n8n/packages/cli/src/controllers/owner.controller.ts

import validator from 'validator';
import { validateEntity } from '@/GenericHelpers';
import { Authorized, Post, RestController } from '@/decorators';
import { BadRequestError } from '@/ResponseHelper';
import {
	hashPassword,
	sanitizeUser,
	validatePassword,
	withFeatureFlags,
} from '@/UserManagement/UserManagementHelper';
import { issueCookie } from '@/auth/jwt';
import { Response } from 'express';
import type { ILogger } from 'n8n-workflow';
import type { Config } from '@/config';
import { OwnerRequest } from '@/requests';
import type { IDatabaseCollections, IInternalHooksClass } from '@/Interfaces';
import type { SettingsRepository } from '@db/repositories';
import { UserService } from '@/services/user.service';
import Container from 'typedi';
import type { PostHogClient } from '@/posthog';

@Authorized(['global', 'owner'])
@RestController('/owner')
export class OwnerController {
	private readonly config: Config;

	private readonly logger: ILogger;

	private readonly internalHooks: IInternalHooksClass;

	private readonly userService: UserService;

	private readonly settingsRepository: SettingsRepository;

	private readonly postHog?: PostHogClient;

	constructor({
		config,
		logger,
		internalHooks,
		repositories,
		postHog,
	}: {
		config: Config;
		logger: ILogger;
		internalHooks: IInternalHooksClass;
		repositories: Pick<IDatabaseCollections, 'Settings'>;
		postHog?: PostHogClient;
	}) {
		this.config = config;
		this.logger = logger;
		this.internalHooks = internalHooks;
		this.userService = Container.get(UserService);
		this.settingsRepository = repositories.Settings;
		this.postHog = postHog;
	}

	/**
	 * Promote a shell into the owner of the n8n instance,
	 * and enable `isInstanceOwnerSetUp` setting.
	 */
	@Post('/setup')
	async setupOwner(req: OwnerRequest.Post, res: Response) {
		const { email, firstName, lastName, password } = req.body;
		const { id: userId, globalRole } = req.user;

		if (this.config.getEnv('userManagement.isInstanceOwnerSetUp')) {
			this.logger.debug(
				'Request to claim instance ownership failed because instance owner already exists',
				{
					userId,
				},
			);
			throw new BadRequestError('Instance owner already setup');
		}

		if (!email || !validator.isEmail(email)) {
			this.logger.debug('Request to claim instance ownership failed because of invalid email', {
				userId,
				invalidEmail: email,
			});
			throw new BadRequestError('Invalid email address');
		}

		const validPassword = validatePassword(password);

		if (!firstName || !lastName) {
			this.logger.debug(
				'Request to claim instance ownership failed because of missing first name or last name in payload',
				{ userId, payload: req.body },
			);
			throw new BadRequestError('First and last names are mandatory');
		}

		// TODO: This check should be in a middleware outside this class
		if (globalRole.scope === 'global' && globalRole.name !== 'owner') {
			this.logger.debug(
				'Request to claim instance ownership failed because user shell does not exist or has wrong role!',
				{
					userId,
				},
			);
			throw new BadRequestError('Invalid request');
		}

		let owner = req.user;

		Object.assign(owner, {
			email,
			firstName,
			lastName,
			password: await hashPassword(validPassword),
		});

		await validateEntity(owner);

		owner = await this.userService.save(owner);

		this.logger.info('Owner was set up successfully', { userId });

		await this.settingsRepository.update(
			{ key: 'userManagement.isInstanceOwnerSetUp' },
			{ value: JSON.stringify(true) },
		);

		this.config.set('userManagement.isInstanceOwnerSetUp', true);

		this.logger.debug('Setting isInstanceOwnerSetUp updated successfully', { userId });

		await issueCookie(res, owner);

		void this.internalHooks.onInstanceOwnerSetup({ user_id: userId });

		return withFeatureFlags(this.postHog, sanitizeUser(owner));
	}

	@Post('/dismiss-banner')
	async dismissBanner(req: OwnerRequest.DismissBanner) {
		const bannerName = 'banner' in req.body ? (req.body.banner as string) : '';
		const response = await this.settingsRepository.dismissBanner({ bannerName });
		return response;
	}
}
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`import validator from 'validator';`
			`import { validateEntity } from '@/GenericHelpers';`
refactor: Remove pre-setup prompt on owner setup (#6495) 2023-06-21 04:21:34 -07:00			`import { Authorized, Post, RestController } from '@/decorators';`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`import { BadRequestError } from '@/ResponseHelper';`
			`import {`
			`hashPassword,`
			`sanitizeUser,`
			`validatePassword,`
feat: Remove PostHog event calls (#6915) 2023-08-17 08:39:32 -07:00			`withFeatureFlags,`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`} from '@/UserManagement/UserManagementHelper';`
			`import { issueCookie } from '@/auth/jwt';`
refactor: Integrate `consistent-type-imports` in BE packages (no-changelog) (#5270) 2023-01-27 05:56:56 -08:00			`import { Response } from 'express';`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`import type { ILogger } from 'n8n-workflow';`
			`import type { Config } from '@/config';`
refactor: Integrate `consistent-type-imports` in BE packages (no-changelog) (#5270) 2023-01-27 05:56:56 -08:00			`import { OwnerRequest } from '@/requests';`
refactor(core): Use injectable classes for db repositories (part-1) (no-changelog) (#5953) Co-authored-by: ricardo <ricardoespinoza105@gmail.com> 2023-04-12 01:59:14 -07:00			`import type { IDatabaseCollections, IInternalHooksClass } from '@/Interfaces';`
refactor(core): Move all user DB access to `UserRepository` (#6910) Prep for https://linear.app/n8n/issue/PAY-646 2023-08-22 06:58:05 -07:00			`import type { SettingsRepository } from '@db/repositories';`
			`import { UserService } from '@/services/user.service';`
			`import Container from 'typedi';`
feat: Remove PostHog event calls (#6915) 2023-08-17 08:39:32 -07:00			`import type { PostHogClient } from '@/posthog';`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00
refactor(core): Setup decorator based RBAC (no-changelog) (#5787) 2023-04-24 02:45:31 -07:00			`@Authorized(['global', 'owner'])`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`@RestController('/owner')`
			`export class OwnerController {`
			`private readonly config: Config;`

			`private readonly logger: ILogger;`

			`private readonly internalHooks: IInternalHooksClass;`

refactor(core): Move all user DB access to `UserRepository` (#6910) Prep for https://linear.app/n8n/issue/PAY-646 2023-08-22 06:58:05 -07:00			`private readonly userService: UserService;`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00
refactor(core): Use injectable classes for db repositories (part-1) (no-changelog) (#5953) Co-authored-by: ricardo <ricardoespinoza105@gmail.com> 2023-04-12 01:59:14 -07:00			`private readonly settingsRepository: SettingsRepository;`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00
feat: Remove PostHog event calls (#6915) 2023-08-17 08:39:32 -07:00			`private readonly postHog?: PostHogClient;`

refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`constructor({`
			`config,`
			`logger,`
			`internalHooks,`
			`repositories,`
feat: Remove PostHog event calls (#6915) 2023-08-17 08:39:32 -07:00			`postHog,`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`}: {`
			`config: Config;`
			`logger: ILogger;`
			`internalHooks: IInternalHooksClass;`
refactor(core): Move all user DB access to `UserRepository` (#6910) Prep for https://linear.app/n8n/issue/PAY-646 2023-08-22 06:58:05 -07:00			`repositories: Pick<IDatabaseCollections, 'Settings'>;`
feat: Remove PostHog event calls (#6915) 2023-08-17 08:39:32 -07:00			`postHog?: PostHogClient;`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`}) {`
			`this.config = config;`
			`this.logger = logger;`
			`this.internalHooks = internalHooks;`
refactor(core): Move all user DB access to `UserRepository` (#6910) Prep for https://linear.app/n8n/issue/PAY-646 2023-08-22 06:58:05 -07:00			`this.userService = Container.get(UserService);`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`this.settingsRepository = repositories.Settings;`
feat: Remove PostHog event calls (#6915) 2023-08-17 08:39:32 -07:00			`this.postHog = postHog;`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`}`

			`/**`
			`* Promote a shell into the owner of the n8n instance,`
			* and enable `isInstanceOwnerSetUp` setting.
			`*/`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`@Post('/setup')`
			`async setupOwner(req: OwnerRequest.Post, res: Response) {`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`const { email, firstName, lastName, password } = req.body;`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`const { id: userId, globalRole } = req.user;`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00
			`if (this.config.getEnv('userManagement.isInstanceOwnerSetUp')) {`
			`this.logger.debug(`
			`'Request to claim instance ownership failed because instance owner already exists',`
			`{`
			`userId,`
			`},`
			`);`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`throw new BadRequestError('Instance owner already setup');`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`}`

			`if (!email \|\| !validator.isEmail(email)) {`
			`this.logger.debug('Request to claim instance ownership failed because of invalid email', {`
			`userId,`
			`invalidEmail: email,`
			`});`
			`throw new BadRequestError('Invalid email address');`
			`}`

			`const validPassword = validatePassword(password);`

			`if (!firstName \|\| !lastName) {`
			`this.logger.debug(`
			`'Request to claim instance ownership failed because of missing first name or last name in payload',`
			`{ userId, payload: req.body },`
			`);`
			`throw new BadRequestError('First and last names are mandatory');`
			`}`

refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`// TODO: This check should be in a middleware outside this class`
			`if (globalRole.scope === 'global' && globalRole.name !== 'owner') {`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`this.logger.debug(`
			`'Request to claim instance ownership failed because user shell does not exist or has wrong role!',`
			`{`
			`userId,`
			`},`
			`);`
			`throw new BadRequestError('Invalid request');`
			`}`

refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`let owner = req.user;`

refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`Object.assign(owner, {`
			`email,`
			`firstName,`
			`lastName,`
			`password: await hashPassword(validPassword),`
			`});`

			`await validateEntity(owner);`

refactor(core): Move all user DB access to `UserRepository` (#6910) Prep for https://linear.app/n8n/issue/PAY-646 2023-08-22 06:58:05 -07:00			`owner = await this.userService.save(owner);`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`this.logger.info('Owner was set up successfully', { userId });`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00
			`await this.settingsRepository.update(`
			`{ key: 'userManagement.isInstanceOwnerSetUp' },`
			`{ value: JSON.stringify(true) },`
			`);`

			`this.config.set('userManagement.isInstanceOwnerSetUp', true);`

refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`this.logger.debug('Setting isInstanceOwnerSetUp updated successfully', { userId });`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00
			`await issueCookie(res, owner);`

			`void this.internalHooks.onInstanceOwnerSetup({ user_id: userId });`

feat: Remove PostHog event calls (#6915) 2023-08-17 08:39:32 -07:00			`return withFeatureFlags(this.postHog, sanitizeUser(owner));`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`}`
feat(editor): Add v1 banner (#6443) 2023-06-19 07:23:57 -07:00
feat(editor): Implement new banners framework (#6603) * ⚡ Implemented new grid row - banners * ✨ Fixing node creator and executions sidebar position after layout update * 💄 Added configurable round corners to the Callout component * ⚡ Fixing mouse position detection and main tab bar position * ⚡ Implemented basic banner component structure * ⚡ Implemented banner state and dismiss logic * ⚡ Fixing grid layout. Updating banners height state dynamically * ⚡ Fix zoom to fit position, mouse position in demo mode and callout vertical alignment * ⚡ Implementing proper trial banners logic * 💄 Only showing execution usage data once the sidebar is fully expanded * ✨ Implemented permanent/temporary dismiss logic for v1 flag * ⚡ Minor refactoring of banner logic * ⚡ Updating permanent dismiss logic to work with all banners * 👕 Fixing linting errors * ✔️ Updating Callout component test snapshots * 💄 Tweaking zoom to fit position * ✔️ Updating testing endpoints to use new store data * ✅ Added banners unit tests * ✔️ Fixing failing banner tests * ✅ Added more banner tests * ⚡ Updating banners dimensions on resize, removing leftover code * ✔️ Removing store import from API file * 👕 Fixing lint errors * ⚡ Updating migration files * ⚡ Using query parameters in migrations * 👌 Addressing design review feedback * ⚡ Updating upgrade plan button click * ⚡ Updating the migrations syntax * 👌 Updating permanent banner dismiss endpoint and back-end logic * 👌 Refactoring trial banner component and ui store * 👌 Addressing more points from code review * 👌 Moving DOM logic from the store * ✔️ Updated callout component snapshots * 👌 Updating mysql migration file * ✔️ Updating e2e test canvas coordinates after setting it's position to absolute * 👌 Addressing back-end review feedback * 👌 Improving typing around banners * 👕 Fixing lint errors 2023-07-14 06:36:17 -07:00			`@Post('/dismiss-banner')`
			`async dismissBanner(req: OwnerRequest.DismissBanner) {`
			`const bannerName = 'banner' in req.body ? (req.body.banner as string) : '';`
			`const response = await this.settingsRepository.dismissBanner({ bannerName });`
			`return response;`
feat(editor): Add v1 banner (#6443) 2023-06-19 07:23:57 -07:00			`}`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`}`