mirror of
https://github.com/n8n-io/n8n.git
synced 2024-12-25 04:34:06 -08:00
fix(core): Skip auth for controllers/routes that don't use the Authorized
decorator, or use Authorized('none')
(#6106)
This commit is contained in:
parent
3e9ecd9397
commit
59aee2270b
|
@ -32,6 +32,11 @@ export const createAuthMiddleware =
|
|||
res.status(403).json({ status: 'error', message: 'Unauthorized' });
|
||||
};
|
||||
|
||||
const authFreeRoutes: string[] = [];
|
||||
|
||||
export const canSkipAuth = (method: string, path: string): boolean =>
|
||||
authFreeRoutes.includes(`${method.toLowerCase()} ${path}`);
|
||||
|
||||
export const registerController = (app: Application, config: Config, controller: object) => {
|
||||
const controllerClass = controller.constructor;
|
||||
const controllerBasePath = Reflect.getMetadata(CONTROLLER_BASE_PATH, controllerClass) as
|
||||
|
@ -69,6 +74,7 @@ export const registerController = (app: Application, config: Config, controller:
|
|||
(controller as Controller)[handlerName](req, res),
|
||||
),
|
||||
);
|
||||
if (!authRole || authRole === 'none') authFreeRoutes.push(`${method} ${prefix}${path}`);
|
||||
});
|
||||
|
||||
app.use(prefix, router);
|
||||
|
|
|
@ -12,6 +12,7 @@ import { AUTH_COOKIE_NAME, EDITOR_UI_DIST_DIR } from '@/constants';
|
|||
import { issueCookie, resolveJwtContent } from '@/auth/jwt';
|
||||
import { isUserManagementEnabled } from '@/UserManagement/UserManagementHelper';
|
||||
import type { UserRepository } from '@db/repositories';
|
||||
import { canSkipAuth } from '@/decorators/registerController';
|
||||
|
||||
const jwtFromRequest = (req: Request) => {
|
||||
// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
|
||||
|
@ -90,14 +91,10 @@ export const setupAuthMiddlewares = (
|
|||
// skip authentication for preflight requests
|
||||
req.method === 'OPTIONS' ||
|
||||
staticAssets.includes(req.url.slice(1)) ||
|
||||
canSkipAuth(req.method, req.path) ||
|
||||
isAuthExcluded(req.url, ignoredEndpoints) ||
|
||||
req.url.startsWith(`/${restEndpoint}/settings`) ||
|
||||
req.url.startsWith(`/${restEndpoint}/login`) ||
|
||||
req.url.startsWith(`/${restEndpoint}/resolve-signup-token`) ||
|
||||
isPostUsersId(req, restEndpoint) ||
|
||||
req.url.startsWith(`/${restEndpoint}/forgot-password`) ||
|
||||
req.url.startsWith(`/${restEndpoint}/resolve-password-token`) ||
|
||||
req.url.startsWith(`/${restEndpoint}/change-password`) ||
|
||||
req.url.startsWith(`/${restEndpoint}/oauth2-credential/callback`) ||
|
||||
req.url.startsWith(`/${restEndpoint}/oauth1-credential/callback`)
|
||||
) {
|
||||
|
|
Loading…
Reference in a new issue