admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-17 10:02:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Add option to restrict credential usage in http request node (#17583)

Browse Source
This commit is contained in:
Jon
2025-08-28 17:35:14 +01:00
committed by GitHub
parent 93e08d8735
commit f7f70f241e
10 changed files with 585 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
packages/nodes-base/nodes/HttpRequest/V1/HttpRequestV1.node.ts
View File

@@ -8,6 +8,7 @@ import type {
JsonObject,
IHttpRequestMethods,
IRequestOptions,
ICredentialDataDecryptedObject,
} from 'n8n-workflow';
import {
NodeApiError,
@@ -15,6 +16,7 @@ import {
sleep,
removeCircularRefs,
NodeConnectionTypes,
isDomainAllowed,
} from 'n8n-workflow';
import type { Readable } from 'stream';
@@ -676,6 +678,51 @@ export class HttpRequestV1 implements INodeType {
const options = this.getNodeParameter('options', itemIndex, {});
const url = this.getNodeParameter('url', itemIndex) as string;
if (!url.startsWith('http://') && !url.startsWith('https://')) {
throw new NodeOperationError(
this.getNode(),
`Invalid URL: ${url}. URL must start with "http" or "https".`,
);
}
const checkDomainRestrictions = async (
credentialData: ICredentialDataDecryptedObject,
url: string,
credentialType?: string,
) => {
if (credentialData.allowedHttpRequestDomains === 'domains') {
const allowedDomains = credentialData.allowedDomains as string;
if (!allowedDomains || allowedDomains.trim() === '') {
throw new NodeOperationError(
this.getNode(),
'No allowed domains specified. Configure allowed domains or change restriction setting.',
);
}
if (!isDomainAllowed(url, { allowedDomains })) {
const credentialInfo = credentialType ? ` (${credentialType})` : '';
throw new NodeOperationError(
this.getNode(),
`Domain not allowed: This credential${credentialInfo} is restricted from accessing ${url}. ` +
`Only the following domains are allowed: ${allowedDomains}`,
);
}
} else if (credentialData.allowedHttpRequestDomains === 'none') {
throw new NodeOperationError(
this.getNode(),
'This credential is configured to prevent use within an HTTP Request node',
);
}
};
if (httpBasicAuth) await checkDomainRestrictions(httpBasicAuth, url);
if (httpDigestAuth) await checkDomainRestrictions(httpDigestAuth, url);
if (httpHeaderAuth) await checkDomainRestrictions(httpHeaderAuth, url);
if (httpQueryAuth) await checkDomainRestrictions(httpQueryAuth, url);
if (oAuth1Api) await checkDomainRestrictions(oAuth1Api, url);
if (oAuth2Api) await checkDomainRestrictions(oAuth2Api, url);
if (
itemIndex > 0 &&
(options.batchSize as number) >= 0 &&