n8n/packages/cli/src/PublicApi/middlewares.ts

/* eslint-disable import/no-cycle */
/* eslint-disable @typescript-eslint/no-unused-vars */
/* eslint-disable consistent-return */
/* eslint-disable @typescript-eslint/no-explicit-any */
import express = require('express');
import validator from 'validator';
import config = require('../../config');
import type { UserRequest } from '../requests';
import { decodeCursor } from './helpers';

type Role = 'owner' | 'member';

const instanceOwnerSetup = (
	req: express.Request,
	res: express.Response,
	next: express.NextFunction,
): any => {
	if (config.getEnv('userManagement.isInstanceOwnerSetUp')) {
		return next();
	}
	return res.status(400).json({ message: 'asasas' });
};

const emailSetup = (
	req: express.Request,
	res: express.Response,
	next: express.NextFunction,
): any => {
	if (config.getEnv('userManagement.emails.mode')) {
		return next();
	}
	return res.status(400).json({ message: 'asasas' });
};

const authorize =
	(role: [Role]) =>
	(req: express.Request, res: express.Response, next: express.NextFunction): any => {
		const {
			globalRole: { name: userRole },
		} = req.user as { globalRole: { name: Role } };
		if (role.includes(userRole)) {
			return next();
		}
		return res.status(400).json({
			message: 'asasas',
		});
	};

const validEmail = (
	req: UserRequest.Invite,
	res: express.Response,
	next: express.NextFunction,
): any => {
	// eslint-disable-next-line no-restricted-syntax
	for (const { email } of req.body) {
		if (!validator.isEmail(email)) {
			return res.status(400).json({
				message: `Request to send email invite(s) to user(s) failed because of an invalid email address: ${email}`,
			});
		}
	}
	next();
};

const deletingOwnUser = (
	req: UserRequest.Delete,
	res: express.Response,
	next: express.NextFunction,
): any => {
	if (req.user.id === req.params.identifier) {
		return res.status(400).json({
			message: `Cannot delete your own user`,
		});
	}
	next();
};

const transferingToDeletedUser = (
	req: UserRequest.Delete,
	res: express.Response,
	next: express.NextFunction,
): any => {
	if (req.query.transferId === req.params.identifier) {
		return res.status(400).json({
			message: `Request to delete a user failed because the user to delete and the transferee are the same user`,
		});
	}
	next();
};

const validCursor = (
	req: UserRequest.Get,
	res: express.Response,
	next: express.NextFunction,
): any => {
	let offset = 0;
	let limit = 10;
	if (req.query?.limit) {
		limit = parseInt(req.query?.limit, 10) || 10;
	}
	if (req.query.cursor) {
		const { cursor } = req.query;
		try {
			({ offset, limit } = decodeCursor(cursor));
		} catch (error) {
			return res.status(400).json({
				message: `invalid cursor`,
			});
		}
	}
	req.limit = limit;
	req.offset = offset;
	next();
};

const parseIncludeRole = (
	req: UserRequest.Get,
	res: express.Response,
	next: express.NextFunction,
): any => {
	req.includeRole = false;
	if (req.query?.includeRole) {
		req.includeRole = req.query.includeRole === 'true';
	}
	next();
};

export const middlewares = {
	createUsers: [instanceOwnerSetup, emailSetup, validEmail, authorize(['owner'])],
	deleteUsers: [
		instanceOwnerSetup,
		deletingOwnUser,
		transferingToDeletedUser,
		authorize(['owner']),
	],
	getUsers: [instanceOwnerSetup, parseIncludeRole, validCursor, authorize(['owner'])],
	getUser: [instanceOwnerSetup, parseIncludeRole, authorize(['owner'])],
};
:zap: Refactor GET /users and /users/:identifier 2022-04-06 17:35:48 -07:00			`/* eslint-disable import/no-cycle */`
			`/* eslint-disable @typescript-eslint/no-unused-vars */`
:zap: Refactor POST /users 2022-04-04 18:57:18 -07:00			`/* eslint-disable consistent-return */`
			`/* eslint-disable @typescript-eslint/no-explicit-any */`
			`import express = require('express');`
			`import validator from 'validator';`
			`import config = require('../../config');`
			`import type { UserRequest } from '../requests';`
:zap: Refactor GET /users and /users/:identifier 2022-04-06 17:35:48 -07:00			`import { decodeCursor } from './helpers';`
:zap: Possibility to add custom middleware 2022-03-30 20:11:26 -07:00
:zap: Refactor POST /users 2022-04-04 18:57:18 -07:00			`type Role = 'owner' \| 'member';`

			`const instanceOwnerSetup = (`
			`req: express.Request,`
			`res: express.Response,`
			`next: express.NextFunction,`
			`): any => {`
:zap: Fix linting issues after merge 2022-04-10 18:08:26 -07:00			`if (config.getEnv('userManagement.isInstanceOwnerSetUp')) {`
:zap: Refactor POST /users 2022-04-04 18:57:18 -07:00			`return next();`
			`}`
			`return res.status(400).json({ message: 'asasas' });`
			`};`

			`const emailSetup = (`
			`req: express.Request,`
			`res: express.Response,`
			`next: express.NextFunction,`
			`): any => {`
:zap: Fix linting issues after merge 2022-04-10 18:08:26 -07:00			`if (config.getEnv('userManagement.emails.mode')) {`
:zap: Refactor POST /users 2022-04-04 18:57:18 -07:00			`return next();`
			`}`
			`return res.status(400).json({ message: 'asasas' });`
			`};`

			`const authorize =`
			`(role: [Role]) =>`
			`(req: express.Request, res: express.Response, next: express.NextFunction): any => {`
			`const {`
			`globalRole: { name: userRole },`
			`} = req.user as { globalRole: { name: Role } };`
			`if (role.includes(userRole)) {`
			`return next();`
			`}`
			`return res.status(400).json({`
			`message: 'asasas',`
			`});`
			`};`

			`const validEmail = (`
			`req: UserRequest.Invite,`
			`res: express.Response,`
			`next: express.NextFunction,`
			`): any => {`
:zap: Fix linting issues after merge 2022-04-10 18:08:26 -07:00			`// eslint-disable-next-line no-restricted-syntax`
			`for (const { email } of req.body) {`
			`if (!validator.isEmail(email)) {`
:zap: Refactor POST /users 2022-04-04 18:57:18 -07:00			`return res.status(400).json({`
:zap: Fix linting issues after merge 2022-04-10 18:08:26 -07:00			message: `Request to send email invite(s) to user(s) failed because of an invalid email address: ${email}`,
:zap: Refactor POST /users 2022-04-04 18:57:18 -07:00			`});`
			`}`
:zap: Fix linting issues after merge 2022-04-10 18:08:26 -07:00			`}`
:zap: Possibility to add custom middleware 2022-03-30 20:11:26 -07:00			`next();`
			`};`

:zap: Refactor DELETE /users 2022-04-05 16:24:23 -07:00			`const deletingOwnUser = (`
			`req: UserRequest.Delete,`
			`res: express.Response,`
			`next: express.NextFunction,`
			`): any => {`
			`if (req.user.id === req.params.identifier) {`
			`return res.status(400).json({`
			message: `Cannot delete your own user`,
			`});`
			`}`
			`next();`
			`};`

			`const transferingToDeletedUser = (`
			`req: UserRequest.Delete,`
			`res: express.Response,`
			`next: express.NextFunction,`
			`): any => {`
			`if (req.query.transferId === req.params.identifier) {`
			`return res.status(400).json({`
			message: `Request to delete a user failed because the user to delete and the transferee are the same user`,
			`});`
			`}`
			`next();`
			`};`

:zap: Refactor GET /users and /users/:identifier 2022-04-06 17:35:48 -07:00			`const validCursor = (`
			`req: UserRequest.Get,`
			`res: express.Response,`
			`next: express.NextFunction,`
			`): any => {`
			`let offset = 0;`
			`let limit = 10;`
			`if (req.query?.limit) {`
			`limit = parseInt(req.query?.limit, 10) \|\| 10;`
			`}`
			`if (req.query.cursor) {`
			`const { cursor } = req.query;`
			`try {`
			`({ offset, limit } = decodeCursor(cursor));`
			`} catch (error) {`
			`return res.status(400).json({`
			message: `invalid cursor`,
			`});`
			`}`
			`}`
			`req.limit = limit;`
			`req.offset = offset;`
			`next();`
			`};`

			`const parseIncludeRole = (`
			`req: UserRequest.Get,`
			`res: express.Response,`
			`next: express.NextFunction,`
			`): any => {`
			`req.includeRole = false;`
			`if (req.query?.includeRole) {`
			`req.includeRole = req.query.includeRole === 'true';`
			`}`
			`next();`
			`};`

:zap: Possibility to add custom middleware 2022-03-30 20:11:26 -07:00			`export const middlewares = {`
:zap: Refactor POST /users 2022-04-04 18:57:18 -07:00			`createUsers: [instanceOwnerSetup, emailSetup, validEmail, authorize(['owner'])],`
:zap: Refactor DELETE /users 2022-04-05 16:24:23 -07:00			`deleteUsers: [`
			`instanceOwnerSetup,`
			`deletingOwnUser,`
			`transferingToDeletedUser,`
			`authorize(['owner']),`
			`],`
:zap: Refactor GET /users and /users/:identifier 2022-04-06 17:35:48 -07:00			`getUsers: [instanceOwnerSetup, parseIncludeRole, validCursor, authorize(['owner'])],`
			`getUser: [instanceOwnerSetup, parseIncludeRole, authorize(['owner'])],`
:zap: Possibility to add custom middleware 2022-03-30 20:11:26 -07:00			`};`