Parse single-line private key for Google service account (#2132)

*  Parse single-line private key

* ✏️ Update description and placeholder

*  Some improvements

Co-authored-by: Jan Oberhauser <janober@users.noreply.github.com>
Co-authored-by: Jan Oberhauser <jan.oberhauser@gmail.com>
This commit is contained in:
Iván Ovejero 2021-12-24 16:12:18 +01:00 committed by GitHub
parent 231c760ef5
commit 26eac80d49
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 93 additions and 29 deletions

View file

@ -17,14 +17,14 @@ export class GoogleApi implements ICredentialType {
default: '',
description: 'The Google Service account similar to user-808@project.iam.gserviceaccount.com.',
required: true,
},
{
displayName: 'Private Key',
name: 'privateKey',
type: 'string',
default: '',
description: 'Use the multiline editor. Make sure there are exactly 3 lines.<br />-----BEGIN PRIVATE KEY-----<br />KEY IN A SINGLE LINE<br />-----END PRIVATE KEY-----',
placeholder: '-----BEGIN PRIVATE KEY-----\nXIYEvQIBADANBg<...>0IhA7TMoGYPQc=\n-----END PRIVATE KEY-----\n',
description: 'Enter the private key located in the JSON file downloaded from Google Cloud Console',
required: true,
},
{

View file

@ -16,6 +16,13 @@ import * as moment from 'moment-timezone';
import * as jwt from 'jsonwebtoken';
interface IGoogleAuthCredentials {
delegatedEmail?: string;
email: string;
inpersonate: boolean;
privateKey: string;
}
export async function googleApiRequest(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions, method: string, resource: string, body: any = {}, qs: IDataObject = {}, uri?: string, headers: IDataObject = {}): Promise<any> { // tslint:disable-line:no-any
const authenticationMethod = this.getNodeParameter('authentication', 0, 'serviceAccount') as string;
const options: OptionsWithUri = {
@ -37,13 +44,16 @@ export async function googleApiRequest(this: IExecuteFunctions | IExecuteSingleF
}
if (authenticationMethod === 'serviceAccount') {
const credentials = await this.getCredentials('googleApi');
const credentials = await this.getCredentials('googleApi') as {
email: string;
privateKey: string;
};
if (credentials === undefined) {
throw new NodeOperationError(this.getNode(), 'No credentials got returned!');
}
const { access_token } = await getAccessToken.call(this, credentials as IDataObject);
const { access_token } = await getAccessToken.call(this, credentials as unknown as IGoogleAuthCredentials);
options.headers!.Authorization = `Bearer ${access_token}`;
//@ts-ignore
@ -78,7 +88,7 @@ export async function googleApiRequestAllItems(this: IExecuteFunctions | ILoadOp
return returnData;
}
function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions, credentials: IDataObject): Promise<IDataObject> {
function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions, credentials: IGoogleAuthCredentials): Promise<IDataObject> {
//https://developers.google.com/identity/protocols/oauth2/service-account#httprest
const scopes = [
@ -87,7 +97,8 @@ function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoa
const now = moment().unix();
const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n');
credentials.email = credentials.email.trim();
const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n').trim();
const signature = jwt.sign(
{

View file

@ -17,6 +17,13 @@ import * as moment from 'moment-timezone';
import * as jwt from 'jsonwebtoken';
interface IGoogleAuthCredentials {
delegatedEmail?: string;
email: string;
inpersonate: boolean;
privateKey: string;
}
export async function googleApiRequest(
this: IExecuteFunctions | ILoadOptionsFunctions,
method: string,
@ -50,7 +57,7 @@ export async function googleApiRequest(
throw new NodeOperationError(this.getNode(), 'No credentials got returned!');
}
const { access_token } = await getAccessToken.call(this, credentials as IDataObject);
const { access_token } = await getAccessToken.call(this, credentials as unknown as IGoogleAuthCredentials);
options.headers!.Authorization = `Bearer ${access_token}`;
return await this.helpers.request!(options);
@ -84,7 +91,7 @@ export async function googleApiRequestAllItems(this: IExecuteFunctions | ILoadOp
return returnData;
}
function getAccessToken(this: IExecuteFunctions | ILoadOptionsFunctions, credentials: IDataObject): Promise<IDataObject> {
function getAccessToken(this: IExecuteFunctions | ILoadOptionsFunctions, credentials: IGoogleAuthCredentials): Promise<IDataObject> {
//https://developers.google.com/identity/protocols/oauth2/service-account#httprest
const scopes = [
@ -95,7 +102,8 @@ function getAccessToken(this: IExecuteFunctions | ILoadOptionsFunctions, credent
const now = moment().unix();
const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n');
credentials.email = credentials.email.trim();
const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n').trim();
const signature = jwt.sign(
{

View file

@ -19,6 +19,13 @@ import * as moment from 'moment-timezone';
import * as jwt from 'jsonwebtoken';
interface IGoogleAuthCredentials {
delegatedEmail?: string;
email: string;
inpersonate: boolean;
privateKey: string;
}
export async function googleApiRequest(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions | IPollFunctions, method: string, resource: string, body: any = {}, qs: IDataObject = {}, uri?: string, option: IDataObject = {}): Promise<any> { // tslint:disable-line:no-any
const authenticationMethod = this.getNodeParameter('authentication', 0, 'serviceAccount') as string;
@ -47,7 +54,7 @@ export async function googleApiRequest(this: IExecuteFunctions | IExecuteSingleF
throw new NodeOperationError(this.getNode(), 'No credentials got returned!');
}
const { access_token } = await getAccessToken.call(this, credentials as IDataObject);
const { access_token } = await getAccessToken.call(this, credentials as unknown as IGoogleAuthCredentials);
options.headers!.Authorization = `Bearer ${access_token}`;
return await this.helpers.request!(options);
@ -83,7 +90,7 @@ export async function googleApiRequestAllItems(this: IExecuteFunctions | ILoadOp
return returnData;
}
function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions | IPollFunctions, credentials: IDataObject): Promise<IDataObject> {
function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions | IPollFunctions, credentials: IGoogleAuthCredentials): Promise<IDataObject> {
//https://developers.google.com/identity/protocols/oauth2/service-account#httprest
const scopes = [
@ -94,7 +101,8 @@ function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoa
const now = moment().unix();
const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n');
credentials.email = credentials.email.trim();
const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n').trim();
const signature = jwt.sign(
{

View file

@ -3,7 +3,6 @@ import {
} from 'request';
import {
ParsedMail,
simpleParser,
} from 'mailparser';
@ -29,6 +28,13 @@ import * as moment from 'moment-timezone';
import * as jwt from 'jsonwebtoken';
interface IGoogleAuthCredentials {
delegatedEmail?: string;
email: string;
inpersonate: boolean;
privateKey: string;
}
const mailComposer = require('nodemailer/lib/mail-composer');
export async function googleApiRequest(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions, method: string,
@ -63,7 +69,7 @@ export async function googleApiRequest(this: IExecuteFunctions | IExecuteSingleF
throw new NodeOperationError(this.getNode(), 'No credentials got returned!');
}
const { access_token } = await getAccessToken.call(this, credentials as IDataObject);
const { access_token } = await getAccessToken.call(this, credentials as unknown as IGoogleAuthCredentials);
options.headers!.Authorization = `Bearer ${access_token}`;
//@ts-ignore
@ -202,7 +208,7 @@ export function extractEmail(s: string) {
return data.substring(0, data.length - 1);
}
function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions, credentials: IDataObject): Promise<IDataObject> {
function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions, credentials: IGoogleAuthCredentials): Promise<IDataObject> {
//https://developers.google.com/identity/protocols/oauth2/service-account#httprest
const scopes = [
@ -216,7 +222,8 @@ function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoa
const now = moment().unix();
const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n');
credentials.email = credentials.email.trim();
const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n').trim();
const signature = jwt.sign(
{

View file

@ -9,7 +9,6 @@ import {
} from 'n8n-core';
import {
ICredentialDataDecryptedObject,
ICredentialTestFunctions,
IDataObject, NodeApiError, NodeOperationError,
} from 'n8n-workflow';
@ -18,6 +17,13 @@ import * as moment from 'moment-timezone';
import * as jwt from 'jsonwebtoken';
export interface IGoogleAuthCredentials {
delegatedEmail?: string;
email: string;
inpersonate: boolean;
privateKey: string;
}
export async function googleApiRequest(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions, method: string, resource: string, body: any = {}, qs: IDataObject = {}, uri?: string, headers: IDataObject = {}): Promise<any> { // tslint:disable-line:no-any
const authenticationMethod = this.getNodeParameter('authentication', 0, 'serviceAccount') as string;
const options: OptionsWithUri = {
@ -45,7 +51,7 @@ export async function googleApiRequest(this: IExecuteFunctions | IExecuteSingleF
throw new NodeOperationError(this.getNode(), 'No credentials got returned!');
}
const { access_token } = await getAccessToken.call(this, credentials as ICredentialDataDecryptedObject);
const { access_token } = await getAccessToken.call(this, credentials as unknown as IGoogleAuthCredentials);
options.headers!.Authorization = `Bearer ${access_token}`;
//@ts-ignore
@ -82,7 +88,7 @@ export async function googleApiRequestAllItems(this: IExecuteFunctions | ILoadOp
return returnData;
}
export function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions | ICredentialTestFunctions, credentials: ICredentialDataDecryptedObject): Promise<IDataObject> {
export function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions | ICredentialTestFunctions, credentials: IGoogleAuthCredentials): Promise<IDataObject> {
//https://developers.google.com/identity/protocols/oauth2/service-account#httprest
const scopes = [
@ -93,7 +99,8 @@ export function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions
const now = moment().unix();
const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n');
credentials.email = credentials.email.trim();
const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n').trim();
const signature = jwt.sign(
{

View file

@ -29,6 +29,7 @@ import {
getAccessToken,
googleApiRequest,
hexToRgb,
IGoogleAuthCredentials,
} from './GenericFunctions';
export class GoogleSheets implements INodeType {
@ -1018,7 +1019,7 @@ export class GoogleSheets implements INodeType {
credentialTest: {
async googleApiCredentialTest(this: ICredentialTestFunctions, credential: ICredentialsDecrypted): Promise<NodeCredentialTestResult> {
try {
const tokenRequest = await getAccessToken.call(this, credential.data!);
const tokenRequest = await getAccessToken.call(this, credential.data! as unknown as IGoogleAuthCredentials);
if (!tokenRequest.access_token) {
return {
status: 'Error',

View file

@ -11,12 +11,20 @@ import {
ICredentialDataDecryptedObject,
IDataObject,
NodeApiError,
NodeOperationError,
} from 'n8n-workflow';
import * as moment from 'moment-timezone';
import * as jwt from 'jsonwebtoken';
interface IGoogleAuthCredentials {
delegatedEmail?: string;
email: string;
inpersonate: boolean;
privateKey: string;
}
export async function googleApiRequest(
this: IExecuteFunctions | ILoadOptionsFunctions,
method: string,
@ -46,8 +54,13 @@ export async function googleApiRequest(
try {
if (authenticationMethod === 'serviceAccount') {
const credentials = await this.getCredentials('googleApi') as { access_token: string, email: string, privateKey: string };
const { access_token } = await getAccessToken.call(this, credentials);
const credentials = await this.getCredentials('googleApi');
if (credentials === undefined) {
throw new NodeOperationError(this.getNode(), 'No credentials got returned!');
}
const { access_token } = await getAccessToken.call(this, credentials as unknown as IGoogleAuthCredentials);
options.headers.Authorization = `Bearer ${access_token}`;
return await this.helpers.request!(options);
@ -65,7 +78,7 @@ export async function googleApiRequest(
function getAccessToken(
this: IExecuteFunctions | ILoadOptionsFunctions,
credentials: ICredentialDataDecryptedObject,
credentials: IGoogleAuthCredentials,
) {
// https://developers.google.com/identity/protocols/oauth2/service-account#httprest
@ -76,7 +89,8 @@ function getAccessToken(
const now = moment().unix();
const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n');
credentials.email = credentials.email.trim();
const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n').trim();
const signature = jwt.sign(
{

View file

@ -16,6 +16,13 @@ import * as moment from 'moment-timezone';
import * as jwt from 'jsonwebtoken';
interface IGoogleAuthCredentials {
delegatedEmail?: string;
email: string;
inpersonate: boolean;
privateKey: string;
}
export async function googleApiRequest(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions, method: string, resource: string, body: any = {}, qs: IDataObject = {}, uri?: string, headers: IDataObject = {}): Promise<any> { // tslint:disable-line:no-any
const authenticationMethod = this.getNodeParameter('authentication', 0, 'serviceAccount') as string;
const options: OptionsWithUri = {
@ -43,7 +50,7 @@ export async function googleApiRequest(this: IExecuteFunctions | IExecuteSingleF
throw new NodeOperationError(this.getNode(), 'No credentials got returned!');
}
const { access_token } = await getAccessToken.call(this, credentials as IDataObject);
const { access_token } = await getAccessToken.call(this, credentials as unknown as IGoogleAuthCredentials);
options.headers!.Authorization = `Bearer ${access_token}`;
//@ts-ignore
@ -76,7 +83,7 @@ export async function googleApiRequestAllItems(this: IExecuteFunctions | ILoadOp
return returnData;
}
function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions, credentials: IDataObject): Promise<IDataObject> {
function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions, credentials: IGoogleAuthCredentials): Promise<IDataObject> {
//https://developers.google.com/identity/protocols/oauth2/service-account#httprest
const scopes = [
@ -86,7 +93,8 @@ function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoa
const now = moment().unix();
const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n');
credentials.email = credentials.email.trim();
const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n').trim();
const signature = jwt.sign(
{