🔀 Merge branch 'oauth-support' of https://github.com/tildabio/n8n

This commit is contained in:
Jan Oberhauser 2020-01-06 18:01:45 -06:00
commit 0c5972bb98
12 changed files with 349 additions and 10 deletions

View file

@ -176,7 +176,7 @@ export class Start extends Command {
Start.openBrowser(); Start.openBrowser();
} }
this.log(`\nPress "o" to open in Browser.`); this.log(`\nPress "o" to open in Browser.`);
process.stdin.on("data", (key) => { process.stdin.on("data", (key: string) => {
if (key === 'o') { if (key === 'o') {
Start.openBrowser(); Start.openBrowser();
inputText = ''; inputText = '';

View file

@ -9,6 +9,6 @@
"index.ts", "index.ts",
"src" "src"
], ],
"exec": "npm start", "exec": "npm run build && npm start",
"ext": "ts" "ext": "ts"
} }

View file

@ -78,9 +78,11 @@
"basic-auth": "^2.0.1", "basic-auth": "^2.0.1",
"body-parser": "^1.18.3", "body-parser": "^1.18.3",
"body-parser-xml": "^1.1.0", "body-parser-xml": "^1.1.0",
"client-oauth2": "^4.2.5",
"compression": "^1.7.4", "compression": "^1.7.4",
"connect-history-api-fallback": "^1.6.0", "connect-history-api-fallback": "^1.6.0",
"convict": "^5.0.0", "convict": "^5.0.0",
"csrf": "^3.1.0",
"dotenv": "^8.0.0", "dotenv": "^8.0.0",
"express": "^4.16.4", "express": "^4.16.4",
"flatted": "^2.0.0", "flatted": "^2.0.0",

View file

@ -10,6 +10,9 @@ import * as bodyParser from 'body-parser';
require('body-parser-xml')(bodyParser); require('body-parser-xml')(bodyParser);
import * as history from 'connect-history-api-fallback'; import * as history from 'connect-history-api-fallback';
import * as requestPromise from 'request-promise-native'; import * as requestPromise from 'request-promise-native';
import * as _ from 'lodash';
import * as clientOAuth2 from 'client-oauth2';
import * as csrf from 'csrf';
import { import {
ActiveExecutions, ActiveExecutions,
@ -721,6 +724,8 @@ class App {
// Encrypt the data // Encrypt the data
const credentials = new Credentials(incomingData.name, incomingData.type, incomingData.nodesAccess); const credentials = new Credentials(incomingData.name, incomingData.type, incomingData.nodesAccess);
_.unset(incomingData.data, 'csrfSecret');
_.unset(incomingData.data, 'oauthTokenData');
credentials.setData(incomingData.data, encryptionKey); credentials.setData(incomingData.data, encryptionKey);
const newCredentialsData = credentials.getDataToSave() as unknown as ICredentialsDb; const newCredentialsData = credentials.getDataToSave() as unknown as ICredentialsDb;
@ -840,8 +845,138 @@ class App {
return returnData; return returnData;
})); }));
// ----------------------------------------
// OAuth2-Credential/Auth
// ----------------------------------------
// Returns all the credential types which are defined in the loaded n8n-modules
this.app.get('/rest/oauth2-credential/auth', ResponseHelper.send(async (req: express.Request, res: express.Response): Promise<string> => {
if (req.query.id === undefined) {
throw new Error('Required credential id is missing!');
}
const result = await Db.collections.Credentials!.findOne(req.query.id);
if (result === undefined) {
res.status(404).send('The credential is not known.');
return '';
}
let encryptionKey = undefined;
encryptionKey = await UserSettings.getEncryptionKey();
if (encryptionKey === undefined) {
throw new Error('No encryption key got found to decrypt the credentials!');
}
const credentials = new Credentials(result.name, result.type, result.nodesAccess, result.data);
(result as ICredentialsDecryptedDb).data = credentials.getData(encryptionKey!);
(result as ICredentialsDecryptedResponse).id = result.id.toString();
const oauthCredentials = (result as ICredentialsDecryptedDb).data;
if (oauthCredentials === undefined) {
throw new Error('Unable to read OAuth credentials');
}
let token = new csrf();
// Generate a CSRF prevention token and send it as a OAuth2 state stringma/ERR
oauthCredentials.csrfSecret = token.secretSync();
const state = {
'token': token.create(oauthCredentials.csrfSecret),
'cid': req.query.id
}
const stateEncodedStr = Buffer.from(JSON.stringify(state)).toString('base64') as string;
const oAuthObj = new clientOAuth2({
clientId: _.get(oauthCredentials, 'clientId') as string,
clientSecret: _.get(oauthCredentials, 'clientSecret', '') as string,
accessTokenUri: _.get(oauthCredentials, 'accessTokenUrl', '') as string,
authorizationUri: _.get(oauthCredentials, 'authUrl', '') as string,
redirectUri: _.get(oauthCredentials, 'callbackUrl', WebhookHelpers.getWebhookBaseUrl()) as string,
scopes: _.split(_.get(oauthCredentials, 'scope', 'openid,') as string, ','),
state: stateEncodedStr
});
credentials.setData(oauthCredentials, encryptionKey);
const newCredentialsData = credentials.getDataToSave() as unknown as ICredentialsDb;
// Add special database related data
newCredentialsData.updatedAt = this.getCurrentDate();
// Update the credentials in DB
await Db.collections.Credentials!.update(req.query.id, newCredentialsData);
return oAuthObj.code.getUri();
}));
// ----------------------------------------
// OAuth2-Credential/Callback
// ----------------------------------------
// Verify and store app code. Generate access tokens and store for respective credential.
this.app.get('/rest/oauth2-credential/callback', ResponseHelper.send(async (req: express.Request, res: express.Response): Promise<string> => {
const {code, state: stateEncoded} = req.query;
if (code === undefined || stateEncoded === undefined) {
throw new Error('Insufficient parameters for OAuth2 callback')
}
let state;
try {
state = JSON.parse(Buffer.from(stateEncoded, 'base64').toString());
} catch (error) {
throw new Error('Invalid state format returned');
}
const result = await Db.collections.Credentials!.findOne(state.cid);
if (result === undefined) {
res.status(404).send('The credential is not known.');
return '';
}
let encryptionKey = undefined;
encryptionKey = await UserSettings.getEncryptionKey();
if (encryptionKey === undefined) {
throw new Error('No encryption key got found to decrypt the credentials!');
}
const credentials = new Credentials(result.name, result.type, result.nodesAccess, result.data);
(result as ICredentialsDecryptedDb).data = credentials.getData(encryptionKey!);
const oauthCredentials = (result as ICredentialsDecryptedDb).data;
if (oauthCredentials === undefined) {
throw new Error('Unable to read OAuth credentials');
}
let token = new csrf();
if (oauthCredentials.csrfSecret === undefined || !token.verify(oauthCredentials.csrfSecret as string, state.token)) {
res.status(404).send('The OAuth2 callback state is invalid.');
return '';
}
const oAuthObj = new clientOAuth2({
clientId: _.get(oauthCredentials, 'clientId') as string,
clientSecret: _.get(oauthCredentials, 'clientSecret', '') as string,
accessTokenUri: _.get(oauthCredentials, 'accessTokenUrl', '') as string,
authorizationUri: _.get(oauthCredentials, 'authUrl', '') as string,
redirectUri: _.get(oauthCredentials, 'callbackUrl', WebhookHelpers.getWebhookBaseUrl()) as string,
scopes: _.split(_.get(oauthCredentials, 'scope', 'openid,') as string, ',')
});
const oauthToken = await oAuthObj.code.getToken(req.originalUrl);
if (oauthToken === undefined) {
throw new Error('Unable to get access tokens');
}
oauthCredentials.oauthTokenData = JSON.stringify(oauthToken.data);
_.unset(oauthCredentials, 'csrfSecret');
credentials.setData(oauthCredentials, encryptionKey);
const newCredentialsData = credentials.getDataToSave() as unknown as ICredentialsDb;
// Add special database related data
newCredentialsData.updatedAt = this.getCurrentDate();
// Save the credentials in DB
await Db.collections.Credentials!.update(state.cid, newCredentialsData);
return 'Success!';
}));
// ---------------------------------------- // ----------------------------------------
// Executions // Executions
// ---------------------------------------- // ----------------------------------------

View file

@ -145,6 +145,8 @@ export interface IRestApi {
deleteExecutions(sendData: IExecutionDeleteFilter): Promise<void>; deleteExecutions(sendData: IExecutionDeleteFilter): Promise<void>;
retryExecution(id: string, loadWorkflow?: boolean): Promise<boolean>; retryExecution(id: string, loadWorkflow?: boolean): Promise<boolean>;
getTimezones(): Promise<IDataObject>; getTimezones(): Promise<IDataObject>;
OAuth2CredentialAuthorize(sendData: ICredentialsResponse): Promise<string>;
OAuth2Callback(code: string, state: string): Promise<string>;
} }
export interface IBinaryDisplayData { export interface IBinaryDisplayData {

View file

@ -25,10 +25,12 @@
<el-table-column property="updatedAt" label="Updated" class-name="clickable" sortable></el-table-column> <el-table-column property="updatedAt" label="Updated" class-name="clickable" sortable></el-table-column>
<el-table-column <el-table-column
label="Operations" label="Operations"
width="120"> width="180">
<template slot-scope="scope"> <template slot-scope="scope">
<el-button title="Edit Credentials" @click.stop="editCredential(scope.row)" icon="el-icon-edit" circle></el-button> <el-button title="Edit Credentials" @click.stop="editCredential(scope.row)" icon="el-icon-edit" circle></el-button>
<el-button title="Delete Credentials" @click.stop="deleteCredential(scope.row)" type="danger" icon="el-icon-delete" circle></el-button> <el-button title="Delete Credentials" @click.stop="deleteCredential(scope.row)" type="danger" icon="el-icon-delete" circle></el-button>
<!-- Would be nice to have this button switch from connect to disconnect based on the credential status -->
<el-button title="Connect OAuth Credentials" @click.stop="OAuth2CredentialAuthorize(scope.row)" icon="el-icon-caret-right" v-if="scope.row.type == 'OAuth2Api'" circle></el-button>
</template> </template>
</el-table-column> </el-table-column>
</el-table> </el-table>
@ -91,6 +93,20 @@ export default mixins(
this.editCredentials = null; this.editCredentials = null;
this.credentialEditDialogVisible = true; this.credentialEditDialogVisible = true;
}, },
async OAuth2CredentialAuthorize (credential: ICredentialsResponse) {
let url;
try {
url = await this.restApi().OAuth2CredentialAuthorize(credential) as string;
} catch (error) {
this.$showError(error, 'OAuth Authorization Error', 'Error generating authorization URL:');
return;
}
const params = `scrollbars=no,resizable=no,status=no,location=no,toolbar=no,menubar=no,width=0,height=0,left=-1000,top=-1000`;
const oauthPopup = window.open(url, 'OAuth2 Authorization', params);
console.log(oauthPopup);
},
editCredential (credential: ICredentialsResponse) { editCredential (credential: ICredentialsResponse) {
const editCredentials = { const editCredentials = {
id: credential.id, id: credential.id,
@ -124,7 +140,7 @@ export default mixins(
try { try {
this.credentials = JSON.parse(JSON.stringify(this.$store.getters.allCredentials)); this.credentials = JSON.parse(JSON.stringify(this.$store.getters.allCredentials));
} catch (error) { } catch (error) {
this.$showError(error, 'Proble loading credentials', 'There was a problem loading the credentials:'); this.$showError(error, 'Problem loading credentials', 'There was a problem loading the credentials:');
this.isDataLoading = false; this.isDataLoading = false;
return; return;
} }

View file

@ -252,6 +252,21 @@ export const restApi = Vue.extend({
return self.restApi().makeRestApiRequest('GET', `/credential-types`); return self.restApi().makeRestApiRequest('GET', `/credential-types`);
}, },
// Get OAuth2 Authorization URL using the stored credentials
OAuth2CredentialAuthorize: (sendData: ICredentialsResponse): Promise<string> => {
return self.restApi().makeRestApiRequest('GET', `/oauth2-credential/auth`, sendData);
},
// Verify OAuth2 provider callback and kick off token generation
OAuth2Callback: (code: string, state: string): Promise<string> => {
const sendData = {
'code': code,
'state': state
};
return self.restApi().makeRestApiRequest('POST', `/oauth2-credential/callback`, sendData);
},
// Returns the execution with the given name // Returns the execution with the given name
getExecution: async (id: string): Promise<IExecutionResponse> => { getExecution: async (id: string): Promise<IExecutionResponse> => {
const response = await self.restApi().makeRestApiRequest('GET', `/executions/${id}`); const response = await self.restApi().makeRestApiRequest('GET', `/executions/${id}`);

View file

@ -19,6 +19,12 @@ export default new Router({
sidebar: MainSidebar, sidebar: MainSidebar,
}, },
}, },
{
path: '/oauth2/callback',
name: 'OAuth2Callback',
components: {
},
},
{ {
path: '/workflow', path: '/workflow',
name: 'NodeViewNew', name: 'NodeViewNew',

View file

@ -12,6 +12,7 @@ module.exports = {
}, },
}, },
configureWebpack: { configureWebpack: {
devtool: 'source-map',
plugins: [ plugins: [
new GoogleFontsPlugin({ new GoogleFontsPlugin({
fonts: [ fonts: [

View file

@ -0,0 +1,56 @@
import {
ICredentialType,
NodePropertyTypes,
} from 'n8n-workflow';
export class OAuth2Api implements ICredentialType {
name = 'OAuth2Api';
displayName = 'OAuth2 API';
properties = [
{
displayName: 'Authorization URL',
name: 'authUrl',
type: 'string' as NodePropertyTypes,
default: '',
required: true,
},
{
displayName: 'Access Token URL',
name: 'accessTokenUrl',
type: 'string' as NodePropertyTypes,
default: '',
required: true,
},
{
displayName: 'Callback URL',
name: 'callbackUrl',
type: 'string' as NodePropertyTypes,
default: '',
required: true,
},
{
displayName: 'Client ID',
name: 'clientId',
type: 'string' as NodePropertyTypes,
default: '',
required: true,
},
{
displayName: 'Client Secret',
name: 'clientSecret',
type: 'string' as NodePropertyTypes,
typeOptions: {
password: true,
},
default: '',
required: true,
},
{
displayName: 'Scope',
name: 'scope',
type: 'string' as NodePropertyTypes,
default: '',
},
];
}

View file

@ -0,0 +1,104 @@
import { IExecuteFunctions } from 'n8n-core';
import {
GenericValue,
IDataObject,
INodeExecutionData,
INodeType,
INodeTypeDescription,
} from 'n8n-workflow';
import { set } from 'lodash';
import * as util from 'util';
import { connectionFields } from './ActiveCampaign/ConnectionDescription';
export class OAuth implements INodeType {
description: INodeTypeDescription = {
displayName: 'OAuth',
name: 'oauth',
icon: 'fa:code-branch',
group: ['input'],
version: 1,
description: 'Gets, sends data to Oauth API Endpoint and receives generic information.',
defaults: {
name: 'OAuth',
color: '#0033AA',
},
inputs: ['main'],
outputs: ['main'],
credentials: [
{
name: 'OAuth2Api',
required: true,
}
],
properties: [
{
displayName: 'Operation',
name: 'operation',
type: 'options',
options: [
{
name: 'Get',
value: 'get',
description: 'Returns the value of a key from oauth.',
},
],
default: 'get',
description: 'The operation to perform.',
},
// ----------------------------------
// get
// ----------------------------------
{
displayName: 'Name',
name: 'propertyName',
type: 'string',
displayOptions: {
show: {
operation: [
'get'
],
},
},
default: 'propertyName',
required: true,
description: 'Name of the property to write received data to.<br />Supports dot-notation.<br />Example: "data.person[0].name"',
},
]
};
async execute(this: IExecuteFunctions): Promise<INodeExecutionData[][]> {
const credentials = this.getCredentials('OAuth2Api');
if (credentials === undefined) {
throw new Error('No credentials got returned!');
}
if (credentials.oauthTokenData === undefined) {
throw new Error('OAuth credentials not connected');
}
const operation = this.getNodeParameter('operation', 0) as string;
if (operation === 'get') {
const items = this.getInputData();
const returnItems: INodeExecutionData[] = [];
let item: INodeExecutionData;
// credentials.oauthTokenData has the refreshToken and accessToken available
// it would be nice to have credentials.getOAuthToken() which returns the accessToken
// and also handles an error case where if the token is to be refreshed, it does so
// without knowledge of the node.
console.log('Got OAuth credentials!', credentials.oauthTokenData);
for (let itemIndex = 0; itemIndex < items.length; itemIndex++) {
item = { json: { itemIndex } };
returnItems.push(item);
}
return [returnItems];
} else {
throw new Error('Unknown operation');
}
}
}

View file

@ -58,6 +58,7 @@
"dist/credentials/MySql.credentials.js", "dist/credentials/MySql.credentials.js",
"dist/credentials/NextCloudApi.credentials.js", "dist/credentials/NextCloudApi.credentials.js",
"dist/credentials/OpenWeatherMapApi.credentials.js", "dist/credentials/OpenWeatherMapApi.credentials.js",
"dist/credentials/OAuth2Api.credentials.js",
"dist/credentials/PipedriveApi.credentials.js", "dist/credentials/PipedriveApi.credentials.js",
"dist/credentials/Postgres.credentials.js", "dist/credentials/Postgres.credentials.js",
"dist/credentials/PayPalApi.credentials.js", "dist/credentials/PayPalApi.credentials.js",
@ -136,6 +137,7 @@
"dist/nodes/Mandrill/Mandrill.node.js", "dist/nodes/Mandrill/Mandrill.node.js",
"dist/nodes/NoOp.node.js", "dist/nodes/NoOp.node.js",
"dist/nodes/OpenWeatherMap.node.js", "dist/nodes/OpenWeatherMap.node.js",
"dist/nodes/OAuth.node.js",
"dist/nodes/Pipedrive/Pipedrive.node.js", "dist/nodes/Pipedrive/Pipedrive.node.js",
"dist/nodes/Pipedrive/PipedriveTrigger.node.js", "dist/nodes/Pipedrive/PipedriveTrigger.node.js",
"dist/nodes/Postgres/Postgres.node.js", "dist/nodes/Postgres/Postgres.node.js",