n8n/packages/cli/src/controllers/owner.controller.ts

import validator from 'validator';
import { validateEntity } from '@/GenericHelpers';
import { Get, Post, RestController } from '@/decorators';
import { BadRequestError } from '@/ResponseHelper';
import {
	hashPassword,
	sanitizeUser,
	validatePassword,
} from '@/UserManagement/UserManagementHelper';
import { issueCookie } from '@/auth/jwt';
import { Response } from 'express';
import type { ILogger } from 'n8n-workflow';
import type { Config } from '@/config';
import { OwnerRequest } from '@/requests';
import type { IDatabaseCollections, IInternalHooksClass } from '@/Interfaces';
import type {
	CredentialsRepository,
	SettingsRepository,
	UserRepository,
	WorkflowRepository,
} from '@db/repositories';

@RestController('/owner')
export class OwnerController {
	private readonly config: Config;

	private readonly logger: ILogger;

	private readonly internalHooks: IInternalHooksClass;

	private readonly userRepository: UserRepository;

	private readonly settingsRepository: SettingsRepository;

	private readonly credentialsRepository: CredentialsRepository;

	private readonly workflowsRepository: WorkflowRepository;

	constructor({
		config,
		logger,
		internalHooks,
		repositories,
	}: {
		config: Config;
		logger: ILogger;
		internalHooks: IInternalHooksClass;
		repositories: Pick<IDatabaseCollections, 'User' | 'Settings' | 'Credentials' | 'Workflow'>;
	}) {
		this.config = config;
		this.logger = logger;
		this.internalHooks = internalHooks;
		this.userRepository = repositories.User;
		this.settingsRepository = repositories.Settings;
		this.credentialsRepository = repositories.Credentials;
		this.workflowsRepository = repositories.Workflow;
	}

	@Get('/pre-setup')
	async preSetup(): Promise<{ credentials: number; workflows: number }> {
		if (this.config.getEnv('userManagement.isInstanceOwnerSetUp')) {
			throw new BadRequestError('Instance owner already setup');
		}

		const [credentials, workflows] = await Promise.all([
			this.credentialsRepository.countBy({}),
			this.workflowsRepository.countBy({}),
		]);
		return { credentials, workflows };
	}

	/**
	 * Promote a shell into the owner of the n8n instance,
	 * and enable `isInstanceOwnerSetUp` setting.
	 */
	@Post('/setup')
	async setupOwner(req: OwnerRequest.Post, res: Response) {
		const { email, firstName, lastName, password } = req.body;
		const { id: userId, globalRole } = req.user;

		if (this.config.getEnv('userManagement.isInstanceOwnerSetUp')) {
			this.logger.debug(
				'Request to claim instance ownership failed because instance owner already exists',
				{
					userId,
				},
			);
			throw new BadRequestError('Instance owner already setup');
		}

		if (!email || !validator.isEmail(email)) {
			this.logger.debug('Request to claim instance ownership failed because of invalid email', {
				userId,
				invalidEmail: email,
			});
			throw new BadRequestError('Invalid email address');
		}

		const validPassword = validatePassword(password);

		if (!firstName || !lastName) {
			this.logger.debug(
				'Request to claim instance ownership failed because of missing first name or last name in payload',
				{ userId, payload: req.body },
			);
			throw new BadRequestError('First and last names are mandatory');
		}

		// TODO: This check should be in a middleware outside this class
		if (globalRole.scope === 'global' && globalRole.name !== 'owner') {
			this.logger.debug(
				'Request to claim instance ownership failed because user shell does not exist or has wrong role!',
				{
					userId,
				},
			);
			throw new BadRequestError('Invalid request');
		}

		let owner = req.user;

		Object.assign(owner, {
			email,
			firstName,
			lastName,
			password: await hashPassword(validPassword),
		});

		await validateEntity(owner);

		owner = await this.userRepository.save(owner);

		this.logger.info('Owner was set up successfully', { userId });

		await this.settingsRepository.update(
			{ key: 'userManagement.isInstanceOwnerSetUp' },
			{ value: JSON.stringify(true) },
		);

		this.config.set('userManagement.isInstanceOwnerSetUp', true);

		this.logger.debug('Setting isInstanceOwnerSetUp updated successfully', { userId });

		await issueCookie(res, owner);

		void this.internalHooks.onInstanceOwnerSetup({ user_id: userId });

		return sanitizeUser(owner);
	}

	/**
	 * Persist that the instance owner setup has been skipped
	 */
	@Post('/skip-setup')
	async skipSetup() {
		await this.settingsRepository.update(
			{ key: 'userManagement.skipInstanceOwnerSetup' },
			{ value: JSON.stringify(true) },
		);

		this.config.set('userManagement.skipInstanceOwnerSetup', true);

		return { success: true };
	}
}
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`import validator from 'validator';`
			`import { validateEntity } from '@/GenericHelpers';`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`import { Get, Post, RestController } from '@/decorators';`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`import { BadRequestError } from '@/ResponseHelper';`
			`import {`
			`hashPassword,`
			`sanitizeUser,`
			`validatePassword,`
			`} from '@/UserManagement/UserManagementHelper';`
			`import { issueCookie } from '@/auth/jwt';`
refactor: Integrate `consistent-type-imports` in BE packages (no-changelog) (#5270) 2023-01-27 05:56:56 -08:00			`import { Response } from 'express';`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`import type { ILogger } from 'n8n-workflow';`
			`import type { Config } from '@/config';`
refactor: Integrate `consistent-type-imports` in BE packages (no-changelog) (#5270) 2023-01-27 05:56:56 -08:00			`import { OwnerRequest } from '@/requests';`
refactor(core): Use injectable classes for db repositories (part-1) (no-changelog) (#5953) Co-authored-by: ricardo <ricardoespinoza105@gmail.com> 2023-04-12 01:59:14 -07:00			`import type { IDatabaseCollections, IInternalHooksClass } from '@/Interfaces';`
			`import type {`
			`CredentialsRepository,`
			`SettingsRepository,`
			`UserRepository,`
			`WorkflowRepository,`
			`} from '@db/repositories';`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00
			`@RestController('/owner')`
			`export class OwnerController {`
			`private readonly config: Config;`

			`private readonly logger: ILogger;`

			`private readonly internalHooks: IInternalHooksClass;`

refactor(core): Use injectable classes for db repositories (part-1) (no-changelog) (#5953) Co-authored-by: ricardo <ricardoespinoza105@gmail.com> 2023-04-12 01:59:14 -07:00			`private readonly userRepository: UserRepository;`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00
refactor(core): Use injectable classes for db repositories (part-1) (no-changelog) (#5953) Co-authored-by: ricardo <ricardoespinoza105@gmail.com> 2023-04-12 01:59:14 -07:00			`private readonly settingsRepository: SettingsRepository;`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00
refactor(core): Use injectable classes for db repositories (part-1) (no-changelog) (#5953) Co-authored-by: ricardo <ricardoespinoza105@gmail.com> 2023-04-12 01:59:14 -07:00			`private readonly credentialsRepository: CredentialsRepository;`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00
refactor(core): Use injectable classes for db repositories (part-1) (no-changelog) (#5953) Co-authored-by: ricardo <ricardoespinoza105@gmail.com> 2023-04-12 01:59:14 -07:00			`private readonly workflowsRepository: WorkflowRepository;`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`constructor({`
			`config,`
			`logger,`
			`internalHooks,`
			`repositories,`
			`}: {`
			`config: Config;`
			`logger: ILogger;`
			`internalHooks: IInternalHooksClass;`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`repositories: Pick<IDatabaseCollections, 'User' \| 'Settings' \| 'Credentials' \| 'Workflow'>;`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`}) {`
			`this.config = config;`
			`this.logger = logger;`
			`this.internalHooks = internalHooks;`
			`this.userRepository = repositories.User;`
			`this.settingsRepository = repositories.Settings;`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`this.credentialsRepository = repositories.Credentials;`
			`this.workflowsRepository = repositories.Workflow;`
			`}`

			`@Get('/pre-setup')`
			`async preSetup(): Promise<{ credentials: number; workflows: number }> {`
			`if (this.config.getEnv('userManagement.isInstanceOwnerSetUp')) {`
			`throw new BadRequestError('Instance owner already setup');`
			`}`

			`const [credentials, workflows] = await Promise.all([`
			`this.credentialsRepository.countBy({}),`
			`this.workflowsRepository.countBy({}),`
			`]);`
			`return { credentials, workflows };`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`}`

			`/**`
			`* Promote a shell into the owner of the n8n instance,`
			* and enable `isInstanceOwnerSetUp` setting.
			`*/`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`@Post('/setup')`
			`async setupOwner(req: OwnerRequest.Post, res: Response) {`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`const { email, firstName, lastName, password } = req.body;`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`const { id: userId, globalRole } = req.user;`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00
			`if (this.config.getEnv('userManagement.isInstanceOwnerSetUp')) {`
			`this.logger.debug(`
			`'Request to claim instance ownership failed because instance owner already exists',`
			`{`
			`userId,`
			`},`
			`);`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`throw new BadRequestError('Instance owner already setup');`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`}`

			`if (!email \|\| !validator.isEmail(email)) {`
			`this.logger.debug('Request to claim instance ownership failed because of invalid email', {`
			`userId,`
			`invalidEmail: email,`
			`});`
			`throw new BadRequestError('Invalid email address');`
			`}`

			`const validPassword = validatePassword(password);`

			`if (!firstName \|\| !lastName) {`
			`this.logger.debug(`
			`'Request to claim instance ownership failed because of missing first name or last name in payload',`
			`{ userId, payload: req.body },`
			`);`
			`throw new BadRequestError('First and last names are mandatory');`
			`}`

refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`// TODO: This check should be in a middleware outside this class`
			`if (globalRole.scope === 'global' && globalRole.name !== 'owner') {`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`this.logger.debug(`
			`'Request to claim instance ownership failed because user shell does not exist or has wrong role!',`
			`{`
			`userId,`
			`},`
			`);`
			`throw new BadRequestError('Invalid request');`
			`}`

refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`let owner = req.user;`

refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00			`Object.assign(owner, {`
			`email,`
			`firstName,`
			`lastName,`
			`password: await hashPassword(validPassword),`
			`});`

			`await validateEntity(owner);`

			`owner = await this.userRepository.save(owner);`

refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`this.logger.info('Owner was set up successfully', { userId });`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00
			`await this.settingsRepository.update(`
			`{ key: 'userManagement.isInstanceOwnerSetUp' },`
			`{ value: JSON.stringify(true) },`
			`);`

			`this.config.set('userManagement.isInstanceOwnerSetUp', true);`

refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`this.logger.debug('Setting isInstanceOwnerSetUp updated successfully', { userId });`
refactor(core): Switch over all user-management routes to use decorators (#5115) 2023-01-27 02:19:47 -08:00
			`await issueCookie(res, owner);`

			`void this.internalHooks.onInstanceOwnerSetup({ user_id: userId });`

			`return sanitizeUser(owner);`
			`}`

			`/**`
			`* Persist that the instance owner setup has been skipped`
			`*/`
			`@Post('/skip-setup')`
			`async skipSetup() {`
			`await this.settingsRepository.update(`
			`{ key: 'userManagement.skipInstanceOwnerSetup' },`
			`{ value: JSON.stringify(true) },`
			`);`

			`this.config.set('userManagement.skipInstanceOwnerSetup', true);`

			`return { success: true };`
			`}`
			`}`