mirror of
https://github.com/n8n-io/n8n.git
synced 2025-01-12 05:17:28 -08:00
🔀 Merge branch 'oauth-support' of https://github.com/tildabio/n8n
This commit is contained in:
commit
0c5972bb98
|
@ -176,7 +176,7 @@ export class Start extends Command {
|
|||
Start.openBrowser();
|
||||
}
|
||||
this.log(`\nPress "o" to open in Browser.`);
|
||||
process.stdin.on("data", (key) => {
|
||||
process.stdin.on("data", (key: string) => {
|
||||
if (key === 'o') {
|
||||
Start.openBrowser();
|
||||
inputText = '';
|
||||
|
|
|
@ -9,6 +9,6 @@
|
|||
"index.ts",
|
||||
"src"
|
||||
],
|
||||
"exec": "npm start",
|
||||
"exec": "npm run build && npm start",
|
||||
"ext": "ts"
|
||||
}
|
|
@ -78,9 +78,11 @@
|
|||
"basic-auth": "^2.0.1",
|
||||
"body-parser": "^1.18.3",
|
||||
"body-parser-xml": "^1.1.0",
|
||||
"client-oauth2": "^4.2.5",
|
||||
"compression": "^1.7.4",
|
||||
"connect-history-api-fallback": "^1.6.0",
|
||||
"convict": "^5.0.0",
|
||||
"csrf": "^3.1.0",
|
||||
"dotenv": "^8.0.0",
|
||||
"express": "^4.16.4",
|
||||
"flatted": "^2.0.0",
|
||||
|
|
|
@ -10,6 +10,9 @@ import * as bodyParser from 'body-parser';
|
|||
require('body-parser-xml')(bodyParser);
|
||||
import * as history from 'connect-history-api-fallback';
|
||||
import * as requestPromise from 'request-promise-native';
|
||||
import * as _ from 'lodash';
|
||||
import * as clientOAuth2 from 'client-oauth2';
|
||||
import * as csrf from 'csrf';
|
||||
|
||||
import {
|
||||
ActiveExecutions,
|
||||
|
@ -721,6 +724,8 @@ class App {
|
|||
|
||||
// Encrypt the data
|
||||
const credentials = new Credentials(incomingData.name, incomingData.type, incomingData.nodesAccess);
|
||||
_.unset(incomingData.data, 'csrfSecret');
|
||||
_.unset(incomingData.data, 'oauthTokenData');
|
||||
credentials.setData(incomingData.data, encryptionKey);
|
||||
const newCredentialsData = credentials.getDataToSave() as unknown as ICredentialsDb;
|
||||
|
||||
|
@ -840,8 +845,138 @@ class App {
|
|||
return returnData;
|
||||
}));
|
||||
|
||||
// ----------------------------------------
|
||||
// OAuth2-Credential/Auth
|
||||
// ----------------------------------------
|
||||
|
||||
|
||||
// Returns all the credential types which are defined in the loaded n8n-modules
|
||||
this.app.get('/rest/oauth2-credential/auth', ResponseHelper.send(async (req: express.Request, res: express.Response): Promise<string> => {
|
||||
if (req.query.id === undefined) {
|
||||
throw new Error('Required credential id is missing!');
|
||||
}
|
||||
|
||||
const result = await Db.collections.Credentials!.findOne(req.query.id);
|
||||
if (result === undefined) {
|
||||
res.status(404).send('The credential is not known.');
|
||||
return '';
|
||||
}
|
||||
|
||||
let encryptionKey = undefined;
|
||||
encryptionKey = await UserSettings.getEncryptionKey();
|
||||
if (encryptionKey === undefined) {
|
||||
throw new Error('No encryption key got found to decrypt the credentials!');
|
||||
}
|
||||
|
||||
const credentials = new Credentials(result.name, result.type, result.nodesAccess, result.data);
|
||||
(result as ICredentialsDecryptedDb).data = credentials.getData(encryptionKey!);
|
||||
(result as ICredentialsDecryptedResponse).id = result.id.toString();
|
||||
|
||||
const oauthCredentials = (result as ICredentialsDecryptedDb).data;
|
||||
if (oauthCredentials === undefined) {
|
||||
throw new Error('Unable to read OAuth credentials');
|
||||
}
|
||||
|
||||
let token = new csrf();
|
||||
// Generate a CSRF prevention token and send it as a OAuth2 state stringma/ERR
|
||||
oauthCredentials.csrfSecret = token.secretSync();
|
||||
const state = {
|
||||
'token': token.create(oauthCredentials.csrfSecret),
|
||||
'cid': req.query.id
|
||||
}
|
||||
const stateEncodedStr = Buffer.from(JSON.stringify(state)).toString('base64') as string;
|
||||
|
||||
const oAuthObj = new clientOAuth2({
|
||||
clientId: _.get(oauthCredentials, 'clientId') as string,
|
||||
clientSecret: _.get(oauthCredentials, 'clientSecret', '') as string,
|
||||
accessTokenUri: _.get(oauthCredentials, 'accessTokenUrl', '') as string,
|
||||
authorizationUri: _.get(oauthCredentials, 'authUrl', '') as string,
|
||||
redirectUri: _.get(oauthCredentials, 'callbackUrl', WebhookHelpers.getWebhookBaseUrl()) as string,
|
||||
scopes: _.split(_.get(oauthCredentials, 'scope', 'openid,') as string, ','),
|
||||
state: stateEncodedStr
|
||||
});
|
||||
|
||||
credentials.setData(oauthCredentials, encryptionKey);
|
||||
const newCredentialsData = credentials.getDataToSave() as unknown as ICredentialsDb;
|
||||
|
||||
// Add special database related data
|
||||
newCredentialsData.updatedAt = this.getCurrentDate();
|
||||
|
||||
// Update the credentials in DB
|
||||
await Db.collections.Credentials!.update(req.query.id, newCredentialsData);
|
||||
|
||||
return oAuthObj.code.getUri();
|
||||
}));
|
||||
|
||||
// ----------------------------------------
|
||||
// OAuth2-Credential/Callback
|
||||
// ----------------------------------------
|
||||
|
||||
// Verify and store app code. Generate access tokens and store for respective credential.
|
||||
this.app.get('/rest/oauth2-credential/callback', ResponseHelper.send(async (req: express.Request, res: express.Response): Promise<string> => {
|
||||
const {code, state: stateEncoded} = req.query;
|
||||
if (code === undefined || stateEncoded === undefined) {
|
||||
throw new Error('Insufficient parameters for OAuth2 callback')
|
||||
}
|
||||
|
||||
let state;
|
||||
try {
|
||||
state = JSON.parse(Buffer.from(stateEncoded, 'base64').toString());
|
||||
} catch (error) {
|
||||
throw new Error('Invalid state format returned');
|
||||
}
|
||||
|
||||
const result = await Db.collections.Credentials!.findOne(state.cid);
|
||||
if (result === undefined) {
|
||||
res.status(404).send('The credential is not known.');
|
||||
return '';
|
||||
}
|
||||
|
||||
let encryptionKey = undefined;
|
||||
encryptionKey = await UserSettings.getEncryptionKey();
|
||||
if (encryptionKey === undefined) {
|
||||
throw new Error('No encryption key got found to decrypt the credentials!');
|
||||
}
|
||||
|
||||
const credentials = new Credentials(result.name, result.type, result.nodesAccess, result.data);
|
||||
(result as ICredentialsDecryptedDb).data = credentials.getData(encryptionKey!);
|
||||
const oauthCredentials = (result as ICredentialsDecryptedDb).data;
|
||||
if (oauthCredentials === undefined) {
|
||||
throw new Error('Unable to read OAuth credentials');
|
||||
}
|
||||
|
||||
let token = new csrf();
|
||||
if (oauthCredentials.csrfSecret === undefined || !token.verify(oauthCredentials.csrfSecret as string, state.token)) {
|
||||
res.status(404).send('The OAuth2 callback state is invalid.');
|
||||
return '';
|
||||
}
|
||||
|
||||
const oAuthObj = new clientOAuth2({
|
||||
clientId: _.get(oauthCredentials, 'clientId') as string,
|
||||
clientSecret: _.get(oauthCredentials, 'clientSecret', '') as string,
|
||||
accessTokenUri: _.get(oauthCredentials, 'accessTokenUrl', '') as string,
|
||||
authorizationUri: _.get(oauthCredentials, 'authUrl', '') as string,
|
||||
redirectUri: _.get(oauthCredentials, 'callbackUrl', WebhookHelpers.getWebhookBaseUrl()) as string,
|
||||
scopes: _.split(_.get(oauthCredentials, 'scope', 'openid,') as string, ',')
|
||||
});
|
||||
|
||||
const oauthToken = await oAuthObj.code.getToken(req.originalUrl);
|
||||
if (oauthToken === undefined) {
|
||||
throw new Error('Unable to get access tokens');
|
||||
}
|
||||
|
||||
oauthCredentials.oauthTokenData = JSON.stringify(oauthToken.data);
|
||||
_.unset(oauthCredentials, 'csrfSecret');
|
||||
credentials.setData(oauthCredentials, encryptionKey);
|
||||
const newCredentialsData = credentials.getDataToSave() as unknown as ICredentialsDb;
|
||||
// Add special database related data
|
||||
newCredentialsData.updatedAt = this.getCurrentDate();
|
||||
// Save the credentials in DB
|
||||
await Db.collections.Credentials!.update(state.cid, newCredentialsData);
|
||||
|
||||
return 'Success!';
|
||||
}));
|
||||
|
||||
// ----------------------------------------
|
||||
// Executions
|
||||
// ----------------------------------------
|
||||
|
|
|
@ -145,6 +145,8 @@ export interface IRestApi {
|
|||
deleteExecutions(sendData: IExecutionDeleteFilter): Promise<void>;
|
||||
retryExecution(id: string, loadWorkflow?: boolean): Promise<boolean>;
|
||||
getTimezones(): Promise<IDataObject>;
|
||||
OAuth2CredentialAuthorize(sendData: ICredentialsResponse): Promise<string>;
|
||||
OAuth2Callback(code: string, state: string): Promise<string>;
|
||||
}
|
||||
|
||||
export interface IBinaryDisplayData {
|
||||
|
|
|
@ -25,10 +25,12 @@
|
|||
<el-table-column property="updatedAt" label="Updated" class-name="clickable" sortable></el-table-column>
|
||||
<el-table-column
|
||||
label="Operations"
|
||||
width="120">
|
||||
width="180">
|
||||
<template slot-scope="scope">
|
||||
<el-button title="Edit Credentials" @click.stop="editCredential(scope.row)" icon="el-icon-edit" circle></el-button>
|
||||
<el-button title="Delete Credentials" @click.stop="deleteCredential(scope.row)" type="danger" icon="el-icon-delete" circle></el-button>
|
||||
<!-- Would be nice to have this button switch from connect to disconnect based on the credential status -->
|
||||
<el-button title="Connect OAuth Credentials" @click.stop="OAuth2CredentialAuthorize(scope.row)" icon="el-icon-caret-right" v-if="scope.row.type == 'OAuth2Api'" circle></el-button>
|
||||
</template>
|
||||
</el-table-column>
|
||||
</el-table>
|
||||
|
@ -91,6 +93,20 @@ export default mixins(
|
|||
this.editCredentials = null;
|
||||
this.credentialEditDialogVisible = true;
|
||||
},
|
||||
async OAuth2CredentialAuthorize (credential: ICredentialsResponse) {
|
||||
let url;
|
||||
try {
|
||||
url = await this.restApi().OAuth2CredentialAuthorize(credential) as string;
|
||||
} catch (error) {
|
||||
this.$showError(error, 'OAuth Authorization Error', 'Error generating authorization URL:');
|
||||
return;
|
||||
}
|
||||
|
||||
const params = `scrollbars=no,resizable=no,status=no,location=no,toolbar=no,menubar=no,width=0,height=0,left=-1000,top=-1000`;
|
||||
const oauthPopup = window.open(url, 'OAuth2 Authorization', params);
|
||||
|
||||
console.log(oauthPopup);
|
||||
},
|
||||
editCredential (credential: ICredentialsResponse) {
|
||||
const editCredentials = {
|
||||
id: credential.id,
|
||||
|
@ -124,7 +140,7 @@ export default mixins(
|
|||
try {
|
||||
this.credentials = JSON.parse(JSON.stringify(this.$store.getters.allCredentials));
|
||||
} catch (error) {
|
||||
this.$showError(error, 'Proble loading credentials', 'There was a problem loading the credentials:');
|
||||
this.$showError(error, 'Problem loading credentials', 'There was a problem loading the credentials:');
|
||||
this.isDataLoading = false;
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -252,6 +252,21 @@ export const restApi = Vue.extend({
|
|||
return self.restApi().makeRestApiRequest('GET', `/credential-types`);
|
||||
},
|
||||
|
||||
// Get OAuth2 Authorization URL using the stored credentials
|
||||
OAuth2CredentialAuthorize: (sendData: ICredentialsResponse): Promise<string> => {
|
||||
return self.restApi().makeRestApiRequest('GET', `/oauth2-credential/auth`, sendData);
|
||||
},
|
||||
|
||||
// Verify OAuth2 provider callback and kick off token generation
|
||||
OAuth2Callback: (code: string, state: string): Promise<string> => {
|
||||
const sendData = {
|
||||
'code': code,
|
||||
'state': state
|
||||
};
|
||||
|
||||
return self.restApi().makeRestApiRequest('POST', `/oauth2-credential/callback`, sendData);
|
||||
},
|
||||
|
||||
// Returns the execution with the given name
|
||||
getExecution: async (id: string): Promise<IExecutionResponse> => {
|
||||
const response = await self.restApi().makeRestApiRequest('GET', `/executions/${id}`);
|
||||
|
|
|
@ -19,6 +19,12 @@ export default new Router({
|
|||
sidebar: MainSidebar,
|
||||
},
|
||||
},
|
||||
{
|
||||
path: '/oauth2/callback',
|
||||
name: 'OAuth2Callback',
|
||||
components: {
|
||||
},
|
||||
},
|
||||
{
|
||||
path: '/workflow',
|
||||
name: 'NodeViewNew',
|
||||
|
|
|
@ -12,6 +12,7 @@ module.exports = {
|
|||
},
|
||||
},
|
||||
configureWebpack: {
|
||||
devtool: 'source-map',
|
||||
plugins: [
|
||||
new GoogleFontsPlugin({
|
||||
fonts: [
|
||||
|
|
56
packages/nodes-base/credentials/OAuth2Api.credentials.ts
Normal file
56
packages/nodes-base/credentials/OAuth2Api.credentials.ts
Normal file
|
@ -0,0 +1,56 @@
|
|||
import {
|
||||
ICredentialType,
|
||||
NodePropertyTypes,
|
||||
} from 'n8n-workflow';
|
||||
|
||||
|
||||
export class OAuth2Api implements ICredentialType {
|
||||
name = 'OAuth2Api';
|
||||
displayName = 'OAuth2 API';
|
||||
properties = [
|
||||
{
|
||||
displayName: 'Authorization URL',
|
||||
name: 'authUrl',
|
||||
type: 'string' as NodePropertyTypes,
|
||||
default: '',
|
||||
required: true,
|
||||
},
|
||||
{
|
||||
displayName: 'Access Token URL',
|
||||
name: 'accessTokenUrl',
|
||||
type: 'string' as NodePropertyTypes,
|
||||
default: '',
|
||||
required: true,
|
||||
},
|
||||
{
|
||||
displayName: 'Callback URL',
|
||||
name: 'callbackUrl',
|
||||
type: 'string' as NodePropertyTypes,
|
||||
default: '',
|
||||
required: true,
|
||||
},
|
||||
{
|
||||
displayName: 'Client ID',
|
||||
name: 'clientId',
|
||||
type: 'string' as NodePropertyTypes,
|
||||
default: '',
|
||||
required: true,
|
||||
},
|
||||
{
|
||||
displayName: 'Client Secret',
|
||||
name: 'clientSecret',
|
||||
type: 'string' as NodePropertyTypes,
|
||||
typeOptions: {
|
||||
password: true,
|
||||
},
|
||||
default: '',
|
||||
required: true,
|
||||
},
|
||||
{
|
||||
displayName: 'Scope',
|
||||
name: 'scope',
|
||||
type: 'string' as NodePropertyTypes,
|
||||
default: '',
|
||||
},
|
||||
];
|
||||
}
|
104
packages/nodes-base/nodes/OAuth.node.ts
Normal file
104
packages/nodes-base/nodes/OAuth.node.ts
Normal file
|
@ -0,0 +1,104 @@
|
|||
import { IExecuteFunctions } from 'n8n-core';
|
||||
import {
|
||||
GenericValue,
|
||||
IDataObject,
|
||||
INodeExecutionData,
|
||||
INodeType,
|
||||
INodeTypeDescription,
|
||||
} from 'n8n-workflow';
|
||||
|
||||
import { set } from 'lodash';
|
||||
|
||||
import * as util from 'util';
|
||||
import { connectionFields } from './ActiveCampaign/ConnectionDescription';
|
||||
|
||||
export class OAuth implements INodeType {
|
||||
description: INodeTypeDescription = {
|
||||
displayName: 'OAuth',
|
||||
name: 'oauth',
|
||||
icon: 'fa:code-branch',
|
||||
group: ['input'],
|
||||
version: 1,
|
||||
description: 'Gets, sends data to Oauth API Endpoint and receives generic information.',
|
||||
defaults: {
|
||||
name: 'OAuth',
|
||||
color: '#0033AA',
|
||||
},
|
||||
inputs: ['main'],
|
||||
outputs: ['main'],
|
||||
credentials: [
|
||||
{
|
||||
name: 'OAuth2Api',
|
||||
required: true,
|
||||
}
|
||||
],
|
||||
properties: [
|
||||
{
|
||||
displayName: 'Operation',
|
||||
name: 'operation',
|
||||
type: 'options',
|
||||
options: [
|
||||
{
|
||||
name: 'Get',
|
||||
value: 'get',
|
||||
description: 'Returns the value of a key from oauth.',
|
||||
},
|
||||
],
|
||||
default: 'get',
|
||||
description: 'The operation to perform.',
|
||||
},
|
||||
|
||||
// ----------------------------------
|
||||
// get
|
||||
// ----------------------------------
|
||||
{
|
||||
displayName: 'Name',
|
||||
name: 'propertyName',
|
||||
type: 'string',
|
||||
displayOptions: {
|
||||
show: {
|
||||
operation: [
|
||||
'get'
|
||||
],
|
||||
},
|
||||
},
|
||||
default: 'propertyName',
|
||||
required: true,
|
||||
description: 'Name of the property to write received data to.<br />Supports dot-notation.<br />Example: "data.person[0].name"',
|
||||
},
|
||||
]
|
||||
};
|
||||
|
||||
async execute(this: IExecuteFunctions): Promise<INodeExecutionData[][]> {
|
||||
const credentials = this.getCredentials('OAuth2Api');
|
||||
if (credentials === undefined) {
|
||||
throw new Error('No credentials got returned!');
|
||||
}
|
||||
|
||||
if (credentials.oauthTokenData === undefined) {
|
||||
throw new Error('OAuth credentials not connected');
|
||||
}
|
||||
|
||||
const operation = this.getNodeParameter('operation', 0) as string;
|
||||
if (operation === 'get') {
|
||||
const items = this.getInputData();
|
||||
const returnItems: INodeExecutionData[] = [];
|
||||
|
||||
let item: INodeExecutionData;
|
||||
|
||||
// credentials.oauthTokenData has the refreshToken and accessToken available
|
||||
// it would be nice to have credentials.getOAuthToken() which returns the accessToken
|
||||
// and also handles an error case where if the token is to be refreshed, it does so
|
||||
// without knowledge of the node.
|
||||
console.log('Got OAuth credentials!', credentials.oauthTokenData);
|
||||
|
||||
for (let itemIndex = 0; itemIndex < items.length; itemIndex++) {
|
||||
item = { json: { itemIndex } };
|
||||
returnItems.push(item);
|
||||
}
|
||||
return [returnItems];
|
||||
} else {
|
||||
throw new Error('Unknown operation');
|
||||
}
|
||||
}
|
||||
}
|
|
@ -58,6 +58,7 @@
|
|||
"dist/credentials/MySql.credentials.js",
|
||||
"dist/credentials/NextCloudApi.credentials.js",
|
||||
"dist/credentials/OpenWeatherMapApi.credentials.js",
|
||||
"dist/credentials/OAuth2Api.credentials.js",
|
||||
"dist/credentials/PipedriveApi.credentials.js",
|
||||
"dist/credentials/Postgres.credentials.js",
|
||||
"dist/credentials/PayPalApi.credentials.js",
|
||||
|
@ -136,6 +137,7 @@
|
|||
"dist/nodes/Mandrill/Mandrill.node.js",
|
||||
"dist/nodes/NoOp.node.js",
|
||||
"dist/nodes/OpenWeatherMap.node.js",
|
||||
"dist/nodes/OAuth.node.js",
|
||||
"dist/nodes/Pipedrive/Pipedrive.node.js",
|
||||
"dist/nodes/Pipedrive/PipedriveTrigger.node.js",
|
||||
"dist/nodes/Postgres/Postgres.node.js",
|
||||
|
|
Loading…
Reference in a new issue