mirror of
https://github.com/n8n-io/n8n.git
synced 2024-11-13 16:14:07 -08:00
166 lines
3.8 KiB
TypeScript
166 lines
3.8 KiB
TypeScript
import type {
|
|
ICredentialDataDecryptedObject,
|
|
ICredentialType,
|
|
IHttpRequestOptions,
|
|
INodeProperties,
|
|
} from 'n8n-workflow';
|
|
|
|
import moment from 'moment-timezone';
|
|
|
|
import jwt from 'jsonwebtoken';
|
|
|
|
import type { AxiosRequestConfig } from 'axios';
|
|
|
|
import axios from 'axios';
|
|
|
|
export class GoogleApi implements ICredentialType {
|
|
name = 'googleApi';
|
|
|
|
displayName = 'Google Service Account API';
|
|
|
|
documentationUrl = 'google/service-account';
|
|
|
|
icon = 'file:Google.svg';
|
|
|
|
properties: INodeProperties[] = [
|
|
{
|
|
displayName: 'Service Account Email',
|
|
name: 'email',
|
|
type: 'string',
|
|
placeholder: 'name@email.com',
|
|
default: '',
|
|
description: 'The Google Service account similar to user-808@project.iam.gserviceaccount.com',
|
|
required: true,
|
|
},
|
|
{
|
|
displayName: 'Private Key',
|
|
name: 'privateKey',
|
|
type: 'string',
|
|
default: '',
|
|
placeholder:
|
|
'-----BEGIN PRIVATE KEY-----\nXIYEvQIBADANBg<...>0IhA7TMoGYPQc=\n-----END PRIVATE KEY-----\n',
|
|
description:
|
|
'Enter the private key located in the JSON file downloaded from Google Cloud Console',
|
|
required: true,
|
|
typeOptions: {
|
|
password: true,
|
|
},
|
|
},
|
|
{
|
|
displayName: 'Impersonate a User',
|
|
name: 'inpersonate',
|
|
type: 'boolean',
|
|
default: false,
|
|
},
|
|
{
|
|
displayName: 'Email',
|
|
name: 'delegatedEmail',
|
|
type: 'string',
|
|
default: '',
|
|
displayOptions: {
|
|
show: {
|
|
inpersonate: [true],
|
|
},
|
|
},
|
|
description:
|
|
'The email address of the user for which the application is requesting delegated access',
|
|
},
|
|
{
|
|
displayName: 'Set up for use in HTTP Request node',
|
|
name: 'httpNode',
|
|
type: 'boolean',
|
|
default: false,
|
|
},
|
|
{
|
|
displayName:
|
|
"When using the HTTP Request node, you must specify the scopes you want to send. In other nodes, they're added automatically",
|
|
name: 'httpWarning',
|
|
type: 'notice',
|
|
default: '',
|
|
displayOptions: {
|
|
show: {
|
|
httpNode: [true],
|
|
},
|
|
},
|
|
},
|
|
{
|
|
displayName: 'Scope(s)',
|
|
name: 'scopes',
|
|
type: 'string',
|
|
default: '',
|
|
description:
|
|
'You can find the scopes for services <a href="https://developers.google.com/identity/protocols/oauth2/scopes" target="_blank">here</a>',
|
|
displayOptions: {
|
|
show: {
|
|
httpNode: [true],
|
|
},
|
|
},
|
|
},
|
|
];
|
|
|
|
async authenticate(
|
|
credentials: ICredentialDataDecryptedObject,
|
|
requestOptions: IHttpRequestOptions,
|
|
): Promise<IHttpRequestOptions> {
|
|
if (!credentials.httpNode) return requestOptions;
|
|
|
|
const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n').trim();
|
|
const credentialsScopes = (credentials.scopes as string).replace(/\\n/g, '\n').trim();
|
|
credentials.email = (credentials.email as string).trim();
|
|
|
|
const regex = /[,\s\n]+/;
|
|
const scopes = credentialsScopes
|
|
.split(regex)
|
|
.filter((scope) => scope)
|
|
.join(' ');
|
|
|
|
const now = moment().unix();
|
|
|
|
const signature = jwt.sign(
|
|
{
|
|
iss: credentials.email,
|
|
sub: credentials.delegatedEmail || credentials.email,
|
|
scope: scopes,
|
|
aud: 'https://oauth2.googleapis.com/token',
|
|
iat: now,
|
|
exp: now + 3600,
|
|
},
|
|
privateKey,
|
|
{
|
|
algorithm: 'RS256',
|
|
header: {
|
|
kid: privateKey,
|
|
typ: 'JWT',
|
|
alg: 'RS256',
|
|
},
|
|
},
|
|
);
|
|
|
|
const axiosRequestConfig: AxiosRequestConfig = {
|
|
headers: {
|
|
'Content-Type': 'application/x-www-form-urlencoded',
|
|
},
|
|
method: 'POST',
|
|
data: new URLSearchParams({
|
|
grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
|
|
assertion: signature,
|
|
}).toString(),
|
|
url: 'https://oauth2.googleapis.com/token',
|
|
};
|
|
|
|
const result = await axios(axiosRequestConfig);
|
|
|
|
const { access_token } = result.data;
|
|
|
|
const requestOptionsWithAuth: IHttpRequestOptions = {
|
|
...requestOptions,
|
|
headers: {
|
|
...requestOptions.headers,
|
|
Authorization: `Bearer ${access_token}`,
|
|
},
|
|
};
|
|
|
|
return requestOptionsWithAuth;
|
|
}
|
|
}
|