✨ Nodes as JSON and authentication redesign (#2401)

* ✨ change FE to handle new object type

* 🚸 improve UX of handling invalid credentials

* 🚧 WIP

* 🎨 fix typescript issues

* 🐘 add migrations for all supported dbs

* ✏️ add description to migrations

* ⚡ add credential update on import

* ⚡ resolve after merge issues

* 👕 fix lint issues

* ⚡ check credentials on workflow create/update

* update interface

* 👕 fix ts issues

* ⚡ adaption to new credentials UI

* 🐛 intialize cache on BE for credentials check

* 🐛 fix undefined oldCredentials

* 🐛 fix deleting credential

* 🐛 fix check for undefined keys

* 🐛 fix disabling edit in execution

* 🎨 just show credential name on execution view

* ✏️  remove TODO

* ⚡ implement review suggestions

* ⚡ add cache to getCredentialsByType

* ⏪ use getter instead of cache

* ✏️ fix variable name typo

* 🐘 include waiting nodes to migrations

* 🐛 fix reverting migrations command

* ⚡ update typeorm command

* ✨ create db:revert command

* 👕 fix lint error

* ✨ Add optional authenticate method to credentials

* ⚡ Simplify code and add authentication support to MattermostApi

* 👕 Fix lint issue

* ⚡ Add support to own-mode

* 👕 Fix lint issue

* ✨ Add support for predefined auth types bearer and headerAuth

* ⚡ Make sure that DateTime Node always returns strings

* ⚡ Add support for moment types to If Node

* ⚡ Make it possible for HTTP Request Node to use all credential types

* ✨ Add basicAuth support

* Add a new dropcontact node

* ✨ First basic implementation of mainly JSON based nodes

* ✨ Add fixedCollection support, added value parameter and
expression support for value and property

* Improvements to #2389

* ⚡ Add credentials verification

* ⚡ Small improvement

* ⚡ set default time to 45 seconds

* ✨ Add support for preSend and postReceive methods

* ➕ Add lodash merge and set depedency to workflow

* 👕 Fix lint issue

* ⚡ Improvements

* ⚡ Improvements

* ⚡ Improvements

* ⚡ Improvements

* ⚡ Improvements

* 🐛 Set siren and language correctly

* ⚡ Add support for requestDefaults

* ⚡ Add support for baseURL to httpRequest

* ⚡ Move baseURL to correct location

* ✨ Add support for options loading

* 🐛 Fix error with fullAccess nodes

* ✨ Add credential test functionality

* 🐛 Fix issue with OAuth autentication and lint issue

* ⚡ Fix build issue

* 🐛 Fix issue that url got always overwritten to empty

* ✨ Add pagination support

* ⚡ Code fix required after merge

* ⚡ Remove not needed imports

* ⚡ Fix credential test

* ✨ Add expression support for request properties and $self
support on properties

* ⚡ Rename $self to $value

* 👕 Fix lint issue

* ⚡ Add example how to send data in path

* ✨ Make it possible to not sent in dot notation

* ✨ Add support for postReceive:rootProperty

* ⚡ Fix typo

* ✨ Add support for postReceive:set

* ⚡ Some fixes

* ⚡ Small improvement

* ;zap: Separate RoutingNode code

* ⚡ Simplify code and fix bug

* ⚡ Remove unused code

* ✨ Make it possible to define "request" and "requestProperty" on
options

* 👕 Fix lint issue

* ⚡ Change $credentials variables name

* ✨ Enable expressions and access to credentials in requestDefaults

* ⚡ Make parameter option loading use RoutingNode.makeRoutingRequest

* ✨ Allow requestOperations overwrite on LoadOptions

* ✨ Make it possible to access current node parameters in loadOptions

* ⚡ Rename parameters variable to make future proof

* ⚡ Make it possible to use offset-pagination with body

* ✨ Add support for queryAuth

* ⚡ Never return more items than requested

* ✨ Make it possible to overwrite requestOperations on parameter
and option level

* 👕 Fix lint issue

* ✨ Allow simplified auth also with regular nodes

* ✨ Add support for receiving binary data

* 🐛 Fix example node

* ⚡ Rename property "name" to "displayName" in loadOptions

* ⚡ Send data by default as "query" if nothing is set

* ⚡ Rename $self to $parent

* ⚡ Change to work with INodeExecutionData instead of IDataObject

* ⚡ Improve binaryData handling

* ⚡ Property design improvements

* ⚡ Fix property name

* 🚨 Add some tests

* ⚡ Add also test for request

* ⚡ Improve test and fix issues

* ⚡ Improvements to loadOptions

* ⚡ Normalize loadOptions with rest of code

* ⚡ Add info text

* ✨ Add support for $value in postReceive

* 🚨 Add tests for RoutingNode.runNode

* ⚡ Remove TODOs and make url property optional

* ⚡ Fix bug and lint issue

* 🐛 Fix bug that not the correct property got used

* 🚨 Add tests for CredentialsHelper.authenticate

* ⚡ Improve code and resolve expressions also everywhere for
loadOptions and credential test requests

* ✨ Make it possible to define multiple preSend and postReceive
actions

* ✨ Allow to define tests on credentials

* ⚡ Remove test data

* ⬆️ Update package-lock.json file

* ⚡ Remove old not longer used code

Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
Co-authored-by: Mutasem <mutdmour@gmail.com>
Co-authored-by: PaulineDropcontact <pauline@dropcontact.io>
Co-authored-by: ricardo <ricardoespinoza105@gmail.com>

packages/cli/src/CredentialsHelper.ts

@@ -1,42 +1,217 @@
-import { Credentials } from 'n8n-core';
+/* eslint-disable no-restricted-syntax */
+/* eslint-disable @typescript-eslint/no-unsafe-member-access */
+/* eslint-disable @typescript-eslint/no-unsafe-assignment */
+/* eslint-disable @typescript-eslint/no-unsafe-return */
+/* eslint-disable @typescript-eslint/no-unsafe-call */
+
+import { Credentials, NodeExecuteFunctions } from 'n8n-core';
+
+import { NodeVersionedType } from 'n8n-nodes-base';
 
 import {
 	ICredentialDataDecryptedObject,
+	ICredentialsDecrypted,
 	ICredentialsExpressionResolveValues,
 	ICredentialsHelper,
+	ICredentialTestFunction,
+	ICredentialTestRequestData,
+	IHttpRequestOptions,
 	INode,
 	INodeCredentialsDetails,
+	INodeCredentialTestResult,
+	INodeExecutionData,
 	INodeParameters,
 	INodeProperties,
 	INodeType,
 	INodeTypeData,
 	INodeTypes,
+	INodeVersionedType,
+	IRequestOptionsSimplified,
+	IRunExecutionData,
+	IWorkflowDataProxyAdditionalKeys,
 	NodeHelpers,
+	RoutingNode,
 	Workflow,
 	WorkflowExecuteMode,
+	ITaskDataConnections,
 } from 'n8n-workflow';
 
 // eslint-disable-next-line import/no-cycle
-import { CredentialsOverwrites, CredentialTypes, Db, ICredentialsDb } from '.';
+import {
+	CredentialsOverwrites,
+	CredentialTypes,
+	Db,
+	ICredentialsDb,
+	NodeTypes,
+	WorkflowExecuteAdditionalData,
+} from '.';
 
 const mockNodeTypes: INodeTypes = {
-	nodeTypes: {},
+	nodeTypes: {} as INodeTypeData,
 	// eslint-disable-next-line @typescript-eslint/no-unused-vars
 	init: async (nodeTypes?: INodeTypeData): Promise<void> => {},
-	getAll: (): INodeType[] => {
-		// Does not get used in Workflow so no need to return it
-		return [];
+	getAll(): Array<INodeType | INodeVersionedType> {
+		// @ts-ignore
+		return Object.values(this.nodeTypes).map((data) => data.type);
 	},
 	// eslint-disable-next-line @typescript-eslint/no-unused-vars
-	getByName: (nodeType: string): INodeType | undefined => {
-		return undefined;
+	getByName(nodeType: string): INodeType | INodeVersionedType | undefined {
+		if (this.nodeTypes[nodeType] === undefined) {
+			return undefined;
+		}
+		return this.nodeTypes[nodeType].type;
 	},
-	getByNameAndVersion: (): INodeType | undefined => {
-		return undefined;
+	getByNameAndVersion(nodeType: string, version?: number): INodeType | undefined {
+		if (this.nodeTypes[nodeType] === undefined) {
+			return undefined;
+		}
+		return NodeHelpers.getVersionedNodeType(this.nodeTypes[nodeType].type, version);
 	},
 };
 
 export class CredentialsHelper extends ICredentialsHelper {
+	private credentialTypes = CredentialTypes();
+
+	/**
+	 * Add the required authentication information to the request
+	 */
+	async authenticate(
+		credentials: ICredentialDataDecryptedObject,
+		typeName: string,
+		incomingRequestOptions: IHttpRequestOptions | IRequestOptionsSimplified,
+		workflow: Workflow,
+		node: INode,
+	): Promise<IHttpRequestOptions> {
+		const requestOptions = incomingRequestOptions;
+		const credentialType = this.credentialTypes.getByName(typeName);
+
+		if (credentialType.authenticate) {
+			if (typeof credentialType.authenticate === 'function') {
+				// Special authentication function is defined
+
+				// eslint-disable-next-line @typescript-eslint/no-unsafe-call
+				return credentialType.authenticate(credentials, requestOptions as IHttpRequestOptions);
+			}
+
+			if (typeof credentialType.authenticate === 'object') {
+				// Predefined authentication method
+
+				const { authenticate } = credentialType;
+				if (requestOptions.headers === undefined) {
+					requestOptions.headers = {};
+				}
+
+				// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+				if (authenticate.type === 'bearer') {
+					const tokenPropertyName: string =
+						// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+						authenticate.properties.tokenPropertyName ?? 'accessToken';
+					requestOptions.headers.Authorization = `Bearer ${
+						credentials[tokenPropertyName] as string
+					}`;
+					// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+				} else if (authenticate.type === 'basicAuth') {
+					const userPropertyName: string =
+						// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+						authenticate.properties.userPropertyName ?? 'user';
+					const passwordPropertyName: string =
+						// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+						authenticate.properties.passwordPropertyName ?? 'password';
+
+					requestOptions.auth = {
+						username: credentials[userPropertyName] as string,
+						password: credentials[passwordPropertyName] as string,
+					};
+				} else if (authenticate.type === 'headerAuth') {
+					const key = this.resolveValue(
+						// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+						authenticate.properties.name,
+						{ $credentials: credentials },
+						workflow,
+						node,
+					);
+
+					const value = this.resolveValue(
+						// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+						authenticate.properties.value,
+						{ $credentials: credentials },
+						workflow,
+						node,
+					);
+					requestOptions.headers[key] = value;
+				} else if (authenticate.type === 'queryAuth') {
+					const key = this.resolveValue(
+						// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+						authenticate.properties.key,
+						{ $credentials: credentials },
+						workflow,
+						node,
+					);
+
+					const value = this.resolveValue(
+						// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+						authenticate.properties.value,
+						{ $credentials: credentials },
+						workflow,
+						node,
+					);
+					if (!requestOptions.qs) {
+						requestOptions.qs = {};
+					}
+					requestOptions.qs[key] = value;
+				}
+			}
+		}
+
+		return requestOptions as IHttpRequestOptions;
+	}
+
+	/**
+	 * Resolves the given value in case it is an expression
+	 */
+	resolveValue(
+		parameterValue: string,
+		additionalKeys: IWorkflowDataProxyAdditionalKeys,
+		workflow: Workflow,
+		node: INode,
+	): string {
+		if (parameterValue.charAt(0) !== '=') {
+			return parameterValue;
+		}
+
+		const returnValue = workflow.expression.getSimpleParameterValue(
+			node,
+			parameterValue,
+			'internal',
+			additionalKeys,
+			'',
+		);
+
+		if (!returnValue) {
+			return '';
+		}
+
+		return returnValue.toString();
+	}
+
+	/**
+	 * Returns all parent types of the given credential type
+	 */
+	getParentTypes(typeName: string): string[] {
+		const credentialType = this.credentialTypes.getByName(typeName);
+
+		if (credentialType === undefined || credentialType.extends === undefined) {
+			return [];
+		}
+
+		let types: string[] = [];
+		credentialType.extends.forEach((type: string) => {
+			types = [...types, typeName, ...this.getParentTypes(type)];
+		});
+
+		return types;
+	}
+
 	/**
 	 * Returns the credentials instance
 	 *
@@ -77,8 +252,7 @@ export class CredentialsHelper extends ICredentialsHelper {
 	 * @memberof CredentialsHelper
 	 */
 	getCredentialsProperties(type: string): INodeProperties[] {
-		const credentialTypes = CredentialTypes();
-		const credentialTypeData = credentialTypes.getByName(type);
+		const credentialTypeData = this.credentialTypes.getByName(type);
 
 		if (credentialTypeData === undefined) {
 			throw new Error(`The credentials of type "${type}" are not known.`);
@@ -89,7 +263,6 @@ export class CredentialsHelper extends ICredentialsHelper {
 		}
 
 		const combineProperties = [] as INodeProperties[];
-		// eslint-disable-next-line no-restricted-syntax
 		for (const credentialsTypeName of credentialTypeData.extends) {
 			const mergeCredentialProperties = this.getCredentialsProperties(credentialsTypeName);
 			NodeHelpers.mergeNodeProperties(combineProperties, mergeCredentialProperties);
@@ -260,4 +433,229 @@ export class CredentialsHelper extends ICredentialsHelper {
 		// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
 		await Db.collections.Credentials!.update(findQuery, newCredentialsData);
 	}
+
+	getCredentialTestFunction(
+		credentialType: string,
+		nodeToTestWith?: string,
+	): ICredentialTestFunction | ICredentialTestRequestData | undefined {
+		const nodeTypes = NodeTypes();
+		const allNodes = nodeTypes.getAll();
+
+		// Check all the nodes one by one if they have a test function defined
+		for (let i = 0; i < allNodes.length; i++) {
+			const node = allNodes[i];
+
+			if (nodeToTestWith && node.description.name !== nodeToTestWith) {
+				// eslint-disable-next-line no-continue
+				continue;
+			}
+
+			// Always set to an array even if node is not versioned to not having
+			// to duplicate the logic
+			const allNodeTypes: INodeType[] = [];
+			if (node instanceof NodeVersionedType) {
+				// Node is versioned
+				allNodeTypes.push(...Object.values((node as INodeVersionedType).nodeVersions));
+			} else {
+				// Node is not versioned
+				allNodeTypes.push(node as INodeType);
+			}
+
+			// Check each of the node versions for credential tests
+			for (const nodeType of allNodeTypes) {
+				// Check each of teh credentials
+				for (const credential of nodeType.description.credentials ?? []) {
+					if (credential.name === credentialType && !!credential.testedBy) {
+						if (typeof credential.testedBy === 'string') {
+							// Test is defined as string which links to a functoin
+							// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+							return (node as unknown as INodeType).methods?.credentialTest![credential.testedBy];
+						}
+
+						// Test is defined as JSON with a defintion for the request to make
+						return {
+							nodeType,
+							testRequest: credential.testedBy,
+						};
+					}
+				}
+			}
+		}
+
+		// Check if test is defined on credentials
+		const type = this.credentialTypes.getByName(credentialType);
+		if (type.test) {
+			return {
+				testRequest: type.test,
+			};
+		}
+
+		return undefined;
+	}
+
+	async testCredentials(
+		credentialType: string,
+		credentialsDecrypted: ICredentialsDecrypted,
+		nodeToTestWith?: string,
+	): Promise<INodeCredentialTestResult> {
+		const credentialTestFunction = this.getCredentialTestFunction(credentialType, nodeToTestWith);
+
+		if (credentialTestFunction === undefined) {
+			return Promise.resolve({
+				status: 'Error',
+				message: 'No testing function found for this credential.',
+			});
+		}
+
+		if (typeof credentialTestFunction === 'function') {
+			// The credentials get tested via a function that is defined on the node
+			const credentialTestFunctions = NodeExecuteFunctions.getCredentialTestFunctions();
+			// eslint-disable-next-line @typescript-eslint/no-unsafe-return, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call
+			return credentialTestFunction.call(credentialTestFunctions, credentialsDecrypted);
+		}
+
+		// Credentials get tested via request instructions
+
+		// TODO: Temp worfklows get created at multiple locations (for example also LoadNodeParameterOptions),
+		//       check if some of them are identical enough that it can be combined
+
+		let nodeType: INodeType;
+		if (credentialTestFunction.nodeType) {
+			nodeType = credentialTestFunction.nodeType;
+		} else {
+			const nodeTypes = NodeTypes();
+			nodeType = nodeTypes.getByName('n8n-nodes-base.noOp') as INodeType;
+		}
+
+		const node: INode = {
+			parameters: {},
+			name: 'Temp-Node',
+			type: nodeType.description.name,
+			typeVersion: nodeType.description.version,
+			position: [0, 0],
+		};
+
+		const workflowData = {
+			nodes: [node],
+			connections: {},
+		};
+
+		const nodeTypeCopy: INodeType = {
+			description: {
+				...nodeType.description,
+				credentials: [
+					{
+						name: credentialType,
+						required: true,
+					},
+				],
+				properties: [
+					{
+						displayName: 'Temp',
+						name: 'temp',
+						type: 'string',
+						routing: {
+							request: credentialTestFunction.testRequest.request,
+						},
+						default: '',
+					},
+				],
+			},
+		};
+
+		const nodeTypes: INodeTypes = {
+			...mockNodeTypes,
+			nodeTypes: {
+				[nodeTypeCopy.description.name]: {
+					sourcePath: '',
+					type: nodeTypeCopy,
+				},
+			},
+		};
+
+		const workflow = new Workflow({
+			nodes: workflowData.nodes,
+			connections: workflowData.connections,
+			active: false,
+			nodeTypes,
+		});
+
+		const mode = 'internal';
+		const runIndex = 0;
+		const inputData: ITaskDataConnections = {
+			main: [[{ json: {} }]],
+		};
+		const connectionInputData: INodeExecutionData[] = [];
+		const runExecutionData: IRunExecutionData = {
+			resultData: {
+				runData: {},
+			},
+		};
+
+		const additionalData = await WorkflowExecuteAdditionalData.getBase(node.parameters);
+
+		const routingNode = new RoutingNode(
+			workflow,
+			node,
+			connectionInputData,
+			runExecutionData ?? null,
+			additionalData,
+			mode,
+		);
+
+		try {
+			await routingNode.runNode(
+				inputData,
+				runIndex,
+				nodeTypeCopy,
+				NodeExecuteFunctions,
+				credentialsDecrypted,
+			);
+		} catch (error) {
+			// Do not fail any requests to allow custom error messages and
+			// make logic easier
+			if (error.cause.response) {
+				const errorResponseData = {
+					statusCode: error.cause.response.status,
+					statusMessage: error.cause.response.statusText,
+				};
+
+				if (credentialTestFunction.testRequest.rules) {
+					// Special testing rules are defined so check all in order
+					for (const rule of credentialTestFunction.testRequest.rules) {
+						if (rule.type === 'responseCode') {
+							if (errorResponseData.statusCode === rule.properties.value) {
+								return {
+									status: 'Error',
+									message: rule.properties.message,
+								};
+							}
+						}
+					}
+				}
+
+				if (errorResponseData.statusCode < 199 || errorResponseData.statusCode > 299) {
+					// All requests with response codes that are not 2xx are treated by default as failed
+					return {
+						status: 'Error',
+						message:
+							// eslint-disable-next-line @typescript-eslint/restrict-template-expressions
+							errorResponseData.statusMessage ||
+							// eslint-disable-next-line @typescript-eslint/restrict-template-expressions
+							`Received HTTP status code: ${errorResponseData.statusCode}`,
+					};
+				}
+			}
+
+			return {
+				status: 'Error',
+				message: error.message.toString(),
+			};
+		}
+
+		return {
+			status: 'OK',
+			message: 'Connection successful!',
+		};
+	}
 }