n8n 2.17.3 → 2.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/active-workflow-manager.d.ts +3 -1
- package/dist/active-workflow-manager.js +7 -4
- package/dist/active-workflow-manager.js.map +1 -1
- package/dist/build.tsbuildinfo +1 -1
- package/dist/commands/start.js +5 -0
- package/dist/commands/start.js.map +1 -1
- package/dist/commands/webhook.js +7 -1
- package/dist/commands/webhook.js.map +1 -1
- package/dist/commands/worker.js +7 -1
- package/dist/commands/worker.js.map +1 -1
- package/dist/controllers/mfa.controller.d.ts +3 -1
- package/dist/controllers/mfa.controller.js +9 -2
- package/dist/controllers/mfa.controller.js.map +1 -1
- package/dist/controllers/security-settings.controller.d.ts +4 -1
- package/dist/controllers/security-settings.controller.js +10 -2
- package/dist/controllers/security-settings.controller.js.map +1 -1
- package/dist/credentials/credentials.controller.js +8 -11
- package/dist/credentials/credentials.controller.js.map +1 -1
- package/dist/credentials/credentials.service.d.ts +3 -0
- package/dist/credentials/credentials.service.js +39 -0
- package/dist/credentials/credentials.service.js.map +1 -1
- package/dist/errors/credential-not-found.error.d.ts +1 -1
- package/dist/errors/credential-not-found.error.js +3 -1
- package/dist/errors/credential-not-found.error.js.map +1 -1
- package/dist/errors/response-errors/workflow-activation-bad-request.error.d.ts +13 -0
- package/dist/errors/response-errors/workflow-activation-bad-request.error.js +13 -0
- package/dist/errors/response-errors/workflow-activation-bad-request.error.js.map +1 -0
- package/dist/errors/response-errors/workflow-validation.error.d.ts +2 -2
- package/dist/errors/response-errors/workflow-validation.error.js +2 -2
- package/dist/errors/response-errors/workflow-validation.error.js.map +1 -1
- package/dist/eventbus/event-message-classes/index.d.ts +2 -2
- package/dist/eventbus/event-message-classes/index.js +1 -0
- package/dist/eventbus/event-message-classes/index.js.map +1 -1
- package/dist/events/maps/relay.event-map.d.ts +19 -1
- package/dist/events/relays/log-streaming.event-relay.d.ts +1 -0
- package/dist/events/relays/log-streaming.event-relay.js +7 -0
- package/dist/events/relays/log-streaming.event-relay.js.map +1 -1
- package/dist/events/relays/telemetry.event-relay.d.ts +2 -0
- package/dist/events/relays/telemetry.event-relay.js +23 -2
- package/dist/events/relays/telemetry.event-relay.js.map +1 -1
- package/dist/instance-settings-loader/instance-bootstrapping.error.d.ts +3 -0
- package/dist/instance-settings-loader/instance-bootstrapping.error.js +8 -0
- package/dist/instance-settings-loader/instance-bootstrapping.error.js.map +1 -0
- package/dist/instance-settings-loader/instance-settings-loader.service.d.ts +5 -1
- package/dist/instance-settings-loader/instance-settings-loader.service.js +10 -2
- package/dist/instance-settings-loader/instance-settings-loader.service.js.map +1 -1
- package/dist/instance-settings-loader/loaders/oidc.instance-settings-loader.d.ts +13 -0
- package/dist/instance-settings-loader/loaders/oidc.instance-settings-loader.js +116 -0
- package/dist/instance-settings-loader/loaders/oidc.instance-settings-loader.js.map +1 -0
- package/dist/instance-settings-loader/loaders/owner.instance-settings-loader.js +4 -6
- package/dist/instance-settings-loader/loaders/owner.instance-settings-loader.js.map +1 -1
- package/dist/instance-settings-loader/loaders/security-policy.instance-settings-loader.d.ts +12 -0
- package/dist/instance-settings-loader/loaders/security-policy.instance-settings-loader.js +48 -0
- package/dist/instance-settings-loader/loaders/security-policy.instance-settings-loader.js.map +1 -0
- package/dist/metrics/prometheus-metrics.service.d.ts +2 -0
- package/dist/metrics/prometheus-metrics.service.js +61 -0
- package/dist/metrics/prometheus-metrics.service.js.map +1 -1
- package/dist/modules/chat-hub/chat-hub-extractor.d.ts +2 -2
- package/dist/modules/community-packages/community-node-types.service.d.ts +1 -1
- package/dist/modules/community-packages/community-node-types.service.js +4 -1
- package/dist/modules/community-packages/community-node-types.service.js.map +1 -1
- package/dist/modules/community-packages/community-packages.config.d.ts +1 -0
- package/dist/modules/community-packages/community-packages.config.js +5 -0
- package/dist/modules/community-packages/community-packages.config.js.map +1 -1
- package/dist/modules/community-packages/community-packages.lifecycle.service.d.ts +4 -1
- package/dist/modules/community-packages/community-packages.lifecycle.service.js +42 -22
- package/dist/modules/community-packages/community-packages.lifecycle.service.js.map +1 -1
- package/dist/modules/community-packages/community-packages.service.d.ts +2 -1
- package/dist/modules/community-packages/community-packages.service.js +25 -19
- package/dist/modules/community-packages/community-packages.service.js.map +1 -1
- package/dist/modules/community-packages/npm-utils.d.ts +10 -2
- package/dist/modules/community-packages/npm-utils.js +63 -26
- package/dist/modules/community-packages/npm-utils.js.map +1 -1
- package/dist/modules/data-table/data-table.service.d.ts +3 -1
- package/dist/modules/data-table/data-table.service.js +10 -2
- package/dist/modules/data-table/data-table.service.js.map +1 -1
- package/dist/modules/encryption-key-manager/encryption-key-manager.module.d.ts +4 -0
- package/dist/modules/encryption-key-manager/encryption-key-manager.module.js +53 -0
- package/dist/modules/encryption-key-manager/encryption-key-manager.module.js.map +1 -0
- package/dist/modules/encryption-key-manager/key-manager.service.d.ts +19 -0
- package/dist/modules/encryption-key-manager/key-manager.service.js +75 -0
- package/dist/modules/encryption-key-manager/key-manager.service.js.map +1 -0
- package/dist/modules/external-secrets.ee/providers/azure-key-vault/azure-key-vault.d.ts +1 -1
- package/dist/modules/external-secrets.ee/providers/azure-key-vault/azure-key-vault.js +27 -9
- package/dist/modules/external-secrets.ee/providers/azure-key-vault/azure-key-vault.js.map +1 -1
- package/dist/modules/favorites/database/entities/user-favorite.entity.d.ts +9 -0
- package/dist/modules/favorites/database/entities/user-favorite.entity.js +43 -0
- package/dist/modules/favorites/database/entities/user-favorite.entity.js.map +1 -0
- package/dist/modules/favorites/database/repositories/user-favorite.repository.d.ts +9 -0
- package/dist/modules/favorites/database/repositories/user-favorite.repository.js +40 -0
- package/dist/modules/favorites/database/repositories/user-favorite.repository.js.map +1 -0
- package/dist/modules/favorites/dto/add-favorite.dto.d.ts +11 -0
- package/dist/modules/favorites/dto/add-favorite.dto.js +12 -0
- package/dist/modules/favorites/dto/add-favorite.dto.js.map +1 -0
- package/dist/modules/favorites/favorites.controller.d.ts +13 -0
- package/dist/modules/favorites/favorites.controller.js +68 -0
- package/dist/modules/favorites/favorites.controller.js.map +1 -0
- package/dist/modules/favorites/favorites.event-relay.d.ts +9 -0
- package/dist/modules/favorites/favorites.event-relay.js +40 -0
- package/dist/modules/favorites/favorites.event-relay.js.map +1 -0
- package/dist/modules/favorites/favorites.module.d.ts +5 -0
- package/dist/modules/favorites/favorites.module.js +60 -0
- package/dist/modules/favorites/favorites.module.js.map +1 -0
- package/dist/modules/favorites/favorites.service.d.ts +23 -0
- package/dist/modules/favorites/favorites.service.js +176 -0
- package/dist/modules/favorites/favorites.service.js.map +1 -0
- package/dist/modules/insights/database/entities/insights-shared.d.ts +1 -1
- package/dist/modules/instance-ai/filesystem/local-gateway-registry.d.ts +1 -0
- package/dist/modules/instance-ai/filesystem/local-gateway-registry.js +5 -0
- package/dist/modules/instance-ai/filesystem/local-gateway-registry.js.map +1 -1
- package/dist/modules/instance-ai/instance-ai-settings.service.d.ts +6 -2
- package/dist/modules/instance-ai/instance-ai-settings.service.js +36 -10
- package/dist/modules/instance-ai/instance-ai-settings.service.js.map +1 -1
- package/dist/modules/instance-ai/instance-ai-test.controller.d.ts +26 -0
- package/dist/modules/instance-ai/instance-ai-test.controller.js +102 -0
- package/dist/modules/instance-ai/instance-ai-test.controller.js.map +1 -0
- package/dist/modules/instance-ai/instance-ai.adapter.service.js +17 -11
- package/dist/modules/instance-ai/instance-ai.adapter.service.js.map +1 -1
- package/dist/modules/instance-ai/instance-ai.controller.d.ts +8 -6
- package/dist/modules/instance-ai/instance-ai.controller.js +45 -22
- package/dist/modules/instance-ai/instance-ai.controller.js.map +1 -1
- package/dist/modules/instance-ai/instance-ai.module.d.ts +1 -0
- package/dist/modules/instance-ai/instance-ai.module.js +6 -0
- package/dist/modules/instance-ai/instance-ai.module.js.map +1 -1
- package/dist/modules/instance-ai/instance-ai.service.d.ts +9 -0
- package/dist/modules/instance-ai/instance-ai.service.js +81 -4
- package/dist/modules/instance-ai/instance-ai.service.js.map +1 -1
- package/dist/modules/instance-ai/trace-replay-state.d.ts +19 -0
- package/dist/modules/instance-ai/trace-replay-state.js +105 -0
- package/dist/modules/instance-ai/trace-replay-state.js.map +1 -0
- package/dist/modules/instance-registry/instance-registry.controller.d.ts +7 -0
- package/dist/modules/instance-registry/instance-registry.controller.js +39 -0
- package/dist/modules/instance-registry/instance-registry.controller.js.map +1 -0
- package/dist/modules/instance-registry/instance-registry.module.d.ts +1 -0
- package/dist/modules/instance-registry/instance-registry.module.js +60 -3
- package/dist/modules/instance-registry/instance-registry.module.js.map +1 -1
- package/dist/modules/instance-registry/instance-registry.service.d.ts +26 -0
- package/dist/modules/instance-registry/instance-registry.service.js +158 -0
- package/dist/modules/instance-registry/instance-registry.service.js.map +1 -0
- package/dist/modules/instance-registry/stale-member-cleanup.service.d.ts +16 -0
- package/dist/modules/instance-registry/stale-member-cleanup.service.js +81 -0
- package/dist/modules/instance-registry/stale-member-cleanup.service.js.map +1 -0
- package/dist/modules/instance-registry/storage/lua-scripts.d.ts +2 -2
- package/dist/modules/instance-registry/storage/lua-scripts.js +23 -9
- package/dist/modules/instance-registry/storage/lua-scripts.js.map +1 -1
- package/dist/modules/instance-registry/storage/redis-instance-storage.js +12 -12
- package/dist/modules/instance-registry/storage/redis-instance-storage.js.map +1 -1
- package/dist/modules/mcp/mcp-oauth-service.js +15 -8
- package/dist/modules/mcp/mcp-oauth-service.js.map +1 -1
- package/dist/modules/mcp/mcp.service.js +1 -1
- package/dist/modules/mcp/mcp.service.js.map +1 -1
- package/dist/modules/mcp/tools/publish-workflow.tool.js +1 -0
- package/dist/modules/mcp/tools/publish-workflow.tool.js.map +1 -1
- package/dist/modules/mcp/tools/unpublish-workflow.tool.js +3 -1
- package/dist/modules/mcp/tools/unpublish-workflow.tool.js.map +1 -1
- package/dist/modules/mcp/tools/workflow-builder/create-workflow-from-code.tool.d.ts +2 -1
- package/dist/modules/mcp/tools/workflow-builder/create-workflow-from-code.tool.js +49 -5
- package/dist/modules/mcp/tools/workflow-builder/create-workflow-from-code.tool.js.map +1 -1
- package/dist/modules/mcp/tools/workflow-builder/update-workflow.tool.js +10 -3
- package/dist/modules/mcp/tools/workflow-builder/update-workflow.tool.js.map +1 -1
- package/dist/modules/mcp/tools/workflow-builder/validate-workflow-code.tool.js +7 -0
- package/dist/modules/mcp/tools/workflow-builder/validate-workflow-code.tool.js.map +1 -1
- package/dist/modules/mcp/tools/workflow-validation.utils.d.ts +1 -0
- package/dist/modules/mcp/tools/workflow-validation.utils.js +9 -0
- package/dist/modules/mcp/tools/workflow-validation.utils.js.map +1 -1
- package/dist/modules/otel/handlers/workflow-start.handler.js +1 -0
- package/dist/modules/otel/handlers/workflow-start.handler.js.map +1 -1
- package/dist/modules/otel/otel.constants.d.ts +1 -0
- package/dist/modules/otel/otel.constants.js +1 -0
- package/dist/modules/otel/otel.constants.js.map +1 -1
- package/dist/modules/provisioning.ee/provisioning.controller.ee.d.ts +3 -1
- package/dist/modules/provisioning.ee/provisioning.controller.ee.js +9 -2
- package/dist/modules/provisioning.ee/provisioning.controller.ee.js.map +1 -1
- package/dist/modules/source-control.ee/source-control-git.service.ee.d.ts +4 -1
- package/dist/modules/source-control.ee/source-control-git.service.ee.js +38 -5
- package/dist/modules/source-control.ee/source-control-git.service.ee.js.map +1 -1
- package/dist/modules/source-control.ee/source-control-import.service.ee.js +56 -34
- package/dist/modules/source-control.ee/source-control-import.service.ee.js.map +1 -1
- package/dist/modules/source-control.ee/source-control-status.service.ee.d.ts +1 -0
- package/dist/modules/source-control.ee/source-control-status.service.ee.js +55 -5
- package/dist/modules/source-control.ee/source-control-status.service.ee.js.map +1 -1
- package/dist/modules/sso-oidc/oidc.controller.ee.d.ts +3 -1
- package/dist/modules/sso-oidc/oidc.controller.ee.js +8 -2
- package/dist/modules/sso-oidc/oidc.controller.ee.js.map +1 -1
- package/dist/modules/token-exchange/controllers/embed-auth.controller.js +26 -13
- package/dist/modules/token-exchange/controllers/embed-auth.controller.js.map +1 -1
- package/dist/modules/token-exchange/controllers/token-exchange.controller.js +10 -4
- package/dist/modules/token-exchange/controllers/token-exchange.controller.js.map +1 -1
- package/dist/modules/token-exchange/services/identity-resolution.service.js +7 -6
- package/dist/modules/token-exchange/services/identity-resolution.service.js.map +1 -1
- package/dist/modules/token-exchange/services/token-exchange.service.js +11 -12
- package/dist/modules/token-exchange/services/token-exchange.service.js.map +1 -1
- package/dist/modules/token-exchange/token-exchange.errors.d.ts +11 -0
- package/dist/modules/token-exchange/token-exchange.errors.js +20 -0
- package/dist/modules/token-exchange/token-exchange.errors.js.map +1 -0
- package/dist/modules/token-exchange/token-exchange.schemas.d.ts +6 -6
- package/dist/modules/token-exchange/token-exchange.types.d.ts +15 -0
- package/dist/modules/token-exchange/token-exchange.types.js +15 -1
- package/dist/modules/token-exchange/token-exchange.types.js.map +1 -1
- package/dist/public-api/types.d.ts +8 -2
- package/dist/public-api/v1/handlers/community-packages/community-packages.handler.d.ts +1 -0
- package/dist/public-api/v1/handlers/community-packages/community-packages.handler.js +2 -1
- package/dist/public-api/v1/handlers/community-packages/community-packages.handler.js.map +1 -1
- package/dist/public-api/v1/handlers/credentials/credentials.handler.d.ts +20 -1
- package/dist/public-api/v1/handlers/credentials/credentials.handler.js +55 -27
- package/dist/public-api/v1/handlers/credentials/credentials.handler.js.map +1 -1
- package/dist/public-api/v1/handlers/credentials/credentials.mapper.d.ts +6 -0
- package/dist/public-api/v1/handlers/credentials/credentials.mapper.js +19 -0
- package/dist/public-api/v1/handlers/credentials/credentials.mapper.js.map +1 -0
- package/dist/public-api/v1/handlers/credentials/credentials.service.d.ts +3 -2
- package/dist/public-api/v1/handlers/credentials/credentials.service.js +2 -6
- package/dist/public-api/v1/handlers/credentials/credentials.service.js.map +1 -1
- package/dist/public-api/v1/handlers/data-tables/data-tables.handler.js +23 -41
- package/dist/public-api/v1/handlers/data-tables/data-tables.handler.js.map +1 -1
- package/dist/public-api/v1/handlers/data-tables/data-tables.service.d.ts +5 -0
- package/dist/public-api/v1/handlers/data-tables/data-tables.service.js +57 -0
- package/dist/public-api/v1/handlers/data-tables/data-tables.service.js.map +1 -0
- package/dist/public-api/v1/handlers/workflows/workflows.handler.js +8 -2
- package/dist/public-api/v1/handlers/workflows/workflows.handler.js.map +1 -1
- package/dist/public-api/v1/handlers/workflows/workflows.service.js +1 -0
- package/dist/public-api/v1/handlers/workflows/workflows.service.js.map +1 -1
- package/dist/public-api/v1/openapi.yml +102 -11
- package/dist/scaling/pubsub/pubsub.event-map.d.ts +2 -0
- package/dist/services/dynamic-node-parameters.service.d.ts +4 -1
- package/dist/services/dynamic-node-parameters.service.js +29 -14
- package/dist/services/dynamic-node-parameters.service.js.map +1 -1
- package/dist/services/folder.service.d.ts +3 -1
- package/dist/services/folder.service.js +8 -4
- package/dist/services/folder.service.js.map +1 -1
- package/dist/services/frontend.service.js +1 -0
- package/dist/services/frontend.service.js.map +1 -1
- package/dist/services/jwt.service.d.ts +13 -1
- package/dist/services/jwt.service.js +21 -1
- package/dist/services/jwt.service.js.map +1 -1
- package/dist/services/project.service.ee.js +3 -1
- package/dist/services/project.service.ee.js.map +1 -1
- package/dist/wait-tracker.d.ts +2 -6
- package/dist/wait-tracker.js +63 -94
- package/dist/wait-tracker.js.map +1 -1
- package/dist/workflows/utils.d.ts +2 -0
- package/dist/workflows/utils.js +18 -0
- package/dist/workflows/utils.js.map +1 -0
- package/dist/workflows/workflow-creation.service.d.ts +2 -0
- package/dist/workflows/workflow-creation.service.js +2 -1
- package/dist/workflows/workflow-creation.service.js.map +1 -1
- package/dist/workflows/workflow.service.d.ts +5 -2
- package/dist/workflows/workflow.service.js +26 -11
- package/dist/workflows/workflow.service.js.map +1 -1
- package/package.json +24 -24
- package/dist/services/db-clock.service.d.ts +0 -10
- package/dist/services/db-clock.service.js +0 -48
- package/dist/services/db-clock.service.js.map +0 -1
|
@@ -21,17 +21,19 @@ const decorators_1 = require("@n8n/decorators");
|
|
|
21
21
|
const auth_service_1 = require("../../auth/auth.service");
|
|
22
22
|
const constants_2 = require("../../constants");
|
|
23
23
|
const bad_request_error_1 = require("../../errors/response-errors/bad-request.error");
|
|
24
|
+
const oidc_instance_settings_loader_1 = require("../../instance-settings-loader/loaders/oidc.instance-settings-loader");
|
|
24
25
|
const url_service_1 = require("../../services/url.service");
|
|
25
26
|
const constants_3 = require("./constants");
|
|
26
27
|
const oidc_service_ee_1 = require("./oidc.service.ee");
|
|
27
28
|
const oidc_test_result_1 = require("./views/oidc-test-result");
|
|
28
29
|
let OidcController = class OidcController {
|
|
29
|
-
constructor(oidcService, authService, urlService, globalConfig, logger) {
|
|
30
|
+
constructor(oidcService, authService, urlService, globalConfig, logger, oidcSettingsLoader) {
|
|
30
31
|
this.oidcService = oidcService;
|
|
31
32
|
this.authService = authService;
|
|
32
33
|
this.urlService = urlService;
|
|
33
34
|
this.globalConfig = globalConfig;
|
|
34
35
|
this.logger = logger;
|
|
36
|
+
this.oidcSettingsLoader = oidcSettingsLoader;
|
|
35
37
|
}
|
|
36
38
|
async retrieveConfiguration(_req) {
|
|
37
39
|
const config = await this.oidcService.loadConfig();
|
|
@@ -41,6 +43,9 @@ let OidcController = class OidcController {
|
|
|
41
43
|
return config;
|
|
42
44
|
}
|
|
43
45
|
async saveConfiguration(_req, _res, payload) {
|
|
46
|
+
if (this.oidcSettingsLoader.isConfiguredByEnv()) {
|
|
47
|
+
throw new bad_request_error_1.BadRequestError('OIDC configuration is managed via environment variables and cannot be modified through the UI');
|
|
48
|
+
}
|
|
44
49
|
await this.oidcService.updateConfig(payload);
|
|
45
50
|
const config = this.oidcService.getRedactedConfig();
|
|
46
51
|
return config;
|
|
@@ -155,6 +160,7 @@ exports.OidcController = OidcController = __decorate([
|
|
|
155
160
|
auth_service_1.AuthService,
|
|
156
161
|
url_service_1.UrlService,
|
|
157
162
|
config_1.GlobalConfig,
|
|
158
|
-
backend_common_1.Logger
|
|
163
|
+
backend_common_1.Logger,
|
|
164
|
+
oidc_instance_settings_loader_1.OidcInstanceSettingsLoader])
|
|
159
165
|
], OidcController);
|
|
160
166
|
//# sourceMappingURL=oidc.controller.ee.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidc.controller.ee.js","sourceRoot":"","sources":["../../../src/modules/sso-oidc/oidc.controller.ee.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,8CAA+C;AAC/C,wDAA6C;AAC7C,wCAA2C;AAC3C,8CAAsC;AAEtC,gDAAyF;AAGzF,sDAAkD;AAClD,2CAA6E;AAC7E,kFAA6E;
|
|
1
|
+
{"version":3,"file":"oidc.controller.ee.js","sourceRoot":"","sources":["../../../src/modules/sso-oidc/oidc.controller.ee.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,8CAA+C;AAC/C,wDAA6C;AAC7C,wCAA2C;AAC3C,8CAAsC;AAEtC,gDAAyF;AAGzF,sDAAkD;AAClD,2CAA6E;AAC7E,kFAA6E;AAC7E,oHAA8G;AAE9G,wDAAoD;AAEpD,2CAAgE;AAChE,uDAAgD;AAChD,+DAAwF;AAGjF,IAAM,cAAc,GAApB,MAAM,cAAc;IAC1B,YACkB,WAAwB,EACxB,WAAwB,EACxB,UAAsB,EACtB,YAA0B,EAC1B,MAAc,EACd,kBAA8C;QAL9C,gBAAW,GAAX,WAAW,CAAa;QACxB,gBAAW,GAAX,WAAW,CAAa;QACxB,eAAU,GAAV,UAAU,CAAY;QACtB,iBAAY,GAAZ,YAAY,CAAc;QAC1B,WAAM,GAAN,MAAM,CAAQ;QACd,uBAAkB,GAAlB,kBAAkB,CAA4B;IAC7D,CAAC;IAKE,AAAN,KAAK,CAAC,qBAAqB,CAAC,IAA0B;QACrD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC;QACnD,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;YACzB,MAAM,CAAC,YAAY,GAAG,6CAAiC,CAAC;QACzD,CAAC;QACD,OAAO,MAAM,CAAC;IACf,CAAC;IAKK,AAAN,KAAK,CAAC,iBAAiB,CACtB,IAA0B,EAC1B,IAAc,EACR,OAAsB;QAE5B,IAAI,IAAI,CAAC,kBAAkB,CAAC,iBAAiB,EAAE,EAAE,CAAC;YACjD,MAAM,IAAI,mCAAe,CACxB,+FAA+F,CAC/F,CAAC;QACH,CAAC;QACD,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,iBAAiB,EAAE,CAAC;QACpD,OAAO,MAAM,CAAC;IACf,CAAC;IAKK,AAAN,KAAK,CAAC,cAAc,CAAC,IAA0B,EAAE,GAAa;QAC7D,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,oBAAoB,EAAE,CAAC;QACpE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC;QAE3D,GAAG,CAAC,MAAM,CAAC,kCAAsB,EAAE,aAAa,CAAC,KAAK,EAAE;YACvD,MAAM,EAAE,EAAE,GAAG,gBAAI,CAAC,OAAO,CAAC,cAAc;YACxC,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,QAAQ;YAClB,MAAM;SACN,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,CAAC,kCAAsB,EAAE,aAAa,CAAC,KAAK,EAAE;YACvD,MAAM,EAAE,EAAE,GAAG,gBAAI,CAAC,OAAO,CAAC,cAAc;YACxC,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,QAAQ;YAClB,MAAM;SACN,CAAC,CAAC;QAEH,OAAO,EAAE,GAAG,EAAE,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC;IAC9C,CAAC;IAIK,AAAN,KAAK,CAAC,sBAAsB,CAAC,IAAa,EAAE,GAAa;QACxD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC;QAChE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC;QAE3D,GAAG,CAAC,MAAM,CAAC,kCAAsB,EAAE,aAAa,CAAC,KAAK,EAAE;YACvD,MAAM,EAAE,EAAE,GAAG,gBAAI,CAAC,OAAO,CAAC,cAAc;YACxC,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,QAAQ;YAClB,MAAM;SACN,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,CAAC,kCAAsB,EAAE,aAAa,CAAC,KAAK,EAAE;YACvD,MAAM,EAAE,EAAE,GAAG,gBAAI,CAAC,OAAO,CAAC,cAAc;YACxC,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,QAAQ;YAClB,MAAM;SACN,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC5C,CAAC;IAIK,AAAN,KAAK,CAAC,eAAe,CAAC,GAAoB,EAAE,GAAa;QACxD,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,kBAAkB,EAAE,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QAC5E,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,kCAAsB,CAAC,CAAC;QAElD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC/B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;YACtC,MAAM,IAAI,mCAAe,CAAC,eAAe,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,kCAAsB,CAAC,CAAC;QAElD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC/B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;YACtC,MAAM,IAAI,mCAAe,CAAC,eAAe,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAEtD,GAAG,CAAC,WAAW,CAAC,kCAAsB,CAAC,CAAC;QACxC,GAAG,CAAC,WAAW,CAAC,kCAAsB,CAAC,CAAC;QAExC,IAAI,SAAS,CAAC,QAAQ,EAAE,CAAC;YACxB,IAAI,CAAC;gBACJ,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,WAAW,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;gBACrF,OAAO,GAAG,CAAC,IAAI,CAAC,IAAA,wCAAqB,EAAC,MAAM,CAAC,CAAC,CAAC;YAChD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBAChB,OAAO,GAAG,CAAC,IAAI,CAAC,IAAA,wCAAqB,EAAC,KAAK,CAAC,CAAC,CAAC;YAC/C,CAAC;QACF,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,WAAW,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;QAEzE,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;QAE7D,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;CACD,CAAA;AA1HY,wCAAc;AAapB;IAHL,IAAA,gBAAG,EAAC,SAAS,CAAC;IACd,IAAA,qBAAQ,EAAC,WAAW,CAAC;IACrB,IAAA,wBAAW,EAAC,aAAa,CAAC;;;;2DAO1B;AAKK;IAHL,IAAA,iBAAI,EAAC,SAAS,CAAC;IACf,IAAA,qBAAQ,EAAC,WAAW,CAAC;IACrB,IAAA,wBAAW,EAAC,aAAa,CAAC;IAIzB,WAAA,iBAAI,CAAA;;qDAAU,yBAAa;;uDAU5B;AAKK;IAHL,IAAA,iBAAI,EAAC,cAAc,CAAC;IACpB,IAAA,qBAAQ,EAAC,WAAW,CAAC;IACrB,IAAA,wBAAW,EAAC,aAAa,CAAC;;;;oDAmB1B;AAIK;IAFL,IAAA,gBAAG,EAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IACjC,IAAA,qBAAQ,EAAC,WAAW,CAAC;;;;4DAkBrB;AAIK;IAFL,IAAA,gBAAG,EAAC,WAAW,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IACzD,IAAA,qBAAQ,EAAC,WAAW,CAAC;;;;qDAqCrB;yBAzHW,cAAc;IAD1B,IAAA,2BAAc,EAAC,WAAW,CAAC;qCAGI,6BAAW;QACX,0BAAW;QACZ,wBAAU;QACR,qBAAY;QAClB,uBAAM;QACM,0DAA0B;GAPpD,cAAc,CA0H1B"}
|
|
@@ -22,6 +22,8 @@ const url_service_1 = require("../../../services/url.service");
|
|
|
22
22
|
const validate_redirect_url_1 = require("../../../utils/validate-redirect-url");
|
|
23
23
|
const token_exchange_service_1 = require("../services/token-exchange.service");
|
|
24
24
|
const token_exchange_config_1 = require("../token-exchange.config");
|
|
25
|
+
const token_exchange_errors_1 = require("../token-exchange.errors");
|
|
26
|
+
const token_exchange_types_1 = require("../token-exchange.types");
|
|
25
27
|
const di_1 = require("@n8n/di");
|
|
26
28
|
const configService = di_1.Container.get(token_exchange_config_1.TokenExchangeConfig);
|
|
27
29
|
let EmbedAuthController = class EmbedAuthController {
|
|
@@ -53,19 +55,30 @@ let EmbedAuthController = class EmbedAuthController {
|
|
|
53
55
|
return await this.handleLogin(body.token, req, res, body.redirectTo);
|
|
54
56
|
}
|
|
55
57
|
async handleLogin(subjectToken, req, res, redirect) {
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
58
|
+
try {
|
|
59
|
+
const { user, subject, issuer, kid } = await this.tokenExchangeService.embedLogin(subjectToken);
|
|
60
|
+
this.authService.issueCookie(res, user, true, req.browserId, true, {
|
|
61
|
+
sameSite: 'none',
|
|
62
|
+
secure: true,
|
|
63
|
+
});
|
|
64
|
+
this.eventService.emit('embed-login', {
|
|
65
|
+
subject,
|
|
66
|
+
issuer,
|
|
67
|
+
kid,
|
|
68
|
+
clientIp: req.ip ?? 'unknown',
|
|
69
|
+
});
|
|
70
|
+
const safePath = (0, validate_redirect_url_1.validateRedirectUrl)(redirect ?? '');
|
|
71
|
+
res.redirect(this.urlService.getInstanceBaseUrl() + safePath);
|
|
72
|
+
}
|
|
73
|
+
catch (error) {
|
|
74
|
+
this.eventService.emit('embed-login-failed', {
|
|
75
|
+
failureReason: error instanceof token_exchange_errors_1.TokenExchangeAuthError || error instanceof token_exchange_errors_1.TokenExchangeRequestError
|
|
76
|
+
? error.reason
|
|
77
|
+
: token_exchange_types_1.TokenExchangeFailureReason.InternalError,
|
|
78
|
+
clientIp: req.ip ?? 'unknown',
|
|
79
|
+
});
|
|
80
|
+
throw error;
|
|
81
|
+
}
|
|
69
82
|
}
|
|
70
83
|
};
|
|
71
84
|
exports.EmbedAuthController = EmbedAuthController;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"embed-auth.controller.js","sourceRoot":"","sources":["../../../../src/modules/token-exchange/controllers/embed-auth.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,8CAAuE;AACvE,8CAAsC;AACtC,gDAAyE;AAGzE,sDAAkD;AAClD,0DAAsD;AAEtD,wDAAoD;AACpD,yEAAoE;AAEpE,+EAA0E;AAC1E,oEAA+D;AAC/D,gCAAoC;AAEpC,MAAM,aAAa,GAAG,cAAS,CAAC,GAAG,CAAC,2CAAmB,CAAC,CAAC;AAGlD,IAAM,mBAAmB,GAAzB,MAAM,mBAAmB;IAC/B,YACkB,MAA2B,EAC3B,oBAA0C,EAC1C,WAAwB,EACxB,UAAsB,EACtB,YAA0B;QAJ1B,WAAM,GAAN,MAAM,CAAqB;QAC3B,yBAAoB,GAApB,oBAAoB,CAAsB;QAC1C,gBAAW,GAAX,WAAW,CAAa;QACxB,eAAU,GAAV,UAAU,CAAY;QACtB,iBAAY,GAAZ,YAAY,CAAc;IACzC,CAAC;IASE,AAAN,KAAK,CAAC,QAAQ,CAAC,GAAoB,EAAE,GAAa,EAAS,KAAyB;QACnF,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YAC/B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,cAAc;gBACrB,iBAAiB,EAAE,6CAA6C;aAChE,CAAC,CAAC;YACH,OAAO;QACR,CAAC;QACD,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC;IACxE,CAAC;IASK,AAAN,KAAK,CAAC,SAAS,CAAC,GAAoB,EAAE,GAAa,EAAQ,IAAuB;QACjF,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YAC/B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,cAAc;gBACrB,iBAAiB,EAAE,6CAA6C;aAChE,CAAC,CAAC;YACH,OAAO;QACR,CAAC;QACD,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACtE,CAAC;IAEO,KAAK,CAAC,WAAW,CACxB,YAAoB,EACpB,GAAoB,EACpB,GAAa,EACb,QAAiB;QAEjB,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,
|
|
1
|
+
{"version":3,"file":"embed-auth.controller.js","sourceRoot":"","sources":["../../../../src/modules/token-exchange/controllers/embed-auth.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,8CAAuE;AACvE,8CAAsC;AACtC,gDAAyE;AAGzE,sDAAkD;AAClD,0DAAsD;AAEtD,wDAAoD;AACpD,yEAAoE;AAEpE,+EAA0E;AAC1E,oEAA+D;AAC/D,oEAA6F;AAC7F,kEAAqE;AACrE,gCAAoC;AAEpC,MAAM,aAAa,GAAG,cAAS,CAAC,GAAG,CAAC,2CAAmB,CAAC,CAAC;AAGlD,IAAM,mBAAmB,GAAzB,MAAM,mBAAmB;IAC/B,YACkB,MAA2B,EAC3B,oBAA0C,EAC1C,WAAwB,EACxB,UAAsB,EACtB,YAA0B;QAJ1B,WAAM,GAAN,MAAM,CAAqB;QAC3B,yBAAoB,GAApB,oBAAoB,CAAsB;QAC1C,gBAAW,GAAX,WAAW,CAAa;QACxB,eAAU,GAAV,UAAU,CAAY;QACtB,iBAAY,GAAZ,YAAY,CAAc;IACzC,CAAC;IASE,AAAN,KAAK,CAAC,QAAQ,CAAC,GAAoB,EAAE,GAAa,EAAS,KAAyB;QACnF,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YAC/B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,cAAc;gBACrB,iBAAiB,EAAE,6CAA6C;aAChE,CAAC,CAAC;YACH,OAAO;QACR,CAAC;QACD,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC;IACxE,CAAC;IASK,AAAN,KAAK,CAAC,SAAS,CAAC,GAAoB,EAAE,GAAa,EAAQ,IAAuB;QACjF,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YAC/B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,cAAc;gBACrB,iBAAiB,EAAE,6CAA6C;aAChE,CAAC,CAAC;YACH,OAAO;QACR,CAAC;QACD,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACtE,CAAC;IAEO,KAAK,CAAC,WAAW,CACxB,YAAoB,EACpB,GAAoB,EACpB,GAAa,EACb,QAAiB;QAEjB,IAAI,CAAC;YACJ,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,GACnC,MAAM,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;YAE1D,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,SAAS,EAAE,IAAI,EAAE;gBAClE,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,IAAI;aACZ,CAAC,CAAC;YAEH,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,aAAa,EAAE;gBACrC,OAAO;gBACP,MAAM;gBACN,GAAG;gBACH,QAAQ,EAAE,GAAG,CAAC,EAAE,IAAI,SAAS;aAC7B,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,IAAA,2CAAmB,EAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;YACrD,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,kBAAkB,EAAE,GAAG,QAAQ,CAAC,CAAC;QAC/D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,oBAAoB,EAAE;gBAC5C,aAAa,EACZ,KAAK,YAAY,8CAAsB,IAAI,KAAK,YAAY,iDAAyB;oBACpF,CAAC,CAAC,KAAK,CAAC,MAAM;oBACd,CAAC,CAAC,iDAA0B,CAAC,aAAa;gBAC5C,QAAQ,EAAE,GAAG,CAAC,EAAE,IAAI,SAAS;aAC7B,CAAC,CAAC;YACH,MAAM,KAAK,CAAC;QACb,CAAC;IACF,CAAC;CACD,CAAA;AAhFY,kDAAmB;AAgBzB;IAPL,IAAA,gBAAG,EAAC,GAAG,EAAE;QACT,QAAQ,EAAE,IAAI;QACd,WAAW,EAAE;YACZ,KAAK,EAAE,aAAa,CAAC,mBAAmB;YACxC,QAAQ,EAAE,CAAC,GAAG,gBAAI,CAAC,OAAO,CAAC,cAAc;SACzC;KACD,CAAC;IACmD,WAAA,kBAAK,CAAA;;qDAAQ,8BAAkB;;mDASnF;AASK;IAPL,IAAA,iBAAI,EAAC,GAAG,EAAE;QACV,QAAQ,EAAE,IAAI;QACd,WAAW,EAAE;YACZ,KAAK,EAAE,aAAa,CAAC,mBAAmB;YACxC,QAAQ,EAAE,CAAC,GAAG,gBAAI,CAAC,OAAO,CAAC,cAAc;SACzC;KACD,CAAC;IACoD,WAAA,iBAAI,CAAA;;qDAAO,6BAAiB;;oDASjF;8BA3CW,mBAAmB;IAD/B,IAAA,2BAAc,EAAC,aAAa,CAAC;qCAGH,2CAAmB;QACL,6CAAoB;QAC7B,0BAAW;QACZ,wBAAU;QACR,4BAAY;GANhC,mBAAmB,CAgF/B"}
|
|
@@ -20,7 +20,9 @@ const bad_request_error_1 = require("../../../errors/response-errors/bad-request
|
|
|
20
20
|
const event_service_1 = require("../../../events/event.service");
|
|
21
21
|
const token_exchange_service_1 = require("../services/token-exchange.service");
|
|
22
22
|
const token_exchange_config_1 = require("../token-exchange.config");
|
|
23
|
+
const token_exchange_errors_1 = require("../token-exchange.errors");
|
|
23
24
|
const token_exchange_schemas_1 = require("../token-exchange.schemas");
|
|
25
|
+
const token_exchange_types_1 = require("../token-exchange.types");
|
|
24
26
|
const configService = di_1.Container.get(token_exchange_config_1.TokenExchangeConfig);
|
|
25
27
|
let TokenExchangeController = class TokenExchangeController {
|
|
26
28
|
constructor() {
|
|
@@ -79,7 +81,9 @@ let TokenExchangeController = class TokenExchangeController {
|
|
|
79
81
|
if (error instanceof auth_error_1.AuthError) {
|
|
80
82
|
this.eventService.emit('token-exchange-failed', {
|
|
81
83
|
subject: '',
|
|
82
|
-
failureReason: error.
|
|
84
|
+
failureReason: error instanceof token_exchange_errors_1.TokenExchangeAuthError
|
|
85
|
+
? error.reason
|
|
86
|
+
: token_exchange_types_1.TokenExchangeFailureReason.Other,
|
|
83
87
|
grantType: parsed.data.grant_type,
|
|
84
88
|
clientIp,
|
|
85
89
|
});
|
|
@@ -92,7 +96,9 @@ let TokenExchangeController = class TokenExchangeController {
|
|
|
92
96
|
if (error instanceof bad_request_error_1.BadRequestError) {
|
|
93
97
|
this.eventService.emit('token-exchange-failed', {
|
|
94
98
|
subject: '',
|
|
95
|
-
failureReason: error.
|
|
99
|
+
failureReason: error instanceof token_exchange_errors_1.TokenExchangeRequestError
|
|
100
|
+
? error.reason
|
|
101
|
+
: token_exchange_types_1.TokenExchangeFailureReason.InvalidFormat,
|
|
96
102
|
grantType: parsed.data.grant_type,
|
|
97
103
|
clientIp,
|
|
98
104
|
});
|
|
@@ -105,7 +111,7 @@ let TokenExchangeController = class TokenExchangeController {
|
|
|
105
111
|
if (error instanceof zod_1.ZodError) {
|
|
106
112
|
this.eventService.emit('token-exchange-failed', {
|
|
107
113
|
subject: '',
|
|
108
|
-
failureReason:
|
|
114
|
+
failureReason: token_exchange_types_1.TokenExchangeFailureReason.InvalidClaims,
|
|
109
115
|
grantType: parsed.data.grant_type,
|
|
110
116
|
clientIp,
|
|
111
117
|
});
|
|
@@ -118,7 +124,7 @@ let TokenExchangeController = class TokenExchangeController {
|
|
|
118
124
|
this.errorReporter.error(error instanceof Error ? error : new Error(String(error)));
|
|
119
125
|
this.eventService.emit('token-exchange-failed', {
|
|
120
126
|
subject: '',
|
|
121
|
-
failureReason:
|
|
127
|
+
failureReason: token_exchange_types_1.TokenExchangeFailureReason.InternalError,
|
|
122
128
|
grantType: parsed.data.grant_type,
|
|
123
129
|
clientIp,
|
|
124
130
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token-exchange.controller.js","sourceRoot":"","sources":["../../../../src/modules/token-exchange/controllers/token-exchange.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAsC;AACtC,gDAAuD;AACvD,gCAAoC;AAEpC,uCAAyC;AACzC,6BAAkC;AAElC,oEAAgE;AAChE,kFAA6E;AAC7E,0DAAsD;AAGtD,+EAA0E;AAC1E,oEAA+D;AAC/D,sEAAkG;
|
|
1
|
+
{"version":3,"file":"token-exchange.controller.js","sourceRoot":"","sources":["../../../../src/modules/token-exchange/controllers/token-exchange.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAsC;AACtC,gDAAuD;AACvD,gCAAoC;AAEpC,uCAAyC;AACzC,6BAAkC;AAElC,oEAAgE;AAChE,kFAA6E;AAC7E,0DAAsD;AAGtD,+EAA0E;AAC1E,oEAA+D;AAC/D,oEAA6F;AAC7F,sEAAkG;AAClG,kEAAqE;AAErE,MAAM,aAAa,GAAG,cAAS,CAAC,GAAG,CAAC,2CAAmB,CAAC,CAAC;AAGlD,IAAM,uBAAuB,GAA7B,MAAM,uBAAuB;IAA7B;QACW,WAAM,GAAG,cAAS,CAAC,GAAG,CAAC,2CAAmB,CAAC,CAAC;QAE5C,kBAAa,GAAG,cAAS,CAAC,GAAG,CAAC,wBAAa,CAAC,CAAC;QAE7C,iBAAY,GAAG,cAAS,CAAC,GAAG,CAAC,4BAAY,CAAC,CAAC;QAE3C,yBAAoB,GAAG,cAAS,CAAC,GAAG,CAAC,6CAAoB,CAAC,CAAC;IAmI7E,CAAC;IArHM,AAAN,KAAK,CAAC,aAAa,CAAC,GAAoB,EAAE,GAAa;QACtD,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YAC1B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,cAAc;gBACrB,iBAAiB,EAAE,gDAAgD;aACnE,CAAC,CAAC;YACH,OAAO;QACR,CAAC;QAED,MAAM,QAAQ,GAAG,GAAG,CAAC,EAAE,IAAI,SAAS,CAAC;QAIrC,MAAM,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,OAAC;aAC/B,MAAM,CAAC,EAAE,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC;aAC7C,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACtB,IAAI,aAAa,EAAE,UAAU,KAAK,kDAAyB,EAAE,CAAC;YAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,wBAAwB;gBAC/B,iBAAiB,EAAE,uBAAuB,kDAAyB,GAAG;aACtE,CAAC,CAAC;YACH,OAAO;QACR,CAAC;QAGD,MAAM,MAAM,GAAG,mDAA0B,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC9D,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACrB,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAC1C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,iBAAiB;gBACxB,iBAAiB,EAAE,UAAU,EAAE,OAAO,IAAI,4BAA4B;aACtE,CAAC,CAAC;YACH,OAAO;QACR,CAAC;QAGD,IAAI,CAAC;YACJ,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAErE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,0BAA0B,EAAE;gBAClD,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK;gBACzB,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ;gBAC9B,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU;gBACjC,QAAQ;gBACR,MAAM,EAAE,MAAM,CAAC,MAAM;aACrB,CAAC,CAAC;YAEH,GAAG,CAAC,IAAI,CAAC;gBACR,YAAY,EAAE,MAAM,CAAC,WAAW;gBAChC,UAAU,EAAE,QAAQ;gBACpB,UAAU,EAAE,MAAM,CAAC,SAAS;gBAC5B,iBAAiB,EAAE,+CAA+C;aAClE,CAAC,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,KAAK,YAAY,sBAAS,EAAE,CAAC;gBAChC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,uBAAuB,EAAE;oBAC/C,OAAO,EAAE,EAAE;oBACX,aAAa,EACZ,KAAK,YAAY,8CAAsB;wBACtC,CAAC,CAAC,KAAK,CAAC,MAAM;wBACd,CAAC,CAAC,iDAA0B,CAAC,KAAK;oBACpC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU;oBACjC,QAAQ;iBACR,CAAC,CAAC;gBACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACpB,KAAK,EAAE,eAAe;oBACtB,iBAAiB,EAAE,uBAAuB;iBAC1C,CAAC,CAAC;gBACH,OAAO;YACR,CAAC;YAED,IAAI,KAAK,YAAY,mCAAe,EAAE,CAAC;gBACtC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,uBAAuB,EAAE;oBAC/C,OAAO,EAAE,EAAE;oBACX,aAAa,EACZ,KAAK,YAAY,iDAAyB;wBACzC,CAAC,CAAC,KAAK,CAAC,MAAM;wBACd,CAAC,CAAC,iDAA0B,CAAC,aAAa;oBAC5C,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU;oBACjC,QAAQ;iBACR,CAAC,CAAC;gBACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACpB,KAAK,EAAE,iBAAiB;oBACxB,iBAAiB,EAAE,KAAK,CAAC,OAAO;iBAChC,CAAC,CAAC;gBACH,OAAO;YACR,CAAC;YAED,IAAI,KAAK,YAAY,cAAQ,EAAE,CAAC;gBAC/B,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,uBAAuB,EAAE;oBAC/C,OAAO,EAAE,EAAE;oBACX,aAAa,EAAE,iDAA0B,CAAC,aAAa;oBACvD,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU;oBACjC,QAAQ;iBACR,CAAC,CAAC;gBACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACpB,KAAK,EAAE,iBAAiB;oBACxB,iBAAiB,EAAE,gCAAgC;iBACnD,CAAC,CAAC;gBACH,OAAO;YACR,CAAC;YAED,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACpF,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,uBAAuB,EAAE;gBAC/C,OAAO,EAAE,EAAE;gBACX,aAAa,EAAE,iDAA0B,CAAC,aAAa;gBACvD,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU;gBACjC,QAAQ;aACR,CAAC,CAAC;YACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACpB,KAAK,EAAE,cAAc;gBACrB,iBAAiB,EAAE,oDAAoD;aACvE,CAAC,CAAC;QACJ,CAAC;IACF,CAAC;CACD,CAAA;AA1IY,0DAAuB;AAqB7B;IAPL,IAAA,iBAAI,EAAC,QAAQ,EAAE;QACf,QAAQ,EAAE,IAAI;QACd,WAAW,EAAE;YACZ,KAAK,EAAE,aAAa,CAAC,sBAAsB;YAC3C,QAAQ,EAAE,CAAC,GAAG,gBAAI,CAAC,OAAO,CAAC,cAAc;SACzC;KACD,CAAC;;;;4DAqHD;kCAzIW,uBAAuB;IADnC,IAAA,2BAAc,EAAC,aAAa,CAAC;GACjB,uBAAuB,CA0InC"}
|
|
@@ -13,9 +13,10 @@ exports.IdentityResolutionService = void 0;
|
|
|
13
13
|
const backend_common_1 = require("@n8n/backend-common");
|
|
14
14
|
const db_1 = require("@n8n/db");
|
|
15
15
|
const di_1 = require("@n8n/di");
|
|
16
|
-
const auth_error_1 = require("../../../errors/response-errors/auth.error");
|
|
17
16
|
const event_service_1 = require("../../../events/event.service");
|
|
18
17
|
const user_service_1 = require("../../../services/user.service");
|
|
18
|
+
const token_exchange_errors_1 = require("../token-exchange.errors");
|
|
19
|
+
const token_exchange_types_1 = require("../token-exchange.types");
|
|
19
20
|
const INVALID_PASSWORD_PLACEHOLDER = '!token-exchange-no-password';
|
|
20
21
|
const MAX_NAME_LENGTH = 32;
|
|
21
22
|
function isGlobalRole(role) {
|
|
@@ -51,7 +52,7 @@ let IdentityResolutionService = class IdentityResolutionService {
|
|
|
51
52
|
}
|
|
52
53
|
}
|
|
53
54
|
if (!email) {
|
|
54
|
-
throw new
|
|
55
|
+
throw new token_exchange_errors_1.TokenExchangeAuthError(token_exchange_types_1.TokenExchangeFailureReason.InvalidClaims, 'Email claim is required for user provisioning');
|
|
55
56
|
}
|
|
56
57
|
return await this.provisionUser(claims, email, allowedRoles, tokenContext);
|
|
57
58
|
}
|
|
@@ -122,7 +123,7 @@ let IdentityResolutionService = class IdentityResolutionService {
|
|
|
122
123
|
return undefined;
|
|
123
124
|
}
|
|
124
125
|
if (allowedRoles && allowedRoles.length > 0 && !allowedRoles.includes(role)) {
|
|
125
|
-
throw new
|
|
126
|
+
throw new token_exchange_errors_1.TokenExchangeAuthError(token_exchange_types_1.TokenExchangeFailureReason.RoleNotAllowed, `Role '${role}' is not allowed for this token exchange key`);
|
|
126
127
|
}
|
|
127
128
|
return role;
|
|
128
129
|
}
|
|
@@ -131,13 +132,13 @@ let IdentityResolutionService = class IdentityResolutionService {
|
|
|
131
132
|
return undefined;
|
|
132
133
|
const role = roleClaim;
|
|
133
134
|
if (role === 'global:owner') {
|
|
134
|
-
throw new
|
|
135
|
+
throw new token_exchange_errors_1.TokenExchangeAuthError(token_exchange_types_1.TokenExchangeFailureReason.RoleNotAllowed, 'Cannot provision global:owner role via token exchange');
|
|
135
136
|
}
|
|
136
137
|
if (!isGlobalRole(role)) {
|
|
137
|
-
throw new
|
|
138
|
+
throw new token_exchange_errors_1.TokenExchangeAuthError(token_exchange_types_1.TokenExchangeFailureReason.RoleNotAllowed, `Unrecognized role '${role}' cannot be assigned to new user`);
|
|
138
139
|
}
|
|
139
140
|
if (allowedRoles && allowedRoles.length > 0 && !allowedRoles.includes(role)) {
|
|
140
|
-
throw new
|
|
141
|
+
throw new token_exchange_errors_1.TokenExchangeAuthError(token_exchange_types_1.TokenExchangeFailureReason.RoleNotAllowed, `Role '${role}' is not allowed for this token exchange key`);
|
|
141
142
|
}
|
|
142
143
|
return role;
|
|
143
144
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"identity-resolution.service.js","sourceRoot":"","sources":["../../../../src/modules/token-exchange/services/identity-resolution.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,wDAA6C;AAC7C,gCAOiB;AACjB,gCAAkC;AAElC,
|
|
1
|
+
{"version":3,"file":"identity-resolution.service.js","sourceRoot":"","sources":["../../../../src/modules/token-exchange/services/identity-resolution.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,wDAA6C;AAC7C,gCAOiB;AACjB,gCAAkC;AAElC,0DAAsD;AACtD,0DAAsD;AAEtD,oEAAkE;AAElE,kEAAqE;AAOrE,MAAM,4BAA4B,GAAG,6BAA6B,CAAC;AAGnE,MAAM,eAAe,GAAG,EAAE,CAAC;AAI3B,SAAS,YAAY,CAAC,IAAY;IACjC,OAAO,IAAI,IAAI,iBAAY,CAAC;AAC7B,CAAC;AAED,SAAS,QAAQ,CAAC,KAAyB,EAAE,QAAQ,GAAG,EAAE;IACzD,OAAO,CAAC,KAAK,IAAI,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC;AACtD,CAAC;AAGM,IAAM,yBAAyB,GAA/B,MAAM,yBAAyB;IAGrC,YACC,MAAc,EACG,cAA8B,EAC9B,sBAA8C,EAC9C,YAA0B,EAC1B,WAAwB;QAHxB,mBAAc,GAAd,cAAc,CAAgB;QAC9B,2BAAsB,GAAtB,sBAAsB,CAAwB;QAC9C,iBAAY,GAAZ,YAAY,CAAc;QAC1B,gBAAW,GAAX,WAAW,CAAa;QAEzC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IAC/C,CAAC;IAcD,KAAK,CAAC,OAAO,CACZ,MAA2B,EAC3B,YAAuB,EACvB,YAA8C;QAE9C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,EAAE,WAAW,EAAE,CAAC;QAG1C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC;YAC1D,KAAK,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,GAAG,EAAE,YAAY,EAAE,gBAAgB,EAAE;YACjE,SAAS,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;SACnC,CAAC,CAAC;QAEH,IAAI,QAAQ,EAAE,CAAC;YACd,OAAO,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;QACnF,CAAC;QAGD,IAAI,KAAK,EAAE,CAAC;YACX,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;gBACtD,KAAK,EAAE,EAAE,KAAK,EAAE;gBAChB,SAAS,EAAE,CAAC,gBAAgB,EAAE,MAAM,CAAC;aACrC,CAAC,CAAC;YAEH,IAAI,YAAY,EAAE,CAAC;gBAClB,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;YAC3F,CAAC;QACF,CAAC;QAGD,IAAI,CAAC,KAAK,EAAE,CAAC;YACZ,MAAM,IAAI,8CAAsB,CAC/B,iDAA0B,CAAC,aAAa,EACxC,+CAA+C,CAC/C,CAAC;QACH,CAAC;QAED,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;IAC5E,CAAC;IAGO,KAAK,CAAC,iBAAiB,CAC9B,MAA2B,EAC3B,QAAsB,EACtB,YAAkC,EAClC,YAAyD;QAEzD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gCAAgC,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;QACzE,MAAM,YAAY,GAAG,IAAI,CAAC,0BAA0B,CACnD,MAAM,CAAC,IAAI,EACX,YAAY,EACZ,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CACxB,CAAC;QACF,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;IAClF,CAAC;IAGO,KAAK,CAAC,cAAc,CAC3B,MAA2B,EAC3B,KAAa,EACb,YAAkB,EAClB,YAAkC,EAClC,YAAyD;QAEzD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qDAAqD,EAAE;YACxE,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,KAAK;SACL,CAAC,CAAC;QACH,MAAM,YAAY,GAAG,IAAI,CAAC,0BAA0B,CACnD,MAAM,CAAC,IAAI,EACX,YAAY,EACZ,YAAY,CAAC,IAAI,EAAE,IAAI,CACvB,CAAC;QACF,MAAM,IAAI,CAAC,sBAAsB,CAAC,IAAI,CACrC,iBAAY,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAC/D,CAAC;QACF,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gCAAgC,EAAE;YACxD,MAAM,EAAE,YAAY,CAAC,EAAE;YACvB,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,KAAK;YACL,GAAG,EAAE,YAAY,EAAE,GAAG,IAAI,EAAE;YAC5B,MAAM,EAAE,YAAY,EAAE,MAAM,IAAI,MAAM,CAAC,GAAG;SAC1C,CAAC,CAAC;QACH,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;IACjF,CAAC;IAGO,KAAK,CAAC,aAAa,CAC1B,MAA2B,EAC3B,KAAa,EACb,YAAkC,EAClC,YAAyD;QAEzD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;QAE3E,MAAM,OAAO,GAAG,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;QACtE,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,uBAAkB,CAAC;QAEpE,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;YACxE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,qBAAqB,CACxE;gBACC,KAAK;gBACL,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC;gBACtC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC;gBACtC,IAAI,EAAE,UAAU;gBAChB,QAAQ,EAAE,4BAA4B;aACtC,EACD,GAAG,CACH,CAAC;YAEF,MAAM,GAAG,CAAC,IAAI,CACb,GAAG,CAAC,MAAM,CAAC,iBAAY,EAAE;gBACxB,UAAU,EAAE,MAAM,CAAC,GAAG;gBACtB,YAAY,EAAE,gBAAgB;gBAC9B,MAAM,EAAE,OAAO,CAAC,EAAE;aAClB,CAAC,CACF,CAAC;YAEF,OAAO,OAAO,CAAC;QAChB,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,iCAAiC,EAAE;YACzD,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,KAAK;YACL,IAAI,EAAE,UAAU,CAAC,IAAI;YACrB,GAAG,EAAE,YAAY,EAAE,GAAG,IAAI,EAAE;YAC5B,MAAM,EAAE,YAAY,EAAE,MAAM,IAAI,MAAM,CAAC,GAAG;SAC1C,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC;IACb,CAAC;IAUO,0BAA0B,CACjC,SAAsC,EACtC,YAAkC,EAClC,WAA+B;QAE/B,IAAI,SAAS,KAAK,SAAS;YAAE,OAAO,SAAS,CAAC;QAG9C,IAAI,WAAW,KAAK,cAAc,EAAE,CAAC;YACpC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;YAC3D,OAAO,SAAS,CAAC;QAClB,CAAC;QAED,MAAM,IAAI,GAAG,SAAS,CAAC;QAGvB,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;YAC7B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;YACvE,OAAO,SAAS,CAAC;QAClB,CAAC;QAED,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4BAA4B,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;YACzD,OAAO,SAAS,CAAC;QAClB,CAAC;QAED,IAAI,YAAY,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7E,MAAM,IAAI,8CAAsB,CAC/B,iDAA0B,CAAC,cAAc,EACzC,SAAS,IAAI,8CAA8C,CAC3D,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACb,CAAC;IASO,qBAAqB,CAC5B,SAAsC,EACtC,YAAkC;QAElC,IAAI,SAAS,KAAK,SAAS;YAAE,OAAO,SAAS,CAAC;QAE9C,MAAM,IAAI,GAAG,SAAS,CAAC;QAEvB,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;YAC7B,MAAM,IAAI,8CAAsB,CAC/B,iDAA0B,CAAC,cAAc,EACzC,uDAAuD,CACvD,CAAC;QACH,CAAC;QAED,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,8CAAsB,CAC/B,iDAA0B,CAAC,cAAc,EACzC,sBAAsB,IAAI,kCAAkC,CAC5D,CAAC;QACH,CAAC;QAED,IAAI,YAAY,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7E,MAAM,IAAI,8CAAsB,CAC/B,iDAA0B,CAAC,cAAc,EACzC,SAAS,IAAI,8CAA8C,CAC3D,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACb,CAAC;IAOO,KAAK,CAAC,WAAW,CACxB,IAAU,EACV,MAA2B,EAC3B,YAA4B,EAC5B,YAA8C;QAE9C,IAAI,WAAW,GAAG,KAAK,CAAC;QAGxB,MAAM,cAAc,GAAkD,EAAE,CAAC;QAEzE,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YACrC,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAC5C,IAAI,OAAO,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;gBAChC,cAAc,CAAC,SAAS,GAAG,OAAO,CAAC;YACpC,CAAC;QACF,CAAC;QAED,IAAI,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YACtC,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YAC7C,IAAI,OAAO,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC/B,cAAc,CAAC,QAAQ,GAAG,OAAO,CAAC;YACnC,CAAC;QACF,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5C,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,cAAc,CAAC,CAAC;YAC1D,WAAW,GAAG,IAAI,CAAC;QACpB,CAAC;QAGD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC;QACrC,IAAI,YAAY,IAAI,YAAY,KAAK,YAAY,EAAE,CAAC;YACnD,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,IAAI,EAAE,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC,CAAC;YAC3E,WAAW,GAAG,IAAI,CAAC;YAEnB,IAAI,YAAY,EAAE,CAAC;gBAClB,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,6BAA6B,EAAE;oBACrD,MAAM,EAAE,IAAI,CAAC,EAAE;oBACf,YAAY;oBACZ,OAAO,EAAE,YAAY;oBACrB,GAAG,EAAE,YAAY,EAAE,GAAG,IAAI,EAAE;oBAC5B,MAAM,EAAE,YAAY,EAAE,MAAM,IAAI,MAAM,CAAC,GAAG;iBAC1C,CAAC,CAAC;YACJ,CAAC;QACF,CAAC;QAED,IAAI,WAAW,EAAE,CAAC;YACjB,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC;gBAC9C,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;gBACtB,SAAS,EAAE,CAAC,MAAM,CAAC;aACnB,CAAC,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC;IACb,CAAC;CACD,CAAA;AA9SY,8DAAyB;oCAAzB,yBAAyB;IADrC,IAAA,YAAO,GAAE;qCAKA,uBAAM;QACmB,mBAAc;QACN,2BAAsB;QAChC,4BAAY;QACb,0BAAW;GAR9B,yBAAyB,CA8SrC"}
|
|
@@ -17,10 +17,9 @@ const backend_common_1 = require("@n8n/backend-common");
|
|
|
17
17
|
const di_1 = require("@n8n/di");
|
|
18
18
|
const crypto_1 = require("crypto");
|
|
19
19
|
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
20
|
-
const auth_error_1 = require("../../../errors/response-errors/auth.error");
|
|
21
|
-
const bad_request_error_1 = require("../../../errors/response-errors/bad-request.error");
|
|
22
20
|
const jwt_service_1 = require("../../../services/jwt.service");
|
|
23
21
|
const token_exchange_config_1 = require("../token-exchange.config");
|
|
22
|
+
const token_exchange_errors_1 = require("../token-exchange.errors");
|
|
24
23
|
const token_exchange_schemas_1 = require("../token-exchange.schemas");
|
|
25
24
|
const token_exchange_types_1 = require("../token-exchange.types");
|
|
26
25
|
const identity_resolution_service_1 = require("./identity-resolution.service");
|
|
@@ -40,22 +39,22 @@ let TokenExchangeService = class TokenExchangeService {
|
|
|
40
39
|
async verifyToken(subjectToken, { maxLifetimeSeconds } = {}) {
|
|
41
40
|
const decoded = jsonwebtoken_1.default.decode(subjectToken, { complete: true });
|
|
42
41
|
if (!decoded || typeof decoded === 'string') {
|
|
43
|
-
throw new
|
|
42
|
+
throw new token_exchange_errors_1.TokenExchangeRequestError(token_exchange_types_1.TokenExchangeFailureReason.InvalidFormat, 'Invalid token format');
|
|
44
43
|
}
|
|
45
44
|
const { kid } = decoded.header;
|
|
46
45
|
if (!kid) {
|
|
47
|
-
throw new
|
|
46
|
+
throw new token_exchange_errors_1.TokenExchangeRequestError(token_exchange_types_1.TokenExchangeFailureReason.MissingKid, 'Token header missing kid');
|
|
48
47
|
}
|
|
49
48
|
const decodedPayload = decoded.payload;
|
|
50
49
|
const iss = typeof decodedPayload === 'object' && decodedPayload !== null
|
|
51
50
|
? decodedPayload.iss
|
|
52
51
|
: undefined;
|
|
53
52
|
if (typeof iss !== 'string' || !iss) {
|
|
54
|
-
throw new
|
|
53
|
+
throw new token_exchange_errors_1.TokenExchangeRequestError(token_exchange_types_1.TokenExchangeFailureReason.MissingIss, 'Token payload missing iss');
|
|
55
54
|
}
|
|
56
55
|
const resolvedKey = await this.trustedKeyStore.getByKidAndIss(kid, iss);
|
|
57
56
|
if (!resolvedKey) {
|
|
58
|
-
throw new
|
|
57
|
+
throw new token_exchange_errors_1.TokenExchangeAuthError(token_exchange_types_1.TokenExchangeFailureReason.UnknownKey, 'Unknown key id');
|
|
59
58
|
}
|
|
60
59
|
let payload;
|
|
61
60
|
try {
|
|
@@ -67,27 +66,27 @@ let TokenExchangeService = class TokenExchangeService {
|
|
|
67
66
|
ignoreNotBefore: false,
|
|
68
67
|
});
|
|
69
68
|
if (typeof result === 'string' || !('iat' in result)) {
|
|
70
|
-
throw new
|
|
69
|
+
throw new token_exchange_errors_1.TokenExchangeAuthError(token_exchange_types_1.TokenExchangeFailureReason.InvalidFormat, 'Unexpected token format');
|
|
71
70
|
}
|
|
72
71
|
payload = result;
|
|
73
72
|
}
|
|
74
73
|
catch (error) {
|
|
75
|
-
if (error instanceof
|
|
74
|
+
if (error instanceof token_exchange_errors_1.TokenExchangeAuthError)
|
|
76
75
|
throw error;
|
|
77
76
|
const message = error instanceof Error ? error.message : 'unknown error';
|
|
78
77
|
this.logger.warn('JWT verification failed', { error: message });
|
|
79
|
-
throw new
|
|
78
|
+
throw new token_exchange_errors_1.TokenExchangeAuthError(token_exchange_types_1.TokenExchangeFailureReason.InvalidSignature, 'Token verification failed');
|
|
80
79
|
}
|
|
81
80
|
const claims = token_exchange_schemas_1.ExternalTokenClaimsSchema.parse(payload);
|
|
82
81
|
if (maxLifetimeSeconds !== undefined) {
|
|
83
82
|
const tokenLifetime = claims.exp - claims.iat;
|
|
84
83
|
if (tokenLifetime > maxLifetimeSeconds) {
|
|
85
|
-
throw new
|
|
84
|
+
throw new token_exchange_errors_1.TokenExchangeAuthError(token_exchange_types_1.TokenExchangeFailureReason.TokenTooLong, 'Token lifetime exceeds maximum allowed');
|
|
86
85
|
}
|
|
87
86
|
}
|
|
88
87
|
const consumed = await this.jtiStore.consume(claims.jti, new Date(claims.exp * 1000));
|
|
89
88
|
if (!consumed) {
|
|
90
|
-
throw new
|
|
89
|
+
throw new token_exchange_errors_1.TokenExchangeAuthError(token_exchange_types_1.TokenExchangeFailureReason.TokenReplay, 'Token has already been used');
|
|
91
90
|
}
|
|
92
91
|
return { claims, resolvedKey };
|
|
93
92
|
}
|
|
@@ -114,7 +113,7 @@ let TokenExchangeService = class TokenExchangeService {
|
|
|
114
113
|
const maxTtl = this.config.maxTokenTtl;
|
|
115
114
|
const exp = Math.min(subjectClaims.claims.exp, actorClaims?.claims.exp ?? Infinity, now + maxTtl);
|
|
116
115
|
if (exp <= now + MIN_REMAINING_LIFETIME_SECONDS) {
|
|
117
|
-
throw new
|
|
116
|
+
throw new token_exchange_errors_1.TokenExchangeAuthError(token_exchange_types_1.TokenExchangeFailureReason.TokenNearExpiry, 'Subject token too close to expiry to issue a new token');
|
|
118
117
|
}
|
|
119
118
|
const resources = request.resource?.split(' ').filter(Boolean);
|
|
120
119
|
const payload = {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token-exchange.service.js","sourceRoot":"","sources":["../../../../src/modules/token-exchange/services/token-exchange.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,wDAA6C;AAE7C,gCAAkC;AAClC,mCAAoC;AACpC,gEAA+B;AAE/B,
|
|
1
|
+
{"version":3,"file":"token-exchange.service.js","sourceRoot":"","sources":["../../../../src/modules/token-exchange/services/token-exchange.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,wDAA6C;AAE7C,gCAAkC;AAClC,mCAAoC;AACpC,gEAA+B;AAE/B,wDAAoD;AAEpD,oEAA+D;AAC/D,oEAA6F;AAM7F,sEAAsE;AACtE,kEAKiC;AACjC,+EAA0E;AAC1E,2DAAsD;AACtD,+DAA0D;AAE1D,MAAM,0BAA0B,GAAG,EAAE,CAAC;AACtC,MAAM,8BAA8B,GAAG,CAAC,CAAC;AAGlC,IAAM,oBAAoB,GAA1B,MAAM,oBAAoB;IAGhC,YACC,MAAc,EACG,eAAkC,EAClC,QAAyB,EACzB,yBAAoD,EACpD,MAA2B,EAC3B,UAAsB;QAJtB,oBAAe,GAAf,eAAe,CAAmB;QAClC,aAAQ,GAAR,QAAQ,CAAiB;QACzB,8BAAyB,GAAzB,yBAAyB,CAA2B;QACpD,WAAM,GAAN,MAAM,CAAqB;QAC3B,eAAU,GAAV,UAAU,CAAY;QAEvC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IAC/C,CAAC;IAaD,KAAK,CAAC,WAAW,CAChB,YAAoB,EACpB,EAAE,kBAAkB,KAAsC,EAAE;QAE5D,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,YAAY,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7D,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC7C,MAAM,IAAI,iDAAyB,CAClC,iDAA0B,CAAC,aAAa,EACxC,sBAAsB,CACtB,CAAC;QACH,CAAC;QAED,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;QAC/B,IAAI,CAAC,GAAG,EAAE,CAAC;YACV,MAAM,IAAI,iDAAyB,CAClC,iDAA0B,CAAC,UAAU,EACrC,0BAA0B,CAC1B,CAAC;QACH,CAAC;QAED,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC;QACvC,MAAM,GAAG,GACR,OAAO,cAAc,KAAK,QAAQ,IAAI,cAAc,KAAK,IAAI;YAC5D,CAAC,CAAC,cAAc,CAAC,GAAG;YACpB,CAAC,CAAC,SAAS,CAAC;QACd,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,GAAG,EAAE,CAAC;YACrC,MAAM,IAAI,iDAAyB,CAClC,iDAA0B,CAAC,UAAU,EACrC,2BAA2B,CAC3B,CAAC;QACH,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACxE,IAAI,CAAC,WAAW,EAAE,CAAC;YAClB,MAAM,IAAI,8CAAsB,CAAC,iDAA0B,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC;QAC3F,CAAC;QAED,IAAI,OAAuB,CAAC;QAC5B,IAAI,CAAC;YACJ,MAAM,MAAM,GAAG,sBAAG,CAAC,MAAM,CAAC,YAAY,EAAE,WAAW,CAAC,GAAG,EAAE;gBAExD,UAAU,EAAE,WAAW,CAAC,UAA6B;gBACrD,MAAM,EAAE,WAAW,CAAC,MAAM;gBAC1B,QAAQ,EAAE,WAAW,CAAC,gBAAgB;gBACtC,gBAAgB,EAAE,KAAK;gBACvB,eAAe,EAAE,KAAK;aACtB,CAAC,CAAC;YACH,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,KAAK,IAAI,MAAM,CAAC,EAAE,CAAC;gBACtD,MAAM,IAAI,8CAAsB,CAC/B,iDAA0B,CAAC,aAAa,EACxC,yBAAyB,CACzB,CAAC;YACH,CAAC;YACD,OAAO,GAAG,MAAM,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,KAAK,YAAY,8CAAsB;gBAAE,MAAM,KAAK,CAAC;YACzD,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YACzE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YAChE,MAAM,IAAI,8CAAsB,CAC/B,iDAA0B,CAAC,gBAAgB,EAC3C,2BAA2B,CAC3B,CAAC;QACH,CAAC;QAED,MAAM,MAAM,GAAG,kDAAyB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAExD,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;YACtC,MAAM,aAAa,GAAG,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;YAC9C,IAAI,aAAa,GAAG,kBAAkB,EAAE,CAAC;gBACxC,MAAM,IAAI,8CAAsB,CAC/B,iDAA0B,CAAC,YAAY,EACvC,wCAAwC,CACxC,CAAC;YACH,CAAC;QACF,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC;QACtF,IAAI,CAAC,QAAQ,EAAE,CAAC;YACf,MAAM,IAAI,8CAAsB,CAC/B,iDAA0B,CAAC,WAAW,EACtC,6BAA6B,CAC7B,CAAC;QACH,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,UAAU,CACf,YAAoB;QAEpB,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE;YACpE,kBAAkB,EAAE,0BAA0B;SAC9C,CAAC,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAAC,MAAM,EAAE,WAAW,CAAC,YAAY,EAAE;YAC3F,GAAG,EAAE,WAAW,CAAC,GAAG;YACpB,MAAM,EAAE,WAAW,CAAC,MAAM;SAC1B,CAAC,CAAC;QACH,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,WAAW,CAAC,GAAG,EAAE,CAAC;IACxF,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,OAA6B;QAC3C,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QACpE,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW;YACtC,CAAC,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,WAAW,CAAC;YAC7C,CAAC,CAAC,SAAS,CAAC;QAEb,MAAM,KAAK,GAAG,WAAW;YACxB,CAAC,CAAC,MAAM,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAC5C,WAAW,CAAC,MAAM,EAClB,WAAW,CAAC,WAAW,CAAC,YAAY,EACpC,WAAW,CAAC,WAAW,CACvB;YACF,CAAC,CAAC,SAAS,CAAC;QACb,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAC3D,aAAa,CAAC,MAAM,EACpB,aAAa,CAAC,WAAW,CAAC,YAAY,EACtC,aAAa,CAAC,WAAW,CACzB,CAAC;QAEF,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;QACvC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CACnB,aAAa,CAAC,MAAM,CAAC,GAAG,EACxB,WAAW,EAAE,MAAM,CAAC,GAAG,IAAI,QAAQ,EACnC,GAAG,GAAG,MAAM,CACZ,CAAC;QAEF,IAAI,GAAG,IAAI,GAAG,GAAG,8BAA8B,EAAE,CAAC;YACjD,MAAM,IAAI,8CAAsB,CAC/B,iDAA0B,CAAC,eAAe,EAC1C,wDAAwD,CACxD,CAAC;QACH,CAAC;QAED,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAE/D,MAAM,OAAO,GAAqB;YACjC,GAAG,EAAE,4CAAqB;YAC1B,GAAG,EAAE,OAAO,CAAC,EAAE;YACf,GAAG,CAAC,KAAK,IAAI,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC;YACxC,GAAG,CAAC,OAAO,CAAC,KAAK,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC;YAC9C,GAAG,CAAC,SAAS,EAAE,MAAM,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;YACjD,GAAG,EAAE,GAAG;YACR,GAAG;YACH,GAAG,EAAE,IAAA,mBAAU,GAAE;SACjB,CAAC;QAEF,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAElD,OAAO;YACN,WAAW;YACX,SAAS,EAAE,GAAG,GAAG,GAAG;YACpB,aAAa,EAAE,OAAO,CAAC,EAAE;YACzB,OAAO,EAAE,aAAa,CAAC,MAAM,CAAC,GAAG;YACjC,MAAM,EAAE,aAAa,CAAC,MAAM,CAAC,GAAG;YAChC,KAAK,EAAE,WAAW,EAAE,MAAM,CAAC,GAAG;YAC9B,WAAW,EAAE,KAAK,EAAE,EAAE;SACtB,CAAC;IACH,CAAC;CACD,CAAA;AAzLY,oDAAoB;+BAApB,oBAAoB;IADhC,IAAA,YAAO,GAAE;qCAKA,uBAAM;QACoB,uCAAiB;QACxB,mCAAe;QACE,uDAAyB;QAC5C,2CAAmB;QACf,wBAAU;GAT5B,oBAAoB,CAyLhC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { AuthError } from '../../errors/response-errors/auth.error';
|
|
2
|
+
import { BadRequestError } from '../../errors/response-errors/bad-request.error';
|
|
3
|
+
import type { TokenExchangeFailureReason } from './token-exchange.types';
|
|
4
|
+
export declare class TokenExchangeAuthError extends AuthError {
|
|
5
|
+
readonly reason: TokenExchangeFailureReason;
|
|
6
|
+
constructor(reason: TokenExchangeFailureReason, message: string);
|
|
7
|
+
}
|
|
8
|
+
export declare class TokenExchangeRequestError extends BadRequestError {
|
|
9
|
+
readonly reason: TokenExchangeFailureReason;
|
|
10
|
+
constructor(reason: TokenExchangeFailureReason, message: string);
|
|
11
|
+
}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.TokenExchangeRequestError = exports.TokenExchangeAuthError = void 0;
|
|
4
|
+
const auth_error_1 = require("../../errors/response-errors/auth.error");
|
|
5
|
+
const bad_request_error_1 = require("../../errors/response-errors/bad-request.error");
|
|
6
|
+
class TokenExchangeAuthError extends auth_error_1.AuthError {
|
|
7
|
+
constructor(reason, message) {
|
|
8
|
+
super(message);
|
|
9
|
+
this.reason = reason;
|
|
10
|
+
}
|
|
11
|
+
}
|
|
12
|
+
exports.TokenExchangeAuthError = TokenExchangeAuthError;
|
|
13
|
+
class TokenExchangeRequestError extends bad_request_error_1.BadRequestError {
|
|
14
|
+
constructor(reason, message) {
|
|
15
|
+
super(message);
|
|
16
|
+
this.reason = reason;
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
exports.TokenExchangeRequestError = TokenExchangeRequestError;
|
|
20
|
+
//# sourceMappingURL=token-exchange.errors.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"token-exchange.errors.js","sourceRoot":"","sources":["../../../src/modules/token-exchange/token-exchange.errors.ts"],"names":[],"mappings":";;;AAAA,oEAAgE;AAChE,kFAA6E;AAQ7E,MAAa,sBAAuB,SAAQ,sBAAS;IACpD,YACU,MAAkC,EAC3C,OAAe;QAEf,KAAK,CAAC,OAAO,CAAC,CAAC;QAHN,WAAM,GAAN,MAAM,CAA4B;IAI5C,CAAC;CACD;AAPD,wDAOC;AAMD,MAAa,yBAA0B,SAAQ,mCAAe;IAC7D,YACU,MAAkC,EAC3C,OAAe;QAEf,KAAK,CAAC,OAAO,CAAC,CAAC;QAHN,WAAM,GAAN,MAAM,CAA4B;IAI5C,CAAC;CACD;AAPD,8DAOC"}
|
|
@@ -19,8 +19,8 @@ export declare const ExternalTokenClaimsSchema: z.ZodObject<{
|
|
|
19
19
|
exp: number;
|
|
20
20
|
iss: string;
|
|
21
21
|
aud: string | string[];
|
|
22
|
-
jti: string;
|
|
23
22
|
iat: number;
|
|
23
|
+
jti: string;
|
|
24
24
|
email?: string | undefined;
|
|
25
25
|
role?: string | undefined;
|
|
26
26
|
nbf?: number | undefined;
|
|
@@ -31,8 +31,8 @@ export declare const ExternalTokenClaimsSchema: z.ZodObject<{
|
|
|
31
31
|
exp: number;
|
|
32
32
|
iss: string;
|
|
33
33
|
aud: string | string[];
|
|
34
|
-
jti: string;
|
|
35
34
|
iat: number;
|
|
35
|
+
jti: string;
|
|
36
36
|
email?: string | undefined;
|
|
37
37
|
role?: string | undefined;
|
|
38
38
|
nbf?: number | undefined;
|
|
@@ -141,21 +141,21 @@ export declare const TokenExchangeRequestSchema: z.ZodObject<{
|
|
|
141
141
|
grant_type: "urn:ietf:params:oauth:grant-type:token-exchange";
|
|
142
142
|
subject_token: string;
|
|
143
143
|
resource?: string | undefined;
|
|
144
|
-
audience?: string | undefined;
|
|
145
|
-
scope?: string | undefined;
|
|
146
144
|
subject_token_type?: string | undefined;
|
|
147
145
|
actor_token?: string | undefined;
|
|
148
146
|
actor_token_type?: string | undefined;
|
|
149
147
|
requested_token_type?: string | undefined;
|
|
148
|
+
scope?: string | undefined;
|
|
149
|
+
audience?: string | undefined;
|
|
150
150
|
}, {
|
|
151
151
|
grant_type: "urn:ietf:params:oauth:grant-type:token-exchange";
|
|
152
152
|
subject_token: string;
|
|
153
153
|
resource?: string | undefined;
|
|
154
|
-
audience?: string | undefined;
|
|
155
|
-
scope?: string | undefined;
|
|
156
154
|
subject_token_type?: string | undefined;
|
|
157
155
|
actor_token?: string | undefined;
|
|
158
156
|
actor_token_type?: string | undefined;
|
|
159
157
|
requested_token_type?: string | undefined;
|
|
158
|
+
scope?: string | undefined;
|
|
159
|
+
audience?: string | undefined;
|
|
160
160
|
}>;
|
|
161
161
|
export type TokenExchangeRequest = z.infer<typeof TokenExchangeRequestSchema>;
|
|
@@ -1,4 +1,19 @@
|
|
|
1
1
|
import type { TOKEN_EXCHANGE_GRANT_TYPE } from './token-exchange.schemas';
|
|
2
|
+
export declare const TokenExchangeFailureReason: {
|
|
3
|
+
readonly InvalidSignature: "invalid_signature";
|
|
4
|
+
readonly UnknownKey: "unknown_key";
|
|
5
|
+
readonly TokenReplay: "token_replay";
|
|
6
|
+
readonly TokenTooLong: "token_too_long";
|
|
7
|
+
readonly TokenNearExpiry: "token_near_expiry";
|
|
8
|
+
readonly InvalidFormat: "invalid_format";
|
|
9
|
+
readonly MissingKid: "missing_kid";
|
|
10
|
+
readonly MissingIss: "missing_iss";
|
|
11
|
+
readonly InvalidClaims: "invalid_claims";
|
|
12
|
+
readonly InternalError: "internal_error";
|
|
13
|
+
readonly RoleNotAllowed: "role_not_allowed";
|
|
14
|
+
readonly Other: "other";
|
|
15
|
+
};
|
|
16
|
+
export type TokenExchangeFailureReason = (typeof TokenExchangeFailureReason)[keyof typeof TokenExchangeFailureReason];
|
|
2
17
|
export interface IssuedTokenResult {
|
|
3
18
|
accessToken: string;
|
|
4
19
|
expiresIn: number;
|
|
@@ -1,5 +1,19 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.TOKEN_EXCHANGE_ISSUER = void 0;
|
|
3
|
+
exports.TOKEN_EXCHANGE_ISSUER = exports.TokenExchangeFailureReason = void 0;
|
|
4
|
+
exports.TokenExchangeFailureReason = {
|
|
5
|
+
InvalidSignature: 'invalid_signature',
|
|
6
|
+
UnknownKey: 'unknown_key',
|
|
7
|
+
TokenReplay: 'token_replay',
|
|
8
|
+
TokenTooLong: 'token_too_long',
|
|
9
|
+
TokenNearExpiry: 'token_near_expiry',
|
|
10
|
+
InvalidFormat: 'invalid_format',
|
|
11
|
+
MissingKid: 'missing_kid',
|
|
12
|
+
MissingIss: 'missing_iss',
|
|
13
|
+
InvalidClaims: 'invalid_claims',
|
|
14
|
+
InternalError: 'internal_error',
|
|
15
|
+
RoleNotAllowed: 'role_not_allowed',
|
|
16
|
+
Other: 'other',
|
|
17
|
+
};
|
|
4
18
|
exports.TOKEN_EXCHANGE_ISSUER = 'n8n-token-exchange';
|
|
5
19
|
//# sourceMappingURL=token-exchange.types.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token-exchange.types.js","sourceRoot":"","sources":["../../../src/modules/token-exchange/token-exchange.types.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"token-exchange.types.js","sourceRoot":"","sources":["../../../src/modules/token-exchange/token-exchange.types.ts"],"names":[],"mappings":";;;AAEa,QAAA,0BAA0B,GAAG;IACzC,gBAAgB,EAAE,mBAAmB;IACrC,UAAU,EAAE,aAAa;IACzB,WAAW,EAAE,cAAc;IAC3B,YAAY,EAAE,gBAAgB;IAC9B,eAAe,EAAE,mBAAmB;IACpC,aAAa,EAAE,gBAAgB;IAC/B,UAAU,EAAE,aAAa;IACzB,UAAU,EAAE,aAAa;IACzB,aAAa,EAAE,gBAAgB;IAC/B,aAAa,EAAE,gBAAgB;IAC/B,cAAc,EAAE,kBAAkB;IAClC,KAAK,EAAE,OAAO;CACL,CAAC;AA0BE,QAAA,qBAAqB,GAAG,oBAAoB,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import type { AuthenticatedRequest, TagEntity, WorkflowEntity } from '@n8n/db';
|
|
2
2
|
import type { ExecutionStatus, ICredentialDataDecryptedObject } from 'n8n-workflow';
|
|
3
|
-
import type { AddDataTableRowsDto,
|
|
3
|
+
import type { AddDataTableRowsDto, PublicApiCreateDataTableDto, UpdateDataTableDto, UpdateDataTableRowDto, UpsertDataTableRowDto } from '@n8n/api-types';
|
|
4
4
|
import type { AuthlessRequest } from '../requests';
|
|
5
5
|
import type { Risk } from '../security-audit/types';
|
|
6
6
|
export type PaginatedRequest = AuthenticatedRequest<{}, {}, {}, {
|
|
@@ -165,6 +165,9 @@ export declare namespace CredentialRequest {
|
|
|
165
165
|
cursor?: string;
|
|
166
166
|
offset?: number;
|
|
167
167
|
}>;
|
|
168
|
+
type Get = AuthenticatedRequest<{
|
|
169
|
+
id: string;
|
|
170
|
+
}>;
|
|
168
171
|
type Create = AuthenticatedRequest<{}, {}, {
|
|
169
172
|
type: string;
|
|
170
173
|
name: string;
|
|
@@ -181,6 +184,9 @@ export declare namespace CredentialRequest {
|
|
|
181
184
|
isResolvable?: boolean;
|
|
182
185
|
isPartialData?: boolean;
|
|
183
186
|
}, {}>;
|
|
187
|
+
type Test = AuthenticatedRequest<{
|
|
188
|
+
id: string;
|
|
189
|
+
}, {}, {}, {}>;
|
|
184
190
|
type Delete = AuthenticatedRequest<{
|
|
185
191
|
id: string;
|
|
186
192
|
}, {}, {}, Record<string, string>>;
|
|
@@ -251,7 +257,7 @@ export declare namespace DataTableRequest {
|
|
|
251
257
|
filter?: string;
|
|
252
258
|
sortBy?: string;
|
|
253
259
|
}>;
|
|
254
|
-
type Create = AuthenticatedRequest<{}, {},
|
|
260
|
+
type Create = AuthenticatedRequest<{}, {}, PublicApiCreateDataTableDto, {}>;
|
|
255
261
|
type Get = AuthenticatedRequest<{
|
|
256
262
|
dataTableId: string;
|
|
257
263
|
}, {}, {}, {}>;
|
|
@@ -11,6 +11,7 @@ declare const _default: {
|
|
|
11
11
|
name: string;
|
|
12
12
|
}, Record<string, never>, {
|
|
13
13
|
version?: string;
|
|
14
|
+
verify?: boolean;
|
|
14
15
|
}>, res: express.Response) => Promise<express.Response>))[];
|
|
15
16
|
uninstallPackage: (import("../../shared/middlewares/global.middleware").ScopeTaggedMiddleware | ((req: AuthenticatedRequest<{
|
|
16
17
|
name: string;
|
|
@@ -13,7 +13,7 @@ module.exports = {
|
|
|
13
13
|
async (req, res) => {
|
|
14
14
|
const lifecycle = di_1.Container.get(community_packages_lifecycle_service_1.CommunityPackagesLifecycleService);
|
|
15
15
|
try {
|
|
16
|
-
const installedPackage = await lifecycle.install({ name: req.body.name, version: req.body.version, verify: req.body.verify ??
|
|
16
|
+
const installedPackage = await lifecycle.install({ name: req.body.name, version: req.body.version, verify: req.body.verify ?? true }, req.user, 'publicApi');
|
|
17
17
|
return res.json((0, community_packages_mapper_1.mapToCommunityPackage)(installedPackage));
|
|
18
18
|
}
|
|
19
19
|
catch (error) {
|
|
@@ -40,6 +40,7 @@ module.exports = {
|
|
|
40
40
|
const updated = await lifecycle.update({
|
|
41
41
|
name: req.params.name,
|
|
42
42
|
version: req.body?.version,
|
|
43
|
+
verify: req.body?.verify ?? true,
|
|
43
44
|
}, req.user, 'notFound');
|
|
44
45
|
return res.json((0, community_packages_mapper_1.mapToCommunityPackage)(updated));
|
|
45
46
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"community-packages.handler.js","sourceRoot":"","sources":["../../../../../src/public-api/v1/handlers/community-packages/community-packages.handler.ts"],"names":[],"mappings":";AACA,gCAAoC;AAGpC,qFAAiF;AACjF,4HAAsH;AAEtH,2EAA+F;AAC/F,kFAA4E;AAE5E,SAAS,iBAAiB,CAAC,GAAqB,EAAE,KAAoB;IACrE,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;AAC1E,CAAC;AAED,iBAAS;IACR,cAAc,EAAE;QACf,IAAA,kCAAc,EAAC,0BAA0B,CAAC;QAC1C,KAAK,EACJ,GAIC,EACD,GAAqB,EACO,EAAE;YAC9B,MAAM,SAAS,GAAG,cAAS,CAAC,GAAG,CAAC,wEAAiC,CAAC,CAAC;YAEnE,IAAI,CAAC;gBACJ,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAC/C,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,
|
|
1
|
+
{"version":3,"file":"community-packages.handler.js","sourceRoot":"","sources":["../../../../../src/public-api/v1/handlers/community-packages/community-packages.handler.ts"],"names":[],"mappings":";AACA,gCAAoC;AAGpC,qFAAiF;AACjF,4HAAsH;AAEtH,2EAA+F;AAC/F,kFAA4E;AAE5E,SAAS,iBAAiB,CAAC,GAAqB,EAAE,KAAoB;IACrE,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;AAC1E,CAAC;AAED,iBAAS;IACR,cAAc,EAAE;QACf,IAAA,kCAAc,EAAC,0BAA0B,CAAC;QAC1C,KAAK,EACJ,GAIC,EACD,GAAqB,EACO,EAAE;YAC9B,MAAM,SAAS,GAAG,cAAS,CAAC,GAAG,CAAC,wEAAiC,CAAC,CAAC;YAEnE,IAAI,CAAC;gBACJ,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAC/C,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,IAAI,EAAE,EACnF,GAAG,CAAC,IAAI,EACR,WAAW,CACX,CAAC;gBACF,OAAO,GAAG,CAAC,IAAI,CAAC,IAAA,iDAAqB,EAAC,gBAAgB,CAAC,CAAC,CAAC;YAC1D,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBAChB,IAAI,KAAK,YAAY,8BAAa,EAAE,CAAC;oBACpC,OAAO,iBAAiB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;gBACtC,CAAC;gBACD,MAAM,KAAK,CAAC;YACb,CAAC;QACF,CAAC;KACD;IAED,oBAAoB,EAAE;QACrB,IAAA,kCAAc,EAAC,uBAAuB,CAAC;QACvC,KAAK,EACJ,IAAiD,EACjD,GAAqB,EACO,EAAE;YAC9B,MAAM,SAAS,GAAG,cAAS,CAAC,GAAG,CAAC,wEAAiC,CAAC,CAAC;YACnE,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,qBAAqB,EAAE,CAAC;YACzD,OAAO,GAAG,CAAC,IAAI,CAAC,IAAA,qDAAyB,EAAC,QAAQ,CAAC,CAAC,CAAC;QACtD,CAAC;KACD;IAED,aAAa,EAAE;QACd,IAAA,kCAAc,EAAC,yBAAyB,CAAC;QACzC,KAAK,EACJ,GAIC,EACD,GAAqB,EACO,EAAE;YAC9B,MAAM,SAAS,GAAG,cAAS,CAAC,GAAG,CAAC,wEAAiC,CAAC,CAAC;YAEnE,IAAI,CAAC;gBACJ,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,MAAM,CACrC;oBACC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,IAAI;oBACrB,OAAO,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO;oBAC1B,MAAM,EAAE,GAAG,CAAC,IAAI,EAAE,MAAM,IAAI,IAAI;iBAChC,EACD,GAAG,CAAC,IAAI,EACR,UAAU,CACV,CAAC;gBACF,OAAO,GAAG,CAAC,IAAI,CAAC,IAAA,iDAAqB,EAAC,OAAO,CAAC,CAAC,CAAC;YACjD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBAChB,IAAI,KAAK,YAAY,8BAAa,EAAE,CAAC;oBACpC,OAAO,iBAAiB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;gBACtC,CAAC;gBACD,MAAM,KAAK,CAAC;YACb,CAAC;QACF,CAAC;KACD;IAED,gBAAgB,EAAE;QACjB,IAAA,kCAAc,EAAC,4BAA4B,CAAC;QAC5C,KAAK,EACJ,GAA2C,EAC3C,GAAqB,EACO,EAAE;YAC9B,MAAM,SAAS,GAAG,cAAS,CAAC,GAAG,CAAC,wEAAiC,CAAC,CAAC;YAEnE,IAAI,CAAC;gBACJ,MAAM,SAAS,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;gBACjE,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YAC/B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBAChB,IAAI,KAAK,YAAY,8BAAa,EAAE,CAAC;oBACpC,OAAO,iBAAiB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;gBACtC,CAAC;gBACD,MAAM,KAAK,CAAC;YACb,CAAC;QACF,CAAC;KACD;CACD,CAAC"}
|