mudhorn/n8n
1
0
Fork 0
mirror of https://github.com/n8n-io/n8n.git synced 2024-09-20 23:07:32 -07:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
n8n/packages/nodes-base/nodes/Aws/Textract/GenericFunctions.ts
Basit Ali ce79e6b74f
feat(All AWS Nodes): Enable support for AWS temporary credentials (#2587) 
* Enable support for AWS temporary credentials

* 🔨 removed toggle from ui added sessionToken to other aws services that using sign function from aws4 module

* Update sign method for other AWS nodes

* Remove the unneeded additional `temporaryCredentials` checkbox

* Update description for session token

*  added missing session token to credentials test

* Update sign method for DynamoDB

* 🔨 added back toggle for hiding session token, fixed linter errors

*  wording fix

Co-authored-by: Michael Kret <michael.k@radency.com>
2022-04-22 16:33:09 +02:00

165 lines
5.2 KiB
TypeScript
Raw Blame History

import {
URL,
} from 'url';
import {
Request,
sign,
} from 'aws4';
import {
OptionsWithUri,
} from 'request';
import {
parseString,
} from 'xml2js';
import {
IExecuteFunctions,
IHookFunctions,
ILoadOptionsFunctions,
IWebhookFunctions,
} from 'n8n-core';
import {
ICredentialDataDecryptedObject,
ICredentialTestFunctions,
NodeApiError,
NodeOperationError,
} from 'n8n-workflow';
function getEndpointForService(service: string, credentials: ICredentialDataDecryptedObject): string {
let endpoint;
if (service === 'lambda' && credentials.lambdaEndpoint) {
endpoint = credentials.lambdaEndpoint;
} else if (service === 'sns' && credentials.snsEndpoint) {
endpoint = credentials.snsEndpoint;
} else {
endpoint = `https://${service}.${credentials.region}.amazonaws.com`;
}
return (endpoint as string).replace('{region}', credentials.region as string);
}
export async function awsApiRequest(this: IHookFunctions | IExecuteFunctions | ILoadOptionsFunctions | IWebhookFunctions, service: string, method: string, path: string, body?: string, headers?: object): Promise<any> { // tslint:disable-line:no-any
const credentials = await this.getCredentials('aws');
// Concatenate path and instantiate URL object so it parses correctly query strings
const endpoint = new URL(getEndpointForService(service, credentials) + path);
// Sign AWS API request with the user credentials
const signOpts = { headers: headers || {}, host: endpoint.host, method, path, body } as Request;
const securityHeaders = {
accessKeyId: `${credentials.accessKeyId}`.trim(),
secretAccessKey: `${credentials.secretAccessKey}`.trim(),
sessionToken: credentials.temporaryCredentials ? `${credentials.sessionToken}`.trim() : undefined,
};
sign(signOpts, securityHeaders);
const options: OptionsWithUri = {
headers: signOpts.headers,
method,
uri: endpoint.href,
body: signOpts.body,
};
try {
return await this.helpers.request!(options);
} catch (error) {
if (error?.response?.data || error?.response?.body) {
const errorMessage = error?.response?.data || error?.response?.body;
if (errorMessage.includes('AccessDeniedException')) {
const user = JSON.parse(errorMessage).Message.split(' ')[1];
throw new NodeApiError(this.getNode(), error, {
message: 'Unauthorized — please check your AWS policy configuration',
description: `Make sure an identity-based policy allows user ${user} to perform textract:AnalyzeExpense` });
}
}
throw new NodeApiError(this.getNode(), error); // no XML parsing needed
}
}
export async function awsApiRequestREST(this: IHookFunctions | IExecuteFunctions | ILoadOptionsFunctions, service: string, method: string, path: string, body?: string, headers?: object): Promise<any> { // tslint:disable-line:no-any
const response = await awsApiRequest.call(this, service, method, path, body, headers);
try {
return JSON.parse(response);
} catch (error) {
return response;
}
}
export async function awsApiRequestSOAP(this: IHookFunctions | IExecuteFunctions | ILoadOptionsFunctions | IWebhookFunctions, service: string, method: string, path: string, body?: string, headers?: object): Promise<any> { // tslint:disable-line:no-any
const response = await awsApiRequest.call(this, service, method, path, body, headers);
try {
return await new Promise((resolve, reject) => {
parseString(response, { explicitArray: false }, (err, data) => {
if (err) {
return reject(err);
}
resolve(data);
});
});
} catch (error) {
return response;
}
}
export function simplify(data: IExpenseDocument) {
const result: { [key: string]: string } = {};
for (const document of data.ExpenseDocuments) {
for (const field of document.SummaryFields) {
result[field?.Type?.Text || field?.LabelDetection?.Text] = field.ValueDetection.Text;
}
}
return result;
}
export interface IExpenseDocument {
ExpenseDocuments: [
{
SummaryFields: [
{
LabelDetection: { Text: string },
ValueDetection: { Text: string },
Type: { Text: string }
}]
}];
}
export async function validateCrendetials(this: ICredentialTestFunctions, decryptedCredentials: ICredentialDataDecryptedObject, service: string): Promise<any> { // tslint:disable-line:no-any
const credentials = decryptedCredentials;
// Concatenate path and instantiate URL object so it parses correctly query strings
const endpoint = new URL(getEndpointForService(service, credentials) + `?Action=GetCallerIdentity&Version=2011-06-15`);
// Sign AWS API request with the user credentials
const signOpts = { host: endpoint.host, method: 'POST', path: '?Action=GetCallerIdentity&Version=2011-06-15' } as Request;
const securityHeaders = {
accessKeyId: `${credentials.accessKeyId}`.trim(),
secretAccessKey: `${credentials.secretAccessKey}`.trim(),
sessionToken: credentials.temporaryCredentials ? `${credentials.sessionToken}`.trim() : undefined,
};
sign(signOpts, securityHeaders);
const options: OptionsWithUri = {
headers: signOpts.headers,
method: 'POST',
uri: endpoint.href,
body: signOpts.body,
};
const response = await this.helpers.request!(options);
return await new Promise((resolve, reject) => {
parseString(response, { explicitArray: false }, (err, data) => {
if (err) {
return reject(err);
}
resolve(data);
});
});
}
Reference in a new issue View git blame Copy permalink