2022-09-21 01:20:29 -07:00
|
|
|
import express from 'express';
|
2022-12-15 05:31:06 -08:00
|
|
|
import { deepCopy, INodeCredentialTestResult, LoggerProxy } from 'n8n-workflow';
|
2022-11-09 06:25:00 -08:00
|
|
|
import * as Db from '@/Db';
|
|
|
|
|
import { InternalHooksManager } from '@/InternalHooksManager';
|
|
|
|
|
import * as ResponseHelper from '@/ResponseHelper';
|
|
|
|
|
import type { CredentialsEntity } from '@db/entities/CredentialsEntity';
|
2022-09-21 01:20:29 -07:00
|
|
|
|
2022-11-09 06:25:00 -08:00
|
|
|
import type { CredentialRequest } from '@/requests';
|
|
|
|
|
import { isSharingEnabled, rightDiff } from '@/UserManagement/UserManagementHelper';
|
2022-09-21 01:20:29 -07:00
|
|
|
import { EECredentialsService as EECredentials } from './credentials.service.ee';
|
|
|
|
|
import type { CredentialWithSharings } from './credentials.types';
|
|
|
|
|
|
|
|
|
|
// eslint-disable-next-line @typescript-eslint/naming-convention
|
|
|
|
|
export const EECredentialsController = express.Router();
|
|
|
|
|
|
|
|
|
|
EECredentialsController.use((req, res, next) => {
|
2022-10-11 05:55:05 -07:00
|
|
|
if (!isSharingEnabled()) {
|
2022-09-21 01:20:29 -07:00
|
|
|
// skip ee router and use free one
|
|
|
|
|
next('router');
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
// use ee router
|
|
|
|
|
next();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* GET /credentials
|
|
|
|
|
*/
|
|
|
|
|
EECredentialsController.get(
|
|
|
|
|
'/',
|
|
|
|
|
ResponseHelper.send(async (req: CredentialRequest.GetAll): Promise<CredentialWithSharings[]> => {
|
|
|
|
|
try {
|
|
|
|
|
const allCredentials = await EECredentials.getAll(req.user, {
|
|
|
|
|
relations: ['shared', 'shared.role', 'shared.user'],
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// eslint-disable-next-line @typescript-eslint/unbound-method
|
2022-12-22 07:09:06 -08:00
|
|
|
return allCredentials
|
|
|
|
|
.map((credential: CredentialsEntity & CredentialWithSharings) =>
|
|
|
|
|
EECredentials.addOwnerAndSharings(credential),
|
|
|
|
|
)
|
|
|
|
|
.map(
|
|
|
|
|
(credential): CredentialWithSharings => ({ ...credential, id: credential.id.toString() }),
|
|
|
|
|
);
|
2022-09-21 01:20:29 -07:00
|
|
|
} catch (error) {
|
|
|
|
|
LoggerProxy.error('Request to list credentials failed', error as Error);
|
|
|
|
|
throw error;
|
|
|
|
|
}
|
|
|
|
|
}),
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* GET /credentials/:id
|
|
|
|
|
*/
|
|
|
|
|
EECredentialsController.get(
|
|
|
|
|
'/:id',
|
|
|
|
|
(req, res, next) => (req.params.id === 'new' ? next('router') : next()), // skip ee router and use free one for naming
|
|
|
|
|
ResponseHelper.send(async (req: CredentialRequest.Get) => {
|
|
|
|
|
const { id: credentialId } = req.params;
|
|
|
|
|
const includeDecryptedData = req.query.includeData === 'true';
|
|
|
|
|
|
|
|
|
|
if (Number.isNaN(Number(credentialId))) {
|
2022-11-22 05:00:36 -08:00
|
|
|
throw new ResponseHelper.BadRequestError(`Credential ID must be a number.`);
|
2022-09-21 01:20:29 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let credential = (await EECredentials.get(
|
|
|
|
|
{ id: credentialId },
|
|
|
|
|
{ relations: ['shared', 'shared.role', 'shared.user'] },
|
|
|
|
|
)) as CredentialsEntity & CredentialWithSharings;
|
|
|
|
|
|
|
|
|
|
if (!credential) {
|
2022-11-22 05:00:36 -08:00
|
|
|
throw new ResponseHelper.NotFoundError(
|
2022-11-22 04:05:51 -08:00
|
|
|
'Could not load the credential. If you think this is an error, ask the owner to share it with you again',
|
2022-09-21 01:20:29 -07:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const userSharing = credential.shared?.find((shared) => shared.user.id === req.user.id);
|
|
|
|
|
|
|
|
|
|
if (!userSharing && req.user.globalRole.name !== 'owner') {
|
2022-11-22 05:00:36 -08:00
|
|
|
throw new ResponseHelper.UnauthorizedError(`Forbidden.`);
|
2022-09-21 01:20:29 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
credential = EECredentials.addOwnerAndSharings(credential);
|
|
|
|
|
|
|
|
|
|
// @ts-ignore @TODO_TECH_DEBT: Stringify `id` with entity field transformer
|
|
|
|
|
credential.id = credential.id.toString();
|
|
|
|
|
|
|
|
|
|
if (!includeDecryptedData || !userSharing || userSharing.role.name !== 'owner') {
|
|
|
|
|
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
|
|
|
const { id, data: _, ...rest } = credential;
|
|
|
|
|
|
|
|
|
|
// @TODO_TECH_DEBT: Stringify `id` with entity field transformer
|
|
|
|
|
return { id: id.toString(), ...rest };
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
|
|
|
const { id, data: _, ...rest } = credential;
|
|
|
|
|
|
|
|
|
|
const key = await EECredentials.getEncryptionKey();
|
2022-12-15 05:31:06 -08:00
|
|
|
const decryptedData = EECredentials.redact(
|
|
|
|
|
await EECredentials.decrypt(key, credential),
|
|
|
|
|
credential,
|
|
|
|
|
);
|
2022-09-21 01:20:29 -07:00
|
|
|
|
|
|
|
|
// @TODO_TECH_DEBT: Stringify `id` with entity field transformer
|
|
|
|
|
return { id: id.toString(), data: decryptedData, ...rest };
|
|
|
|
|
}),
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* POST /credentials/test
|
|
|
|
|
*
|
|
|
|
|
* Test if a credential is valid.
|
|
|
|
|
*/
|
|
|
|
|
EECredentialsController.post(
|
|
|
|
|
'/test',
|
|
|
|
|
ResponseHelper.send(async (req: CredentialRequest.Test): Promise<INodeCredentialTestResult> => {
|
2022-11-30 01:28:18 -08:00
|
|
|
const { credentials } = req.body;
|
2022-09-21 01:20:29 -07:00
|
|
|
|
|
|
|
|
const encryptionKey = await EECredentials.getEncryptionKey();
|
|
|
|
|
|
|
|
|
|
const { ownsCredential } = await EECredentials.isOwned(req.user, credentials.id.toString());
|
|
|
|
|
|
2022-12-15 05:31:06 -08:00
|
|
|
const sharing = await EECredentials.getSharing(req.user, credentials.id);
|
2022-09-21 01:20:29 -07:00
|
|
|
if (!ownsCredential) {
|
|
|
|
|
if (!sharing) {
|
2022-11-22 05:00:36 -08:00
|
|
|
throw new ResponseHelper.UnauthorizedError(`Forbidden`);
|
2022-09-21 01:20:29 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const decryptedData = await EECredentials.decrypt(encryptionKey, sharing.credentials);
|
|
|
|
|
Object.assign(credentials, { data: decryptedData });
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-15 05:31:06 -08:00
|
|
|
const mergedCredentials = deepCopy(credentials);
|
|
|
|
|
if (mergedCredentials.data && sharing?.credentials) {
|
|
|
|
|
const decryptedData = await EECredentials.decrypt(encryptionKey, sharing.credentials);
|
|
|
|
|
mergedCredentials.data = EECredentials.unredact(mergedCredentials.data, decryptedData);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return EECredentials.test(req.user, encryptionKey, mergedCredentials);
|
2022-09-21 01:20:29 -07:00
|
|
|
}),
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* (EE) PUT /credentials/:id/share
|
|
|
|
|
*
|
|
|
|
|
* Grant or remove users' access to a credential.
|
|
|
|
|
*/
|
|
|
|
|
|
2022-11-16 05:13:36 -08:00
|
|
|
EECredentialsController.put(
|
|
|
|
|
'/:credentialId/share',
|
|
|
|
|
ResponseHelper.send(async (req: CredentialRequest.Share) => {
|
|
|
|
|
const { credentialId } = req.params;
|
|
|
|
|
const { shareWithIds } = req.body;
|
|
|
|
|
|
|
|
|
|
if (
|
|
|
|
|
!Array.isArray(shareWithIds) ||
|
|
|
|
|
!shareWithIds.every((userId) => typeof userId === 'string')
|
|
|
|
|
) {
|
2022-11-22 05:00:36 -08:00
|
|
|
throw new ResponseHelper.BadRequestError('Bad request');
|
2022-11-16 05:13:36 -08:00
|
|
|
}
|
2022-09-21 01:20:29 -07:00
|
|
|
|
2022-11-16 05:13:36 -08:00
|
|
|
const { ownsCredential, credential } = await EECredentials.isOwned(req.user, credentialId);
|
2022-09-21 01:20:29 -07:00
|
|
|
|
2022-11-16 05:13:36 -08:00
|
|
|
if (!ownsCredential || !credential) {
|
2022-11-22 05:00:36 -08:00
|
|
|
throw new ResponseHelper.UnauthorizedError('Forbidden');
|
2022-09-21 01:20:29 -07:00
|
|
|
}
|
|
|
|
|
|
2022-11-16 05:13:36 -08:00
|
|
|
let amountRemoved: number | null = null;
|
|
|
|
|
let newShareeIds: string[] = [];
|
|
|
|
|
await Db.transaction(async (trx) => {
|
|
|
|
|
// remove all sharings that are not supposed to exist anymore
|
|
|
|
|
const { affected } = await EECredentials.pruneSharings(trx, credentialId, [
|
|
|
|
|
req.user.id,
|
|
|
|
|
...shareWithIds,
|
|
|
|
|
]);
|
|
|
|
|
if (affected) amountRemoved = affected;
|
|
|
|
|
|
|
|
|
|
const sharings = await EECredentials.getSharings(trx, credentialId);
|
|
|
|
|
|
|
|
|
|
// extract the new sharings that need to be added
|
|
|
|
|
newShareeIds = rightDiff(
|
|
|
|
|
[sharings, (sharing) => sharing.userId],
|
|
|
|
|
[shareWithIds, (shareeId) => shareeId],
|
|
|
|
|
);
|
2022-09-21 01:20:29 -07:00
|
|
|
|
2022-11-16 05:13:36 -08:00
|
|
|
if (newShareeIds.length) {
|
|
|
|
|
await EECredentials.share(trx, credential, newShareeIds);
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
void InternalHooksManager.getInstance().onUserSharedCredentials({
|
|
|
|
|
credential_type: credential.type,
|
|
|
|
|
credential_id: credential.id.toString(),
|
|
|
|
|
user_id_sharer: req.user.id,
|
|
|
|
|
user_ids_sharees_added: newShareeIds,
|
|
|
|
|
sharees_removed: amountRemoved,
|
|
|
|
|
});
|
|
|
|
|
}),
|
|
|
|
|
);
|
