feat(core): Add MFA (#4767)

https://linear.app/n8n/issue/ADO-947/sync-branch-with-master-and-fix-fe-e2e-tets --------- Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in>
2023-08-23 22:59:16 -04:00
parent a01c3fbc19
commit 2b7ba6fdf1
61 changed files with 2301 additions and 105 deletions
--- a/packages/cli/src/Server.ts
+++ b/packages/cli/src/Server.ts
@@ -88,6 +88,7 @@ import {
 	AuthController,
 	LdapController,
 	MeController,
+	MFAController,
 	NodesController,
 	NodeTypesController,
 	OwnerController,
@@ -167,6 +168,9 @@ import { SourceControlService } from '@/environments/sourceControl/sourceControl
 import { SourceControlController } from '@/environments/sourceControl/sourceControl.controller.ee';
 import { ExecutionRepository } from '@db/repositories';
 import type { ExecutionEntity } from '@db/entities/ExecutionEntity';
+import { TOTPService } from './Mfa/totp.service';
+import { MfaService } from './Mfa/mfa.service';
+import { handleMfaDisable, isMfaFeatureEnabled } from './Mfa/helpers';

 const exec = promisify(callbackExec);

@@ -313,6 +317,9 @@ export class Server extends AbstractServer {
 				showNonProdBanner: false,
 				debugInEditor: false,
 			},
+			mfa: {
+				enabled: false,
+			},
 			hideUsagePage: config.getEnv('hideUsagePage'),
 			license: {
 				environment: config.getEnv('license.tenantId') === 1 ? 'production' : 'staging',
@@ -471,6 +478,9 @@ export class Server extends AbstractServer {
 		if (config.get('nodes.packagesMissing').length > 0) {
 			this.frontendSettings.missingPackages = true;
 		}
+
+		this.frontendSettings.mfa.enabled = isMfaFeatureEnabled();
+
 		return this.frontendSettings;
 	}

@@ -479,31 +489,19 @@ export class Server extends AbstractServer {
 		const repositories = Db.collections;
 		setupAuthMiddlewares(app, ignoredEndpoints, this.restEndpoint);

+		const encryptionKey = await UserSettings.getEncryptionKey();
+
 		const logger = LoggerProxy;
 		const internalHooks = Container.get(InternalHooks);
 		const mailer = Container.get(UserManagementMailer);
 		const postHog = this.postHog;
+		const mfaService = new MfaService(repositories.User, new TOTPService(), encryptionKey);

 		const controllers: object[] = [
 			new EventBusController(),
-			new AuthController({
-				config,
-				internalHooks,
-				repositories,
-				logger,
-				postHog,
-			}),
-			new OwnerController({
-				config,
-				internalHooks,
-				repositories,
-				logger,
-			}),
-			new MeController({
-				externalHooks,
-				internalHooks,
-				logger,
-			}),
+			new AuthController({ config, internalHooks, logger, postHog, mfaService }),
+			new OwnerController({ config, internalHooks, repositories, logger, postHog }),
+			new MeController({ externalHooks, internalHooks, logger }),
 			new NodeTypesController({ config, nodeTypes }),
 			new PasswordResetController({
 				config,
@@ -511,6 +509,7 @@ export class Server extends AbstractServer {
 				internalHooks,
 				mailer,
 				logger,
+				mfaService,
 			}),
 			Container.get(TagsController),
 			new TranslationController(config, this.credentialTypes),
@@ -546,6 +545,10 @@ export class Server extends AbstractServer {
 			controllers.push(Container.get(E2EController));
 		}

+		if (isMfaFeatureEnabled()) {
+			controllers.push(new MFAController(mfaService));
+		}
+
 		controllers.forEach((controller) => registerController(app, config, controller));
 	}

@@ -623,6 +626,8 @@ export class Server extends AbstractServer {

 		await handleLdapInit();

+		await handleMfaDisable();
+
 		await this.registerControllers(ignoredEndpoints);

 		this.app.use(`/${this.restEndpoint}/credentials`, credentialsController);