n8n/packages/cli/src/controllers/owner.controller.ts

import validator from 'validator';
import { Response } from 'express';

import config from '@/config';
import { validateEntity } from '@/GenericHelpers';
import { Authorized, Post, RestController } from '@/decorators';
import { PasswordUtility } from '@/services/password.utility';
import { issueCookie } from '@/auth/jwt';
import { OwnerRequest } from '@/requests';
import { SettingsRepository } from '@db/repositories/settings.repository';
import { PostHogClient } from '@/posthog';
import { UserService } from '@/services/user.service';
import { Logger } from '@/Logger';
import { BadRequestError } from '@/errors/response-errors/bad-request.error';
import { InternalHooks } from '@/InternalHooks';
import { UserRepository } from '@/databases/repositories/user.repository';

@Authorized('global:owner')
@RestController('/owner')
export class OwnerController {
	constructor(
		private readonly logger: Logger,
		private readonly internalHooks: InternalHooks,
		private readonly settingsRepository: SettingsRepository,
		private readonly userService: UserService,
		private readonly passwordUtility: PasswordUtility,
		private readonly postHog: PostHogClient,
		private readonly userRepository: UserRepository,
	) {}

	/**
	 * Promote a shell into the owner of the n8n instance,
	 * and enable `isInstanceOwnerSetUp` setting.
	 */
	@Post('/setup')
	async setupOwner(req: OwnerRequest.Post, res: Response) {
		const { email, firstName, lastName, password } = req.body;
		const { id: userId } = req.user;

		if (config.getEnv('userManagement.isInstanceOwnerSetUp')) {
			this.logger.debug(
				'Request to claim instance ownership failed because instance owner already exists',
				{
					userId,
				},
			);
			throw new BadRequestError('Instance owner already setup');
		}

		if (!email || !validator.isEmail(email)) {
			this.logger.debug('Request to claim instance ownership failed because of invalid email', {
				userId,
				invalidEmail: email,
			});
			throw new BadRequestError('Invalid email address');
		}

		const validPassword = this.passwordUtility.validate(password);

		if (!firstName || !lastName) {
			this.logger.debug(
				'Request to claim instance ownership failed because of missing first name or last name in payload',
				{ userId, payload: req.body },
			);
			throw new BadRequestError('First and last names are mandatory');
		}

		let owner = req.user;

		Object.assign(owner, {
			email,
			firstName,
			lastName,
			password: await this.passwordUtility.hash(validPassword),
		});

		await validateEntity(owner);

		owner = await this.userRepository.save(owner);

		this.logger.info('Owner was set up successfully', { userId });

		await this.settingsRepository.update(
			{ key: 'userManagement.isInstanceOwnerSetUp' },
			{ value: JSON.stringify(true) },
		);

		config.set('userManagement.isInstanceOwnerSetUp', true);

		this.logger.debug('Setting isInstanceOwnerSetUp updated successfully', { userId });

		await issueCookie(res, owner);

		void this.internalHooks.onInstanceOwnerSetup({ user_id: userId });

		return await this.userService.toPublic(owner, { posthog: this.postHog, withScopes: true });
	}

	@Post('/dismiss-banner')
	async dismissBanner(req: OwnerRequest.DismissBanner) {
		const bannerName = 'banner' in req.body ? (req.body.banner as string) : '';
		const response = await this.settingsRepository.dismissBanner({ bannerName });
		return response;
	}
}
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`import validator from 'validator';`
refactor(core): Use Dependency Injection for all Controller classes (no-changelog) (#8146) ## Review / Merge checklist - [x] PR title and summary are descriptive 2023-12-27 02:50:43 -08:00			`import { Response } from 'express';`

			`import config from '@/config';`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`import { validateEntity } from '@/GenericHelpers';`
refactor: Remove pre-setup prompt on owner setup (#6495) 2023-06-21 04:21:34 -07:00			`import { Authorized, Post, RestController } from '@/decorators';`
refactor(core): Introduce password utility (no-changelog) (#7979) ## Summary Provide details about your pull request and what it adds, fixes, or changes. Photos and videos are recommended. Continue breaking down `UserManagementHelper.ts` ... #### How to test the change: 1. ... ## Issues fixed Include links to Github issue or Community forum post or Linear ticket: > Important in order to close automatically and provide context to reviewers ... ## Review / Merge checklist - [ ] PR title and summary are descriptive. Remember, the title automatically goes into the changelog. Use `(no-changelog)` otherwise. ([conventions](https://github.com/n8n-io/n8n/blob/master/.github/pull_request_title_conventions.md)) - [ ] [Docs updated](https://github.com/n8n-io/n8n-docs) or follow-up ticket created. - [ ] Tests included. > A bug is not considered fixed, unless a test is added to prevent it from happening again. A feature is not complete without tests. > > (internal) You can use Slack commands to trigger [e2e tests](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#a39f9e5ba64a48b58a71d81c837e8227) or [deploy test instance](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#f6a177d32bde4b57ae2da0b8e454bfce) or [deploy early access version on Cloud](https://www.notion.so/n8n/Cloudbot-3dbe779836004972b7057bc989526998?pvs=4#fef2d36ab02247e1a0f65a74f6fb534e). 2023-12-11 09:23:42 -08:00			`import { PasswordUtility } from '@/services/password.utility';`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`import { issueCookie } from '@/auth/jwt';`
refactor: Integrate `consistent-type-imports` in BE packages (no-changelog) (#5270) 2023-01-27 05:56:56 -08:00			`import { OwnerRequest } from '@/requests';`
ci(core): Reduce memory usage in tests (part-2) (no-changelog) (#7671) This also gets rid of `Db.collection`, which was another source of circular dependencies. 2023-11-10 06:04:26 -08:00			`import { SettingsRepository } from '@db/repositories/settings.repository';`
refactor(core): Make controller constructors consistent (no-changelog) (#7015) 2023-08-25 04:23:22 -07:00			`import { PostHogClient } from '@/posthog';`
refactor(core): Move all user DB access to `UserRepository` (#6910) Prep for https://linear.app/n8n/issue/PAY-646 2023-08-22 06:58:05 -07:00			`import { UserService } from '@/services/user.service';`
refactor(core): Make Logger a service (no-changelog) (#7494) 2023-10-25 07:35:22 -07:00			`import { Logger } from '@/Logger';`
refactor(core): Reorganize error hierarchy in `cli` package (no-changelog) (#7839) Ensure all errors in `cli` inherit from `ApplicationError` to continue normalizing all the errors we report to Sentry Follow-up to: https://github.com/n8n-io/n8n/pull/7820 2023-11-28 01:19:27 -08:00			`import { BadRequestError } from '@/errors/response-errors/bad-request.error';`
refactor(core): Use Dependency Injection for all Controller classes (no-changelog) (#8146) ## Review / Merge checklist - [x] PR title and summary are descriptive 2023-12-27 02:50:43 -08:00			`import { InternalHooks } from '@/InternalHooks';`
refactor(core): Continue moving `typeorm` operators to repositories (no-changelog) (#8186) Follow-up to: #8163 2024-01-02 08:53:24 -08:00			`import { UserRepository } from '@/databases/repositories/user.repository';`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00
refactor(core): Remove roleId indirection (no-changelog) (#8413) 2024-01-24 04:38:57 -08:00			`@Authorized('global:owner')`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`@RestController('/owner')`
			`export class OwnerController {`
refactor(core): Make controller constructors consistent (no-changelog) (#7015) 2023-08-25 04:23:22 -07:00			`constructor(`
refactor(core): Make Logger a service (no-changelog) (#7494) 2023-10-25 07:35:22 -07:00			`private readonly logger: Logger,`
refactor(core): Use Dependency Injection for all Controller classes (no-changelog) (#8146) ## Review / Merge checklist - [x] PR title and summary are descriptive 2023-12-27 02:50:43 -08:00			`private readonly internalHooks: InternalHooks,`
refactor(core): Make controller constructors consistent (no-changelog) (#7015) 2023-08-25 04:23:22 -07:00			`private readonly settingsRepository: SettingsRepository,`
			`private readonly userService: UserService,`
refactor(core): Introduce password utility (no-changelog) (#7979) ## Summary Provide details about your pull request and what it adds, fixes, or changes. Photos and videos are recommended. Continue breaking down `UserManagementHelper.ts` ... #### How to test the change: 1. ... ## Issues fixed Include links to Github issue or Community forum post or Linear ticket: > Important in order to close automatically and provide context to reviewers ... ## Review / Merge checklist - [ ] PR title and summary are descriptive. Remember, the title automatically goes into the changelog. Use `(no-changelog)` otherwise. ([conventions](https://github.com/n8n-io/n8n/blob/master/.github/pull_request_title_conventions.md)) - [ ] [Docs updated](https://github.com/n8n-io/n8n-docs) or follow-up ticket created. - [ ] Tests included. > A bug is not considered fixed, unless a test is added to prevent it from happening again. A feature is not complete without tests. > > (internal) You can use Slack commands to trigger [e2e tests](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#a39f9e5ba64a48b58a71d81c837e8227) or [deploy test instance](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#f6a177d32bde4b57ae2da0b8e454bfce) or [deploy early access version on Cloud](https://www.notion.so/n8n/Cloudbot-3dbe779836004972b7057bc989526998?pvs=4#fef2d36ab02247e1a0f65a74f6fb534e). 2023-12-11 09:23:42 -08:00			`private readonly passwordUtility: PasswordUtility,`
refactor(core): Use Dependency Injection for all Controller classes (no-changelog) (#8146) ## Review / Merge checklist - [x] PR title and summary are descriptive 2023-12-27 02:50:43 -08:00			`private readonly postHog: PostHogClient,`
refactor(core): Continue moving `typeorm` operators to repositories (no-changelog) (#8186) Follow-up to: #8163 2024-01-02 08:53:24 -08:00			`private readonly userRepository: UserRepository,`
refactor(core): Make controller constructors consistent (no-changelog) (#7015) 2023-08-25 04:23:22 -07:00			`) {}`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00
			`/**`
			`* Promote a shell into the owner of the n8n instance,`
			* and enable `isInstanceOwnerSetUp` setting.
			`*/`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`@Post('/setup')`
			`async setupOwner(req: OwnerRequest.Post, res: Response) {`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`const { email, firstName, lastName, password } = req.body;`
refactor(core): Remove roleId indirection (no-changelog) (#8413) 2024-01-24 04:38:57 -08:00			`const { id: userId } = req.user;`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00
refactor(core): Use Dependency Injection for all Controller classes (no-changelog) (#8146) ## Review / Merge checklist - [x] PR title and summary are descriptive 2023-12-27 02:50:43 -08:00			`if (config.getEnv('userManagement.isInstanceOwnerSetUp')) {`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`this.logger.debug(`
			`'Request to claim instance ownership failed because instance owner already exists',`
			`{`
			`userId,`
			`},`
			`);`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`throw new BadRequestError('Instance owner already setup');`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`}`

			`if (!email \|\| !validator.isEmail(email)) {`
			`this.logger.debug('Request to claim instance ownership failed because of invalid email', {`
			`userId,`
			`invalidEmail: email,`
			`});`
			`throw new BadRequestError('Invalid email address');`
			`}`

refactor(core): Introduce password utility (no-changelog) (#7979) ## Summary Provide details about your pull request and what it adds, fixes, or changes. Photos and videos are recommended. Continue breaking down `UserManagementHelper.ts` ... #### How to test the change: 1. ... ## Issues fixed Include links to Github issue or Community forum post or Linear ticket: > Important in order to close automatically and provide context to reviewers ... ## Review / Merge checklist - [ ] PR title and summary are descriptive. Remember, the title automatically goes into the changelog. Use `(no-changelog)` otherwise. ([conventions](https://github.com/n8n-io/n8n/blob/master/.github/pull_request_title_conventions.md)) - [ ] [Docs updated](https://github.com/n8n-io/n8n-docs) or follow-up ticket created. - [ ] Tests included. > A bug is not considered fixed, unless a test is added to prevent it from happening again. A feature is not complete without tests. > > (internal) You can use Slack commands to trigger [e2e tests](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#a39f9e5ba64a48b58a71d81c837e8227) or [deploy test instance](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#f6a177d32bde4b57ae2da0b8e454bfce) or [deploy early access version on Cloud](https://www.notion.so/n8n/Cloudbot-3dbe779836004972b7057bc989526998?pvs=4#fef2d36ab02247e1a0f65a74f6fb534e). 2023-12-11 09:23:42 -08:00			`const validPassword = this.passwordUtility.validate(password);`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00
			`if (!firstName \|\| !lastName) {`
			`this.logger.debug(`
			`'Request to claim instance ownership failed because of missing first name or last name in payload',`
			`{ userId, payload: req.body },`
			`);`
			`throw new BadRequestError('First and last names are mandatory');`
			`}`

refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`let owner = req.user;`

refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`Object.assign(owner, {`
			`email,`
			`firstName,`
			`lastName,`
refactor(core): Introduce password utility (no-changelog) (#7979) ## Summary Provide details about your pull request and what it adds, fixes, or changes. Photos and videos are recommended. Continue breaking down `UserManagementHelper.ts` ... #### How to test the change: 1. ... ## Issues fixed Include links to Github issue or Community forum post or Linear ticket: > Important in order to close automatically and provide context to reviewers ... ## Review / Merge checklist - [ ] PR title and summary are descriptive. Remember, the title automatically goes into the changelog. Use `(no-changelog)` otherwise. ([conventions](https://github.com/n8n-io/n8n/blob/master/.github/pull_request_title_conventions.md)) - [ ] [Docs updated](https://github.com/n8n-io/n8n-docs) or follow-up ticket created. - [ ] Tests included. > A bug is not considered fixed, unless a test is added to prevent it from happening again. A feature is not complete without tests. > > (internal) You can use Slack commands to trigger [e2e tests](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#a39f9e5ba64a48b58a71d81c837e8227) or [deploy test instance](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#f6a177d32bde4b57ae2da0b8e454bfce) or [deploy early access version on Cloud](https://www.notion.so/n8n/Cloudbot-3dbe779836004972b7057bc989526998?pvs=4#fef2d36ab02247e1a0f65a74f6fb534e). 2023-12-11 09:23:42 -08:00			`password: await this.passwordUtility.hash(validPassword),`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`});`

			`await validateEntity(owner);`

refactor(core): Continue moving `typeorm` operators to repositories (no-changelog) (#8186) Follow-up to: #8163 2024-01-02 08:53:24 -08:00			`owner = await this.userRepository.save(owner);`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`this.logger.info('Owner was set up successfully', { userId });`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00
			`await this.settingsRepository.update(`
			`{ key: 'userManagement.isInstanceOwnerSetUp' },`
			`{ value: JSON.stringify(true) },`
			`);`

refactor(core): Use Dependency Injection for all Controller classes (no-changelog) (#8146) ## Review / Merge checklist - [x] PR title and summary are descriptive 2023-12-27 02:50:43 -08:00			`config.set('userManagement.isInstanceOwnerSetUp', true);`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`this.logger.debug('Setting isInstanceOwnerSetUp updated successfully', { userId });`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00
			`await issueCookie(res, owner);`

			`void this.internalHooks.onInstanceOwnerSetup({ user_id: userId });`

fix: Set '@typescript-eslint/return-await' rule to 'always' for node code (no-changelog) (#8363) Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> 2024-01-17 07:08:50 -08:00			`return await this.userService.toPublic(owner, { posthog: this.postHog, withScopes: true });`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`}`
feat(editor): Add v1 banner (#6443) 2023-06-19 07:23:57 -07:00
feat(editor): Implement new banners framework (#6603) * ⚡ Implemented new grid row - banners * ✨ Fixing node creator and executions sidebar position after layout update * 💄 Added configurable round corners to the Callout component * ⚡ Fixing mouse position detection and main tab bar position * ⚡ Implemented basic banner component structure * ⚡ Implemented banner state and dismiss logic * ⚡ Fixing grid layout. Updating banners height state dynamically * ⚡ Fix zoom to fit position, mouse position in demo mode and callout vertical alignment * ⚡ Implementing proper trial banners logic * 💄 Only showing execution usage data once the sidebar is fully expanded * ✨ Implemented permanent/temporary dismiss logic for v1 flag * ⚡ Minor refactoring of banner logic * ⚡ Updating permanent dismiss logic to work with all banners * 👕 Fixing linting errors * ✔️ Updating Callout component test snapshots * 💄 Tweaking zoom to fit position * ✔️ Updating testing endpoints to use new store data * ✅ Added banners unit tests * ✔️ Fixing failing banner tests * ✅ Added more banner tests * ⚡ Updating banners dimensions on resize, removing leftover code * ✔️ Removing store import from API file * 👕 Fixing lint errors * ⚡ Updating migration files * ⚡ Using query parameters in migrations * 👌 Addressing design review feedback * ⚡ Updating upgrade plan button click * ⚡ Updating the migrations syntax * 👌 Updating permanent banner dismiss endpoint and back-end logic * 👌 Refactoring trial banner component and ui store * 👌 Addressing more points from code review * 👌 Moving DOM logic from the store * ✔️ Updated callout component snapshots * 👌 Updating mysql migration file * ✔️ Updating e2e test canvas coordinates after setting it's position to absolute * 👌 Addressing back-end review feedback * 👌 Improving typing around banners * 👕 Fixing lint errors 2023-07-14 06:36:17 -07:00			`@Post('/dismiss-banner')`
			`async dismissBanner(req: OwnerRequest.DismissBanner) {`
			`const bannerName = 'banner' in req.body ? (req.body.banner as string) : '';`
			`const response = await this.settingsRepository.dismissBanner({ bannerName });`
			`return response;`
feat(editor): Add v1 banner (#6443) 2023-06-19 07:23:57 -07:00			`}`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`}`