aAAa,EAAE,gBAAgB;oBAC/B,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU;oBACjC,QAAQ;iBACR,CAAC,CAAC;gBACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACpB,KAAK,EAAE,iBAAiB;oBACxB,iBAAiB,EAAE,gCAAgC;iBACnD,CAAC,CAAC;gBACH,OAAO;YACR,CAAC;YAED,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACpF,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,uBAAuB,EAAE;gBAC/C,OAAO,EAAE,EAAE;gBACX,aAAa,EAAE,gBAAgB;gBAC/B,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU;gBACjC,QAAQ;aACR,CAAC,CAAC;YACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,cAAc;gBACrB,iBAAiB,EAAE,oDAAoD;aACvE,CAAC,CAAC;QACJ,CAAC;IACF,CAAC;CACD,CAAA;AApIY,0DAAuB;AAqB7B;IAPL,IAAA,iBAAI,EAAC,QAAQ,EAAE;QACf,QAAQ,EAAE,IAAI;QACd,WAAW,EAAE;YACZ,KAAK,EAAE,aAAa,CAAC,sBAAsB;YAC3C,QAAQ,EAAE,CAAC,GAAG,gBAAI,CAAC,OAAO,CAAC,cAAc;SACzC;KACD,CAAC;;;;4DA+GD;kCAnIW,uBAAuB;IADnC,IAAA,2BAAc,EAAC,aAAa,CAAC;GACjB,uBAAuB,CAoInC"}

package/dist/modules/token-exchange/database/entities/trusted-key-source.entity.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import { WithTimestamps } from '@n8n/db';
+import type { TrustedKeySourceStatus, TrustedKeySourceType } from '../../token-exchange.schemas';
+export declare class TrustedKeySourceEntity extends WithTimestamps {
+    id: string;
+    type: TrustedKeySourceType;
+    config: string;
+    status: TrustedKeySourceStatus;
+    lastError: string | null;
+    lastRefreshedAt: Date | null;
+}

package/dist/modules/token-exchange/database/entities/trusted-key-source.entity.js ADDED Viewed

@@ -0,0 +1,45 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TrustedKeySourceEntity = void 0;
+const db_1 = require("@n8n/db");
+const typeorm_1 = require("@n8n/typeorm");
+let TrustedKeySourceEntity = class TrustedKeySourceEntity extends db_1.WithTimestamps {
+};
+exports.TrustedKeySourceEntity = TrustedKeySourceEntity;
+__decorate([
+    (0, typeorm_1.PrimaryColumn)('varchar', { length: 36 }),
+    __metadata("design:type", String)
+], TrustedKeySourceEntity.prototype, "id", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: 'varchar', length: 32 }),
+    __metadata("design:type", String)
+], TrustedKeySourceEntity.prototype, "type", void 0);
+__decorate([
+    (0, typeorm_1.Column)('text'),
+    __metadata("design:type", String)
+], TrustedKeySourceEntity.prototype, "config", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: 'varchar', length: 32, default: 'pending' }),
+    __metadata("design:type", String)
+], TrustedKeySourceEntity.prototype, "status", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ type: 'text', nullable: true }),
+    __metadata("design:type", Object)
+], TrustedKeySourceEntity.prototype, "lastError", void 0);
+__decorate([
+    (0, db_1.DateTimeColumn)({ nullable: true }),
+    __metadata("design:type", Object)
+], TrustedKeySourceEntity.prototype, "lastRefreshedAt", void 0);
+exports.TrustedKeySourceEntity = TrustedKeySourceEntity = __decorate([
+    (0, typeorm_1.Entity)('trusted_key_source')
+], TrustedKeySourceEntity);
+//# sourceMappingURL=trusted-key-source.entity.js.map

package/dist/modules/token-exchange/database/entities/trusted-key-source.entity.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"trusted-key-source.entity.js","sourceRoot":"","sources":["../../../../../src/modules/token-exchange/database/entities/trusted-key-source.entity.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,gCAAyD;AACzD,0CAA6D;AAKtD,IAAM,sBAAsB,GAA5B,MAAM,sBAAuB,SAAQ,mBAAc;CAkBzD,CAAA;AAlBY,wDAAsB;AAElC;IADC,IAAA,uBAAa,EAAC,SAAS,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;;kDAC9B;AAGX;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;;oDACb;AAG3B;IADC,IAAA,gBAAM,EAAC,MAAM,CAAC;;sDACA;AAGf;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;;sDAC7B;AAG/B;IADC,IAAA,gBAAM,EAAC,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;yDAChB;AAGzB;IADC,IAAA,mBAAc,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;+DACN;iCAjBjB,sBAAsB;IADlC,IAAA,gBAAM,EAAC,oBAAoB,CAAC;GAChB,sBAAsB,CAkBlC"}

package/dist/modules/token-exchange/database/entities/trusted-key.entity.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import type { Relation } from '@n8n/typeorm';
+import { TrustedKeySourceEntity } from './trusted-key-source.entity';
+export declare class TrustedKeyEntity {
+    sourceId: string;
+    kid: string;
+    data: string;
+    createdAt: Date;
+    source: Relation<TrustedKeySourceEntity>;
+}

package/dist/modules/token-exchange/database/entities/trusted-key.entity.js ADDED Viewed

@@ -0,0 +1,43 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TrustedKeyEntity = void 0;
+const db_1 = require("@n8n/db");
+const typeorm_1 = require("@n8n/typeorm");
+const trusted_key_source_entity_1 = require("./trusted-key-source.entity");
+let TrustedKeyEntity = class TrustedKeyEntity {
+};
+exports.TrustedKeyEntity = TrustedKeyEntity;
+__decorate([
+    (0, typeorm_1.PrimaryColumn)('varchar', { length: 36 }),
+    __metadata("design:type", String)
+], TrustedKeyEntity.prototype, "sourceId", void 0);
+__decorate([
+    (0, typeorm_1.PrimaryColumn)('varchar', { length: 255 }),
+    __metadata("design:type", String)
+], TrustedKeyEntity.prototype, "kid", void 0);
+__decorate([
+    (0, typeorm_1.Column)('text'),
+    __metadata("design:type", String)
+], TrustedKeyEntity.prototype, "data", void 0);
+__decorate([
+    (0, db_1.DateTimeColumn)(),
+    __metadata("design:type", Date)
+], TrustedKeyEntity.prototype, "createdAt", void 0);
+__decorate([
+    (0, typeorm_1.ManyToOne)(() => trusted_key_source_entity_1.TrustedKeySourceEntity, { onDelete: 'CASCADE' }),
+    (0, typeorm_1.JoinColumn)({ name: 'sourceId' }),
+    __metadata("design:type", Object)
+], TrustedKeyEntity.prototype, "source", void 0);
+exports.TrustedKeyEntity = TrustedKeyEntity = __decorate([
+    (0, typeorm_1.Entity)('trusted_key')
+], TrustedKeyEntity);
+//# sourceMappingURL=trusted-key.entity.js.map

package/dist/modules/token-exchange/database/entities/trusted-key.entity.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"trusted-key.entity.js","sourceRoot":"","sources":["../../../../../src/modules/token-exchange/database/entities/trusted-key.entity.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,gCAAyC;AAEzC,0CAAoF;AAEpF,2EAAqE;AAG9D,IAAM,gBAAgB,GAAtB,MAAM,gBAAgB;CAgB5B,CAAA;AAhBY,4CAAgB;AAE5B;IADC,IAAA,uBAAa,EAAC,SAAS,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;;kDACxB;AAGjB;IADC,IAAA,uBAAa,EAAC,SAAS,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;;6CAC9B;AAGZ;IADC,IAAA,gBAAM,EAAC,MAAM,CAAC;;8CACF;AAGb;IADC,IAAA,mBAAc,GAAE;8BACN,IAAI;mDAAC;AAIhB;IAFC,IAAA,mBAAS,EAAC,GAAG,EAAE,CAAC,kDAAsB,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IAChE,IAAA,oBAAU,EAAC,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;;gDACQ;2BAf7B,gBAAgB;IAD5B,IAAA,gBAAM,EAAC,aAAa,CAAC;GACT,gBAAgB,CAgB5B"}

package/dist/modules/token-exchange/database/repositories/trusted-key-source.repository.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { DataSource, Repository } from '@n8n/typeorm';
+import { TrustedKeySourceEntity } from '../entities/trusted-key-source.entity';
+export declare class TrustedKeySourceRepository extends Repository<TrustedKeySourceEntity> {
+    constructor(dataSource: DataSource);
+}

package/dist/modules/token-exchange/database/repositories/trusted-key-source.repository.js ADDED Viewed

@@ -0,0 +1,26 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TrustedKeySourceRepository = void 0;
+const di_1 = require("@n8n/di");
+const typeorm_1 = require("@n8n/typeorm");
+const trusted_key_source_entity_1 = require("../entities/trusted-key-source.entity");
+let TrustedKeySourceRepository = class TrustedKeySourceRepository extends typeorm_1.Repository {
+    constructor(dataSource) {
+        super(trusted_key_source_entity_1.TrustedKeySourceEntity, dataSource.manager);
+    }
+};
+exports.TrustedKeySourceRepository = TrustedKeySourceRepository;
+exports.TrustedKeySourceRepository = TrustedKeySourceRepository = __decorate([
+    (0, di_1.Service)(),
+    __metadata("design:paramtypes", [typeorm_1.DataSource])
+], TrustedKeySourceRepository);
+//# sourceMappingURL=trusted-key-source.repository.js.map

package/dist/modules/token-exchange/database/repositories/trusted-key-source.repository.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"trusted-key-source.repository.js","sourceRoot":"","sources":["../../../../../src/modules/token-exchange/database/repositories/trusted-key-source.repository.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,gCAAkC;AAClC,0CAAsD;AAEtD,qFAA+E;AAGxE,IAAM,0BAA0B,GAAhC,MAAM,0BAA2B,SAAQ,oBAAkC;IACjF,YAAY,UAAsB;QACjC,KAAK,CAAC,kDAAsB,EAAE,UAAU,CAAC,OAAO,CAAC,CAAC;IACnD,CAAC;CACD,CAAA;AAJY,gEAA0B;qCAA1B,0BAA0B;IADtC,IAAA,YAAO,GAAE;qCAEe,oBAAU;GADtB,0BAA0B,CAItC"}

package/dist/modules/token-exchange/database/repositories/trusted-key.repository.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import { DataSource, Repository } from '@n8n/typeorm';
+import { TrustedKeyEntity } from '../entities/trusted-key.entity';
+export declare class TrustedKeyRepository extends Repository<TrustedKeyEntity> {
+    constructor(dataSource: DataSource);
+    findBySourceAndKid(sourceId: string, kid: string): Promise<TrustedKeyEntity | null>;
+    findAllByKid(kid: string): Promise<TrustedKeyEntity[]>;
+}

package/dist/modules/token-exchange/database/repositories/trusted-key.repository.js ADDED Viewed

@@ -0,0 +1,32 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TrustedKeyRepository = void 0;
+const di_1 = require("@n8n/di");
+const typeorm_1 = require("@n8n/typeorm");
+const trusted_key_entity_1 = require("../entities/trusted-key.entity");
+let TrustedKeyRepository = class TrustedKeyRepository extends typeorm_1.Repository {
+    constructor(dataSource) {
+        super(trusted_key_entity_1.TrustedKeyEntity, dataSource.manager);
+    }
+    async findBySourceAndKid(sourceId, kid) {
+        return await this.findOneBy({ sourceId, kid });
+    }
+    async findAllByKid(kid) {
+        return await this.findBy({ kid });
+    }
+};
+exports.TrustedKeyRepository = TrustedKeyRepository;
+exports.TrustedKeyRepository = TrustedKeyRepository = __decorate([
+    (0, di_1.Service)(),
+    __metadata("design:paramtypes", [typeorm_1.DataSource])
+], TrustedKeyRepository);
+//# sourceMappingURL=trusted-key.repository.js.map