feat(core): Replace client-oauth2 with an in-repo package (#6056)

Co-authored-by: Marcus <marcus@n8n.io>

packages/@n8n/client-oauth2/src/CodeFlow.ts

@@ -0,0 +1,121 @@
+import * as qs from 'querystring';
+import type { ClientOAuth2, ClientOAuth2Options } from './ClientOAuth2';
+import type { ClientOAuth2Token, ClientOAuth2TokenData } from './ClientOAuth2Token';
+import { DEFAULT_HEADERS, DEFAULT_URL_BASE } from './constants';
+import { auth, expects, getAuthError, getRequestOptions, sanitizeScope } from './utils';
+
+interface CodeFlowBody {
+	code: string | string[];
+	grant_type: 'authorization_code';
+	redirect_uri?: string;
+	client_id?: string;
+}
+
+/**
+ * Support authorization code OAuth 2.0 grant.
+ *
+ * Reference: http://tools.ietf.org/html/rfc6749#section-4.1
+ */
+export class CodeFlow {
+	constructor(private client: ClientOAuth2) {}
+
+	/**
+	 * Generate the uri for doing the first redirect.
+	 */
+	getUri(opts?: ClientOAuth2Options): string {
+		const options = { ...this.client.options, ...opts };
+
+		// Check the required parameters are set.
+		expects(options, 'clientId', 'authorizationUri');
+
+		const query: Record<string, string | undefined> = {
+			client_id: options.clientId,
+			redirect_uri: options.redirectUri,
+			response_type: 'code',
+			state: options.state,
+		};
+		if (options.scopes !== undefined) {
+			query.scope = sanitizeScope(options.scopes);
+		}
+
+		if (options.authorizationUri) {
+			const sep = options.authorizationUri.includes('?') ? '&' : '?';
+			return options.authorizationUri + sep + qs.stringify({ ...query, ...options.query });
+		}
+		throw new TypeError('Missing authorization uri, unable to get redirect uri');
+	}
+
+	/**
+	 * Get the code token from the redirected uri and make another request for
+	 * the user access token.
+	 */
+	async getToken(
+		uri: string | URL,
+		opts?: Partial<ClientOAuth2Options>,
+	): Promise<ClientOAuth2Token> {
+		const options = { ...this.client.options, ...opts };
+
+		expects(options, 'clientId', 'accessTokenUri');
+
+		const url = uri instanceof URL ? uri : new URL(uri, DEFAULT_URL_BASE);
+		if (
+			typeof options.redirectUri === 'string' &&
+			typeof url.pathname === 'string' &&
+			url.pathname !== new URL(options.redirectUri, DEFAULT_URL_BASE).pathname
+		) {
+			throw new TypeError('Redirected path should match configured path, but got: ' + url.pathname);
+		}
+
+		if (!url.search?.substring(1)) {
+			// eslint-disable-next-line @typescript-eslint/restrict-template-expressions
+			throw new TypeError(`Unable to process uri: ${uri.toString()}`);
+		}
+
+		const data =
+			typeof url.search === 'string' ? qs.parse(url.search.substring(1)) : url.search || {};
+
+		// eslint-disable-next-line @typescript-eslint/ban-ts-comment
+		// @ts-ignore
+		const error = getAuthError(data);
+		if (error) throw error;
+
+		if (options.state && data.state !== options.state) {
+			// eslint-disable-next-line @typescript-eslint/restrict-template-expressions
+			throw new TypeError(`Invalid state: ${data.state}`);
+		}
+
+		// Check whether the response code is set.
+		if (!data.code) {
+			throw new TypeError('Missing code, unable to request token');
+		}
+
+		const headers = { ...DEFAULT_HEADERS };
+		const body: CodeFlowBody = {
+			code: data.code,
+			grant_type: 'authorization_code',
+			redirect_uri: options.redirectUri,
+		};
+
+		// `client_id`: REQUIRED, if the client is not authenticating with the
+		// authorization server as described in Section 3.2.1.
+		// Reference: https://tools.ietf.org/html/rfc6749#section-3.2.1
+		if (options.clientSecret) {
+			headers.Authorization = auth(options.clientId, options.clientSecret);
+		} else {
+			body.client_id = options.clientId;
+		}
+
+		const requestOptions = getRequestOptions(
+			{
+				url: options.accessTokenUri,
+				method: 'POST',
+				headers,
+				body,
+			},
+			options,
+		);
+
+		const responseData = await this.client.request<ClientOAuth2TokenData>(requestOptions);
+		return this.client.createToken(responseData);
+	}
+}