refactor(core): Delete all auth exclusion config and checks (no-changelog) (#9044)

This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™ 2024-04-03 16:56:36 +02:00 committed by GitHub
parent ec9fe98a35
commit 76b73a27a0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 13 additions and 34 deletions

View file

@ -4,7 +4,6 @@
/* eslint-disable @typescript-eslint/no-unsafe-member-access */ /* eslint-disable @typescript-eslint/no-unsafe-member-access */
/* eslint-disable @typescript-eslint/no-unsafe-assignment */ /* eslint-disable @typescript-eslint/no-unsafe-assignment */
import { Container, Service } from 'typedi'; import { Container, Service } from 'typedi';
import assert from 'assert';
import { exec as callbackExec } from 'child_process'; import { exec as callbackExec } from 'child_process';
import { access as fsAccess } from 'fs/promises'; import { access as fsAccess } from 'fs/promises';
import { join as pathJoin } from 'path'; import { join as pathJoin } from 'path';
@ -224,22 +223,6 @@ export class Server extends AbstractServer {
await Container.get(PostHogClient).init(); await Container.get(PostHogClient).init();
const publicApiEndpoint = config.getEnv('publicApi.path'); const publicApiEndpoint = config.getEnv('publicApi.path');
const excludeEndpoints = config.getEnv('security.excludeEndpoints');
const ignoredEndpoints: Readonly<string[]> = [
'assets',
'healthz',
'metrics',
'e2e',
this.endpointPresetCredentials,
isApiEnabled() ? '' : publicApiEndpoint,
...excludeEndpoints.split(':'),
].filter((u) => !!u);
assert(
!ignoredEndpoints.includes(this.restEndpoint),
`REST endpoint cannot be set to any of these values: ${ignoredEndpoints.join()} `,
);
// ---------------------------------------- // ----------------------------------------
// Public API // Public API
@ -258,15 +241,24 @@ export class Server extends AbstractServer {
const { restEndpoint, app } = this; const { restEndpoint, app } = this;
setupPushHandler(restEndpoint, app); setupPushHandler(restEndpoint, app);
const nonUIRoutes: Readonly<string[]> = [
'assets',
'healthz',
'metrics',
'e2e',
this.restEndpoint,
this.endpointPresetCredentials,
isApiEnabled() ? '' : publicApiEndpoint,
].filter((u) => !!u);
const nonUIRoutesRegex = new RegExp(`^/(${nonUIRoutes.join('|')})/?.*$`);
// Make sure that Vue history mode works properly // Make sure that Vue history mode works properly
this.app.use( this.app.use(
history({ history({
rewrites: [ rewrites: [
{ {
from: new RegExp(`^/(${[this.restEndpoint, ...ignoredEndpoints].join('|')})/?.*$`), from: nonUIRoutesRegex,
to: (context) => { to: ({ parsedUrl }) => parsedUrl.pathname!.toString(),
return context.parsedUrl.pathname!.toString();
},
}, },
], ],
}), }),

View file

@ -590,12 +590,6 @@ export const schema = {
env: 'N8N_SECURITY_AUDIT_DAYS_ABANDONED_WORKFLOW', env: 'N8N_SECURITY_AUDIT_DAYS_ABANDONED_WORKFLOW',
}, },
}, },
excludeEndpoints: {
doc: 'Additional endpoints to exclude auth checks. Multiple endpoints can be separated by colon (":")',
format: String,
default: '',
env: 'N8N_AUTH_EXCLUDE_ENDPOINTS',
},
}, },
endpoints: { endpoints: {

View file

@ -88,10 +88,6 @@ export class InstanceRiskReporter implements RiskReporter {
publicApiEnabled: isApiEnabled(), publicApiEnabled: isApiEnabled(),
}; };
settings.auth = {
authExcludeEndpoints: config.getEnv('security.excludeEndpoints') || 'none',
};
settings.nodes = { settings.nodes = {
nodesExclude: config.getEnv('nodes.exclude') ?? 'none', nodesExclude: config.getEnv('nodes.exclude') ?? 'none',
nodesInclude: config.getEnv('nodes.include') ?? 'none', nodesInclude: config.getEnv('nodes.include') ?? 'none',

View file

@ -252,9 +252,6 @@ test('should report security settings', async () => {
templatesEnabled: true, templatesEnabled: true,
publicApiEnabled: false, publicApiEnabled: false,
}, },
auth: {
authExcludeEndpoints: 'none',
},
nodes: { nodesExclude: 'none', nodesInclude: 'none' }, nodes: { nodesExclude: 'none', nodesInclude: 'none' },
telemetry: { diagnosticsEnabled: true }, telemetry: { diagnosticsEnabled: true },
}); });