mirror of
https://github.com/n8n-io/n8n.git
synced 2024-12-24 20:24:05 -08:00
refactor(core): Delete all auth exclusion config and checks (no-changelog) (#9044)
This commit is contained in:
parent
ec9fe98a35
commit
76b73a27a0
|
@ -4,7 +4,6 @@
|
||||||
/* eslint-disable @typescript-eslint/no-unsafe-member-access */
|
/* eslint-disable @typescript-eslint/no-unsafe-member-access */
|
||||||
/* eslint-disable @typescript-eslint/no-unsafe-assignment */
|
/* eslint-disable @typescript-eslint/no-unsafe-assignment */
|
||||||
import { Container, Service } from 'typedi';
|
import { Container, Service } from 'typedi';
|
||||||
import assert from 'assert';
|
|
||||||
import { exec as callbackExec } from 'child_process';
|
import { exec as callbackExec } from 'child_process';
|
||||||
import { access as fsAccess } from 'fs/promises';
|
import { access as fsAccess } from 'fs/promises';
|
||||||
import { join as pathJoin } from 'path';
|
import { join as pathJoin } from 'path';
|
||||||
|
@ -224,22 +223,6 @@ export class Server extends AbstractServer {
|
||||||
await Container.get(PostHogClient).init();
|
await Container.get(PostHogClient).init();
|
||||||
|
|
||||||
const publicApiEndpoint = config.getEnv('publicApi.path');
|
const publicApiEndpoint = config.getEnv('publicApi.path');
|
||||||
const excludeEndpoints = config.getEnv('security.excludeEndpoints');
|
|
||||||
|
|
||||||
const ignoredEndpoints: Readonly<string[]> = [
|
|
||||||
'assets',
|
|
||||||
'healthz',
|
|
||||||
'metrics',
|
|
||||||
'e2e',
|
|
||||||
this.endpointPresetCredentials,
|
|
||||||
isApiEnabled() ? '' : publicApiEndpoint,
|
|
||||||
...excludeEndpoints.split(':'),
|
|
||||||
].filter((u) => !!u);
|
|
||||||
|
|
||||||
assert(
|
|
||||||
!ignoredEndpoints.includes(this.restEndpoint),
|
|
||||||
`REST endpoint cannot be set to any of these values: ${ignoredEndpoints.join()} `,
|
|
||||||
);
|
|
||||||
|
|
||||||
// ----------------------------------------
|
// ----------------------------------------
|
||||||
// Public API
|
// Public API
|
||||||
|
@ -258,15 +241,24 @@ export class Server extends AbstractServer {
|
||||||
const { restEndpoint, app } = this;
|
const { restEndpoint, app } = this;
|
||||||
setupPushHandler(restEndpoint, app);
|
setupPushHandler(restEndpoint, app);
|
||||||
|
|
||||||
|
const nonUIRoutes: Readonly<string[]> = [
|
||||||
|
'assets',
|
||||||
|
'healthz',
|
||||||
|
'metrics',
|
||||||
|
'e2e',
|
||||||
|
this.restEndpoint,
|
||||||
|
this.endpointPresetCredentials,
|
||||||
|
isApiEnabled() ? '' : publicApiEndpoint,
|
||||||
|
].filter((u) => !!u);
|
||||||
|
const nonUIRoutesRegex = new RegExp(`^/(${nonUIRoutes.join('|')})/?.*$`);
|
||||||
|
|
||||||
// Make sure that Vue history mode works properly
|
// Make sure that Vue history mode works properly
|
||||||
this.app.use(
|
this.app.use(
|
||||||
history({
|
history({
|
||||||
rewrites: [
|
rewrites: [
|
||||||
{
|
{
|
||||||
from: new RegExp(`^/(${[this.restEndpoint, ...ignoredEndpoints].join('|')})/?.*$`),
|
from: nonUIRoutesRegex,
|
||||||
to: (context) => {
|
to: ({ parsedUrl }) => parsedUrl.pathname!.toString(),
|
||||||
return context.parsedUrl.pathname!.toString();
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
}),
|
}),
|
||||||
|
|
|
@ -590,12 +590,6 @@ export const schema = {
|
||||||
env: 'N8N_SECURITY_AUDIT_DAYS_ABANDONED_WORKFLOW',
|
env: 'N8N_SECURITY_AUDIT_DAYS_ABANDONED_WORKFLOW',
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
excludeEndpoints: {
|
|
||||||
doc: 'Additional endpoints to exclude auth checks. Multiple endpoints can be separated by colon (":")',
|
|
||||||
format: String,
|
|
||||||
default: '',
|
|
||||||
env: 'N8N_AUTH_EXCLUDE_ENDPOINTS',
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
|
|
||||||
endpoints: {
|
endpoints: {
|
||||||
|
|
|
@ -88,10 +88,6 @@ export class InstanceRiskReporter implements RiskReporter {
|
||||||
publicApiEnabled: isApiEnabled(),
|
publicApiEnabled: isApiEnabled(),
|
||||||
};
|
};
|
||||||
|
|
||||||
settings.auth = {
|
|
||||||
authExcludeEndpoints: config.getEnv('security.excludeEndpoints') || 'none',
|
|
||||||
};
|
|
||||||
|
|
||||||
settings.nodes = {
|
settings.nodes = {
|
||||||
nodesExclude: config.getEnv('nodes.exclude') ?? 'none',
|
nodesExclude: config.getEnv('nodes.exclude') ?? 'none',
|
||||||
nodesInclude: config.getEnv('nodes.include') ?? 'none',
|
nodesInclude: config.getEnv('nodes.include') ?? 'none',
|
||||||
|
|
|
@ -252,9 +252,6 @@ test('should report security settings', async () => {
|
||||||
templatesEnabled: true,
|
templatesEnabled: true,
|
||||||
publicApiEnabled: false,
|
publicApiEnabled: false,
|
||||||
},
|
},
|
||||||
auth: {
|
|
||||||
authExcludeEndpoints: 'none',
|
|
||||||
},
|
|
||||||
nodes: { nodesExclude: 'none', nodesInclude: 'none' },
|
nodes: { nodesExclude: 'none', nodesInclude: 'none' },
|
||||||
telemetry: { diagnosticsEnabled: true },
|
telemetry: { diagnosticsEnabled: true },
|
||||||
});
|
});
|
||||||
|
|
Loading…
Reference in a new issue