feat(n8n Form Trigger Node): Improvements (#10092)

Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <netroy@users.noreply.github.com>
Co-authored-by: Shireen Missi <94372015+ShireenMissi@users.noreply.github.com>

packages/nodes-base/nodes/Webhook/utils.ts

@@ -1,5 +1,14 @@
 import { NodeConnectionType, NodeOperationError } from 'n8n-workflow';
-import type { IWebhookFunctions, INodeExecutionData, IDataObject } from 'n8n-workflow';
+import type {
+	IWebhookFunctions,
+	INodeExecutionData,
+	IDataObject,
+	ICredentialDataDecryptedObject,
+} from 'n8n-workflow';
+import { WebhookAuthorizationError } from './error';
+import basicAuth from 'basic-auth';
+import jwt from 'jsonwebtoken';
+import { formatPrivateKey } from '../../utils/utilities';
 
 type WebhookParameters = {
 	httpMethod: string;
@@ -167,3 +176,96 @@ export const checkResponseModeConfiguration = (context: IWebhookFunctions) => {
 		);
 	}
 };
+
+export async function validateWebhookAuthentication(
+	ctx: IWebhookFunctions,
+	authPropertyName: string,
+) {
+	const authentication = ctx.getNodeParameter(authPropertyName) as string;
+	if (authentication === 'none') return;
+
+	const req = ctx.getRequestObject();
+	const headers = ctx.getHeaderData();
+
+	if (authentication === 'basicAuth') {
+		// Basic authorization is needed to call webhook
+		let expectedAuth: ICredentialDataDecryptedObject | undefined;
+		try {
+			expectedAuth = await ctx.getCredentials('httpBasicAuth');
+		} catch {}
+
+		if (expectedAuth === undefined || !expectedAuth.user || !expectedAuth.password) {
+			// Data is not defined on node so can not authenticate
+			throw new WebhookAuthorizationError(500, 'No authentication data defined on node!');
+		}
+
+		const providedAuth = basicAuth(req);
+		// Authorization data is missing
+		if (!providedAuth) throw new WebhookAuthorizationError(401);
+
+		if (providedAuth.name !== expectedAuth.user || providedAuth.pass !== expectedAuth.password) {
+			// Provided authentication data is wrong
+			throw new WebhookAuthorizationError(403);
+		}
+	} else if (authentication === 'headerAuth') {
+		// Special header with value is needed to call webhook
+		let expectedAuth: ICredentialDataDecryptedObject | undefined;
+		try {
+			expectedAuth = await ctx.getCredentials('httpHeaderAuth');
+		} catch {}
+
+		if (expectedAuth === undefined || !expectedAuth.name || !expectedAuth.value) {
+			// Data is not defined on node so can not authenticate
+			throw new WebhookAuthorizationError(500, 'No authentication data defined on node!');
+		}
+		const headerName = (expectedAuth.name as string).toLowerCase();
+		const expectedValue = expectedAuth.value as string;
+
+		if (
+			!headers.hasOwnProperty(headerName) ||
+			(headers as IDataObject)[headerName] !== expectedValue
+		) {
+			// Provided authentication data is wrong
+			throw new WebhookAuthorizationError(403);
+		}
+	} else if (authentication === 'jwtAuth') {
+		let expectedAuth;
+
+		try {
+			expectedAuth = (await ctx.getCredentials('jwtAuth')) as {
+				keyType: 'passphrase' | 'pemKey';
+				publicKey: string;
+				secret: string;
+				algorithm: jwt.Algorithm;
+			};
+		} catch {}
+
+		if (expectedAuth === undefined) {
+			// Data is not defined on node so can not authenticate
+			throw new WebhookAuthorizationError(500, 'No authentication data defined on node!');
+		}
+
+		const authHeader = req.headers.authorization;
+		const token = authHeader?.split(' ')[1];
+
+		if (!token) {
+			throw new WebhookAuthorizationError(401, 'No token provided');
+		}
+
+		let secretOrPublicKey;
+
+		if (expectedAuth.keyType === 'passphrase') {
+			secretOrPublicKey = expectedAuth.secret;
+		} else {
+			secretOrPublicKey = formatPrivateKey(expectedAuth.publicKey, true);
+		}
+
+		try {
+			return jwt.verify(token, secretOrPublicKey, {
+				algorithms: [expectedAuth.algorithm],
+			}) as IDataObject;
+		} catch (error) {
+			throw new WebhookAuthorizationError(403, error.message);
+		}
+	}
+}