refactor(core): Make workflow services injectable (no-changelog) (#8033)

Refactor static workflow service classes into DI-compatible classes Context: https://n8nio.slack.com/archives/C069HS026UF/p1702466571648889 Up next: - Inject dependencies into workflow services - Consolidate workflow controllers into one - Make workflow controller injectable - Inject dependencies into workflow controller --------- Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in>
2025-12-18 10:31:15 +00:00 · 2023-12-15 12:59:56 +01:00
parent 2da15d0264
commit 1e7a309e63
13 changed files with 125 additions and 80 deletions
--- a/packages/cli/src/workflows/workflow.service.ee.ts
+++ b/packages/cli/src/workflows/workflow.service.ee.ts
@@ -0,0 +1,199 @@
+import type { DeleteResult, EntityManager } from 'typeorm';
+import { In, Not } from 'typeorm';
+import * as WorkflowHelpers from '@/WorkflowHelpers';
+import { SharedWorkflow } from '@db/entities/SharedWorkflow';
+import type { User } from '@db/entities/User';
+import { WorkflowEntity } from '@db/entities/WorkflowEntity';
+import { UserService } from '@/services/user.service';
+import { WorkflowService } from './workflow.service';
+import type {
+	CredentialUsedByWorkflow,
+	WorkflowWithSharingsAndCredentials,
+} from './workflows.types';
+import { CredentialsService } from '@/credentials/credentials.service';
+import { ApplicationError, NodeOperationError } from 'n8n-workflow';
+import { RoleService } from '@/services/role.service';
+import Container, { Service } from 'typedi';
+import type { CredentialsEntity } from '@db/entities/CredentialsEntity';
+import { SharedWorkflowRepository } from '@db/repositories/sharedWorkflow.repository';
+import { BadRequestError } from '@/errors/response-errors/bad-request.error';
+import { NotFoundError } from '@/errors/response-errors/not-found.error';
+
+@Service()
+export class EnterpriseWorkflowService extends WorkflowService {
+	async isOwned(
+		user: User,
+		workflowId: string,
+	): Promise<{ ownsWorkflow: boolean; workflow?: WorkflowEntity }> {
+		const sharing = await this.getSharing(user, workflowId, { allowGlobalScope: false }, [
+			'workflow',
+			'role',
+		]);
+
+		if (!sharing || sharing.role.name !== 'owner') return { ownsWorkflow: false };
+
+		const { workflow } = sharing;
+
+		return { ownsWorkflow: true, workflow };
+	}
+
+	async getSharings(
+		transaction: EntityManager,
+		workflowId: string,
+		relations = ['shared'],
+	): Promise<SharedWorkflow[]> {
+		const workflow = await transaction.findOne(WorkflowEntity, {
+			where: { id: workflowId },
+			relations,
+		});
+		return workflow?.shared ?? [];
+	}
+
+	async pruneSharings(
+		transaction: EntityManager,
+		workflowId: string,
+		userIds: string[],
+	): Promise<DeleteResult> {
+		return transaction.delete(SharedWorkflow, {
+			workflowId,
+			userId: Not(In(userIds)),
+		});
+	}
+
+	async share(
+		transaction: EntityManager,
+		workflow: WorkflowEntity,
+		shareWithIds: string[],
+	): Promise<SharedWorkflow[]> {
+		const users = await Container.get(UserService).getByIds(transaction, shareWithIds);
+		const role = await Container.get(RoleService).findWorkflowEditorRole();
+
+		const newSharedWorkflows = users.reduce<SharedWorkflow[]>((acc, user) => {
+			if (user.isPending) {
+				return acc;
+			}
+			const entity: Partial<SharedWorkflow> = {
+				workflowId: workflow.id,
+				userId: user.id,
+				roleId: role?.id,
+			};
+			acc.push(Container.get(SharedWorkflowRepository).create(entity));
+			return acc;
+		}, []);
+
+		return transaction.save(newSharedWorkflows);
+	}
+
+	addOwnerAndSharings(workflow: WorkflowWithSharingsAndCredentials): void {
+		workflow.ownedBy = null;
+		workflow.sharedWith = [];
+		if (!workflow.usedCredentials) {
+			workflow.usedCredentials = [];
+		}
+
+		workflow.shared?.forEach(({ user, role }) => {
+			const { id, email, firstName, lastName } = user;
+
+			if (role.name === 'owner') {
+				workflow.ownedBy = { id, email, firstName, lastName };
+				return;
+			}
+
+			workflow.sharedWith?.push({ id, email, firstName, lastName });
+		});
+
+		delete workflow.shared;
+	}
+
+	async addCredentialsToWorkflow(
+		workflow: WorkflowWithSharingsAndCredentials,
+		currentUser: User,
+	): Promise<void> {
+		workflow.usedCredentials = [];
+		const userCredentials = await CredentialsService.getMany(currentUser, { onlyOwn: true });
+		const credentialIdsUsedByWorkflow = new Set<string>();
+		workflow.nodes.forEach((node) => {
+			if (!node.credentials) {
+				return;
+			}
+			Object.keys(node.credentials).forEach((credentialType) => {
+				const credential = node.credentials?.[credentialType];
+				if (!credential?.id) {
+					return;
+				}
+				credentialIdsUsedByWorkflow.add(credential.id);
+			});
+		});
+		const workflowCredentials = await CredentialsService.getManyByIds(
+			Array.from(credentialIdsUsedByWorkflow),
+			{ withSharings: true },
+		);
+		const userCredentialIds = userCredentials.map((credential) => credential.id);
+		workflowCredentials.forEach((credential) => {
+			const credentialId = credential.id;
+			const workflowCredential: CredentialUsedByWorkflow = {
+				id: credentialId,
+				name: credential.name,
+				type: credential.type,
+				currentUserHasAccess: userCredentialIds.includes(credentialId),
+				sharedWith: [],
+				ownedBy: null,
+			};
+			credential.shared?.forEach(({ user, role }) => {
+				const { id, email, firstName, lastName } = user;
+				if (role.name === 'owner') {
+					workflowCredential.ownedBy = { id, email, firstName, lastName };
+				} else {
+					workflowCredential.sharedWith?.push({ id, email, firstName, lastName });
+				}
+			});
+			workflow.usedCredentials?.push(workflowCredential);
+		});
+	}
+
+	validateCredentialPermissionsToUser(
+		workflow: WorkflowEntity,
+		allowedCredentials: CredentialsEntity[],
+	) {
+		workflow.nodes.forEach((node) => {
+			if (!node.credentials) {
+				return;
+			}
+			Object.keys(node.credentials).forEach((credentialType) => {
+				const credentialId = node.credentials?.[credentialType].id;
+				if (credentialId === undefined) return;
+				const matchedCredential = allowedCredentials.find(({ id }) => id === credentialId);
+				if (!matchedCredential) {
+					throw new ApplicationError(
+						'The workflow contains credentials that you do not have access to',
+					);
+				}
+			});
+		});
+	}
+
+	async preventTampering(workflow: WorkflowEntity, workflowId: string, user: User) {
+		const previousVersion = await this.get({ id: workflowId });
+
+		if (!previousVersion) {
+			throw new NotFoundError('Workflow not found');
+		}
+
+		const allCredentials = await CredentialsService.getMany(user);
+
+		try {
+			return WorkflowHelpers.validateWorkflowCredentialUsage(
+				workflow,
+				previousVersion,
+				allCredentials,
+			);
+		} catch (error) {
+			if (error instanceof NodeOperationError) {
+				throw new BadRequestError(error.message);
+			}
+			throw new BadRequestError(
+				'Invalid workflow credentials - make sure you have access to all credentials and try again.',
+			);
+		}
+	}
+}