feat(TheHive Node): Overhaul (#6457)

packages/nodes-base/nodes/TheHiveProject/actions/alert/create.operation.ts

@@ -0,0 +1,195 @@
+import type {
+	IDataObject,
+	IExecuteFunctions,
+	INodeExecutionData,
+	INodeProperties,
+} from 'n8n-workflow';
+import { updateDisplayOptions, wrapData } from '@utils/utilities';
+
+import { theHiveApiRequest } from '../../transport';
+
+import set from 'lodash/set';
+
+import FormData from 'form-data';
+import { fixFieldType, prepareInputItem, splitAndTrim } from '../../helpers/utils';
+import { observableTypeOptions } from '../../descriptions';
+
+const properties: INodeProperties[] = [
+	{
+		displayName: 'Fields',
+		name: 'alertFields',
+		type: 'resourceMapper',
+		default: {
+			mappingMode: 'defineBelow',
+			value: null,
+		},
+		noDataExpression: true,
+		required: true,
+		typeOptions: {
+			resourceMapper: {
+				resourceMapperMethod: 'getAlertFields',
+				mode: 'add',
+				valuesLabel: 'Fields',
+			},
+		},
+	},
+	{
+		displayName: 'Observables',
+		name: 'observableUi',
+		type: 'fixedCollection',
+		placeholder: 'Add Observable',
+		default: {},
+		typeOptions: {
+			multipleValues: true,
+		},
+		options: [
+			{
+				displayName: 'Values',
+				name: 'values',
+				values: [
+					observableTypeOptions,
+					{
+						displayName: 'Data',
+						name: 'data',
+						type: 'string',
+						displayOptions: {
+							hide: {
+								dataType: ['file'],
+							},
+						},
+						default: '',
+					},
+					{
+						displayName: 'Binary Property',
+						name: 'binaryProperty',
+						type: 'string',
+						displayOptions: {
+							show: {
+								dataType: ['file'],
+							},
+						},
+						default: 'data',
+					},
+					{
+						displayName: 'Message',
+						name: 'message',
+						type: 'string',
+						default: '',
+					},
+					{
+						displayName: 'Tags',
+						name: 'tags',
+						type: 'string',
+						default: '',
+					},
+				],
+			},
+		],
+	},
+];
+
+const displayOptions = {
+	show: {
+		resource: ['alert'],
+		operation: ['create'],
+	},
+};
+
+export const description = updateDisplayOptions(displayOptions, properties);
+
+export async function execute(
+	this: IExecuteFunctions,
+	i: number,
+	item: INodeExecutionData,
+): Promise<INodeExecutionData[]> {
+	let responseData: IDataObject | IDataObject[] = [];
+	let inputData: IDataObject = {};
+
+	const dataMode = this.getNodeParameter('alertFields.mappingMode', i) as string;
+
+	if (dataMode === 'autoMapInputData') {
+		const schema = this.getNodeParameter('alertFields.schema', i) as IDataObject[];
+		inputData = prepareInputItem(item.json, schema, i);
+	}
+
+	if (dataMode === 'defineBelow') {
+		const alertFields = this.getNodeParameter('alertFields.value', i, []) as IDataObject;
+		inputData = alertFields;
+	}
+
+	inputData = fixFieldType(inputData);
+
+	const body: IDataObject = {};
+
+	for (const field of Object.keys(inputData)) {
+		// use set to construct the updateBody, as it allows to process customFields.fieldName
+		// if customFields provided under customFields property, it will be send as is
+		set(body, field, inputData[field]);
+	}
+
+	let multiPartRequest = false;
+	const formData = new FormData();
+
+	const observableUi = this.getNodeParameter('observableUi', i) as IDataObject;
+	if (observableUi) {
+		const values = observableUi.values as IDataObject[];
+
+		if (values) {
+			const observables = [];
+
+			for (const value of values) {
+				const observable: IDataObject = {};
+
+				observable.dataType = value.dataType as string;
+				observable.message = value.message as string;
+				observable.tags = splitAndTrim(value.tags as string);
+
+				if (value.dataType === 'file') {
+					multiPartRequest = true;
+
+					const attachmentIndex = `attachment${i}`;
+					observable.attachment = attachmentIndex;
+
+					const binaryPropertyName = value.binaryProperty as string;
+					const binaryData = this.helpers.assertBinaryData(i, binaryPropertyName);
+
+					formData.append(attachmentIndex, binaryData.data, {
+						filename: binaryData.fileName,
+						contentType: binaryData.mimeType,
+					});
+				} else {
+					observable.data = value.data as string;
+				}
+
+				observables.push(observable);
+			}
+			body.observables = observables;
+		}
+	}
+
+	if (multiPartRequest) {
+		formData.append('_json', JSON.stringify(body));
+		responseData = await theHiveApiRequest.call(
+			this,
+			'POST',
+			'/v1/alert',
+			undefined,
+			undefined,
+			undefined,
+			{
+				Headers: {
+					'Content-Type': 'multipart/form-data',
+				},
+				formData,
+			},
+		);
+	} else {
+		responseData = await theHiveApiRequest.call(this, 'POST', '/v1/alert' as string, body);
+	}
+
+	const executionData = this.helpers.constructExecutionMetaData(wrapData(responseData), {
+		itemData: { item: i },
+	});
+
+	return executionData;
+}

packages/nodes-base/nodes/TheHiveProject/actions/alert/deleteAlert.operation.ts

@@ -0,0 +1,27 @@
+import type { IExecuteFunctions, INodeExecutionData, INodeProperties } from 'n8n-workflow';
+import { updateDisplayOptions, wrapData } from '@utils/utilities';
+import { theHiveApiRequest } from '../../transport';
+import { alertRLC } from '../../descriptions';
+
+const properties: INodeProperties[] = [alertRLC];
+
+const displayOptions = {
+	show: {
+		resource: ['alert'],
+		operation: ['deleteAlert'],
+	},
+};
+
+export const description = updateDisplayOptions(displayOptions, properties);
+
+export async function execute(this: IExecuteFunctions, i: number): Promise<INodeExecutionData[]> {
+	const alertId = this.getNodeParameter('alertId', i, '', { extractValue: true }) as string;
+
+	await theHiveApiRequest.call(this, 'DELETE', `/v1/alert/${alertId}`);
+
+	const executionData = this.helpers.constructExecutionMetaData(wrapData({ success: true }), {
+		itemData: { item: i },
+	});
+
+	return executionData;
+}

packages/nodes-base/nodes/TheHiveProject/actions/alert/executeResponder.operation.ts

@@ -0,0 +1,76 @@
+import type {
+	IDataObject,
+	IExecuteFunctions,
+	INodeExecutionData,
+	INodeProperties,
+} from 'n8n-workflow';
+import { updateDisplayOptions, wrapData } from '@utils/utilities';
+import { alertRLC, responderOptions } from '../../descriptions';
+import { theHiveApiRequest } from '../../transport';
+
+const properties: INodeProperties[] = [{ ...alertRLC, name: 'id' }, responderOptions];
+
+const displayOptions = {
+	show: {
+		resource: ['alert'],
+		operation: ['executeResponder'],
+	},
+};
+
+export const description = updateDisplayOptions(displayOptions, properties);
+
+export async function execute(this: IExecuteFunctions, i: number): Promise<INodeExecutionData[]> {
+	let responseData: IDataObject | IDataObject[] = [];
+
+	const alertId = this.getNodeParameter('id', i, '', { extractValue: true }) as string;
+	const responderId = this.getNodeParameter('responder', i) as string;
+	let body: IDataObject;
+	let response;
+	responseData = [];
+	body = {
+		responderId,
+		objectId: alertId,
+		objectType: 'alert',
+	};
+	response = await theHiveApiRequest.call(this, 'POST', '/connector/cortex/action' as string, body);
+	body = {
+		query: [
+			{
+				_name: 'listAction',
+			},
+			{
+				_name: 'filter',
+				_and: [
+					{
+						_field: 'cortexId',
+						_value: response.cortexId,
+					},
+					{
+						_field: 'objectId',
+						_value: response.objectId,
+					},
+					{
+						_field: 'startDate',
+						_value: response.startDate,
+					},
+				],
+			},
+		],
+	};
+
+	const qs: IDataObject = {};
+
+	qs.name = 'log-actions';
+
+	do {
+		response = await theHiveApiRequest.call(this, 'POST', '/v1/query', body, qs);
+	} while (response.status === 'Waiting' || response.status === 'InProgress');
+
+	responseData = response;
+
+	const executionData = this.helpers.constructExecutionMetaData(wrapData(responseData), {
+		itemData: { item: i },
+	});
+
+	return executionData;
+}

packages/nodes-base/nodes/TheHiveProject/actions/alert/get.operation.ts

@@ -0,0 +1,98 @@
+import type {
+	IDataObject,
+	IExecuteFunctions,
+	INodeExecutionData,
+	INodeProperties,
+} from 'n8n-workflow';
+import { updateDisplayOptions, wrapData } from '@utils/utilities';
+import { theHiveApiRequest } from '../../transport';
+import { alertRLC } from '../../descriptions';
+
+const properties: INodeProperties[] = [
+	alertRLC,
+	{
+		displayName: 'Options',
+		name: 'options',
+		type: 'collection',
+		placeholder: 'Add Option',
+		default: {},
+		options: [
+			{
+				displayName: 'Include Similar Alerts',
+				name: 'includeSimilarAlerts',
+				type: 'boolean',
+				description: 'Whether to include similar cases',
+				default: false,
+			},
+			{
+				displayName: 'Include Similar Cases',
+				name: 'includeSimilarCases',
+				type: 'boolean',
+				description: 'Whether to include similar cases',
+				default: false,
+			},
+		],
+	},
+];
+
+const displayOptions = {
+	show: {
+		resource: ['alert'],
+		operation: ['get'],
+	},
+};
+
+export const description = updateDisplayOptions(displayOptions, properties);
+
+export async function execute(this: IExecuteFunctions, i: number): Promise<INodeExecutionData[]> {
+	let responseData: IDataObject;
+
+	const alertId = this.getNodeParameter('alertId', i, '', { extractValue: true }) as string;
+	const options = this.getNodeParameter('options', i, {});
+
+	responseData = await theHiveApiRequest.call(this, 'GET', `/v1/alert/${alertId}`);
+
+	if (responseData && options.includeSimilarAlerts) {
+		const similarAlerts = await theHiveApiRequest.call(this, 'POST', '/v1/query', {
+			query: [
+				{
+					_name: 'getAlert',
+					idOrName: alertId,
+				},
+				{
+					_name: 'similarAlerts',
+				},
+			],
+		});
+
+		responseData = {
+			...responseData,
+			similarAlerts,
+		};
+	}
+
+	if (responseData && options.includeSimilarCases) {
+		const similarCases = await theHiveApiRequest.call(this, 'POST', '/v1/query', {
+			query: [
+				{
+					_name: 'getAlert',
+					idOrName: alertId,
+				},
+				{
+					_name: 'similarCases',
+				},
+			],
+		});
+
+		responseData = {
+			...responseData,
+			similarCases,
+		};
+	}
+
+	const executionData = this.helpers.constructExecutionMetaData(wrapData(responseData), {
+		itemData: { item: i },
+	});
+
+	return executionData;
+}

packages/nodes-base/nodes/TheHiveProject/actions/alert/index.ts

@@ -0,0 +1,85 @@
+import type { INodeProperties } from 'n8n-workflow';
+
+import * as create from './create.operation';
+import * as executeResponder from './executeResponder.operation';
+import * as deleteAlert from './deleteAlert.operation';
+import * as get from './get.operation';
+import * as search from './search.operation';
+import * as status from './status.operation';
+import * as merge from './merge.operation';
+import * as promote from './promote.operation';
+import * as update from './update.operation';
+
+export { create, executeResponder, deleteAlert, get, search, status, merge, promote, update };
+
+export const description: INodeProperties[] = [
+	{
+		displayName: 'Operation',
+		name: 'operation',
+		type: 'options',
+		noDataExpression: true,
+		required: true,
+		options: [
+			{
+				name: 'Create',
+				value: 'create',
+				action: 'Create an alert',
+			},
+			{
+				name: 'Delete',
+				value: 'deleteAlert',
+				action: 'Delete an alert',
+			},
+			{
+				name: 'Execute Responder',
+				value: 'executeResponder',
+				action: 'Execute responder on an alert',
+			},
+			{
+				name: 'Get',
+				value: 'get',
+				action: 'Get an alert',
+			},
+			{
+				name: 'Merge Into Case',
+				value: 'merge',
+				action: 'Merge an alert into a case',
+			},
+			{
+				name: 'Promote to Case',
+				value: 'promote',
+				action: 'Promote an alert to a case',
+			},
+			{
+				name: 'Search',
+				value: 'search',
+				action: 'Search alerts',
+			},
+			{
+				name: 'Update',
+				value: 'update',
+				action: 'Update an alert',
+			},
+			{
+				name: 'Update Status',
+				value: 'status',
+				action: 'Update an alert status',
+			},
+		],
+		displayOptions: {
+			show: {
+				resource: ['alert'],
+			},
+		},
+		default: 'create',
+	},
+	...create.description,
+	...deleteAlert.description,
+	...executeResponder.description,
+	...get.description,
+	...search.description,
+	...status.description,
+	...merge.description,
+	...promote.description,
+	...update.description,
+];

packages/nodes-base/nodes/TheHiveProject/actions/alert/merge.operation.ts

@@ -0,0 +1,41 @@
+import type {
+	IDataObject,
+	IExecuteFunctions,
+	INodeExecutionData,
+	INodeProperties,
+} from 'n8n-workflow';
+import { updateDisplayOptions, wrapData } from '@utils/utilities';
+import { theHiveApiRequest } from '../../transport';
+import { alertRLC, caseRLC } from '../../descriptions';
+
+const properties: INodeProperties[] = [alertRLC, caseRLC];
+
+const displayOptions = {
+	show: {
+		resource: ['alert'],
+		operation: ['merge'],
+	},
+};
+
+export const description = updateDisplayOptions(displayOptions, properties);
+
+export async function execute(this: IExecuteFunctions, i: number): Promise<INodeExecutionData[]> {
+	let responseData: IDataObject | IDataObject[] = [];
+
+	const alertId = this.getNodeParameter('alertId', i, '', { extractValue: true }) as string;
+
+	const caseId = this.getNodeParameter('caseId', i, '', { extractValue: true }) as string;
+
+	responseData = await theHiveApiRequest.call(
+		this,
+		'POST',
+		`/alert/${alertId}/merge/${caseId}`,
+		{},
+	);
+
+	const executionData = this.helpers.constructExecutionMetaData(wrapData(responseData), {
+		itemData: { item: i },
+	});
+
+	return executionData;
+}

packages/nodes-base/nodes/TheHiveProject/actions/alert/promote.operation.ts

@@ -0,0 +1,69 @@
+import type {
+	IDataObject,
+	IExecuteFunctions,
+	INodeExecutionData,
+	INodeProperties,
+} from 'n8n-workflow';
+import { updateDisplayOptions, wrapData } from '@utils/utilities';
+import { theHiveApiRequest } from '../../transport';
+import { alertRLC } from '../../descriptions';
+
+const properties: INodeProperties[] = [
+	alertRLC,
+	{
+		displayName: 'Options',
+		name: 'options',
+		placeholder: 'Add Field',
+		type: 'collection',
+		default: {},
+		options: [
+			{
+				displayName: 'Case Template Name or ID',
+				name: 'caseTemplate',
+				type: 'options',
+				description:
+					'Choose from the list, or specify an ID using an <a href="https://docs.n8n.io/code-examples/expressions/">expression</a>',
+				default: '',
+				typeOptions: {
+					loadOptionsMethod: 'loadCaseTemplate',
+				},
+			},
+		],
+	},
+];
+
+const displayOptions = {
+	show: {
+		resource: ['alert'],
+		operation: ['promote'],
+	},
+};
+
+export const description = updateDisplayOptions(displayOptions, properties);
+
+export async function execute(this: IExecuteFunctions, i: number): Promise<INodeExecutionData[]> {
+	let responseData: IDataObject | IDataObject[] = [];
+
+	const alertId = this.getNodeParameter('alertId', i, '', { extractValue: true }) as string;
+	const caseTemplate = this.getNodeParameter('options.caseTemplate', i, '') as string;
+
+	const body: IDataObject = {};
+
+	// await theHiveApiRequest.call(this, 'POST', '/v1/caseTemplate', {
+	// 	name: 'test template 001',
+	// 	displayName: 'Test Template 001',
+	// 	description: 'test',
+	// });
+
+	if (caseTemplate) {
+		body.caseTemplate = caseTemplate;
+	}
+
+	responseData = await theHiveApiRequest.call(this, 'POST', `/v1/alert/${alertId}/case`, body);
+
+	const executionData = this.helpers.constructExecutionMetaData(wrapData(responseData), {
+		itemData: { item: i },
+	});
+
+	return executionData;
+}

packages/nodes-base/nodes/TheHiveProject/actions/alert/search.operation.ts

@@ -0,0 +1,60 @@
+import type {
+	IDataObject,
+	IExecuteFunctions,
+	INodeExecutionData,
+	INodeProperties,
+} from 'n8n-workflow';
+import { updateDisplayOptions, wrapData } from '@utils/utilities';
+import {
+	genericFiltersCollection,
+	returnAllAndLimit,
+	searchOptions,
+	sortCollection,
+} from '../../descriptions';
+import { theHiveApiQuery } from '../../transport';
+
+const properties: INodeProperties[] = [
+	...returnAllAndLimit,
+	genericFiltersCollection,
+	sortCollection,
+	searchOptions,
+];
+
+const displayOptions = {
+	show: {
+		resource: ['alert'],
+		operation: ['search'],
+	},
+};
+
+export const description = updateDisplayOptions(displayOptions, properties);
+
+export async function execute(this: IExecuteFunctions, i: number): Promise<INodeExecutionData[]> {
+	let responseData: IDataObject | IDataObject[] = [];
+
+	const filtersValues = this.getNodeParameter('filters.values', i, []) as IDataObject[];
+	const sortFields = this.getNodeParameter('sort.fields', i, []) as IDataObject[];
+	const returnAll = this.getNodeParameter('returnAll', i);
+	const { returnCount, extraData } = this.getNodeParameter('options', i);
+	let limit;
+
+	if (!returnAll) {
+		limit = this.getNodeParameter('limit', i);
+	}
+
+	responseData = await theHiveApiQuery.call(
+		this,
+		{ query: 'listAlert' },
+		filtersValues,
+		sortFields,
+		limit,
+		returnCount as boolean,
+		extraData as string[],
+	);
+
+	const executionData = this.helpers.constructExecutionMetaData(wrapData(responseData), {
+		itemData: { item: i },
+	});
+
+	return executionData;
+}

packages/nodes-base/nodes/TheHiveProject/actions/alert/status.operation.ts

@@ -0,0 +1,42 @@
+import type { INodeExecutionData, IExecuteFunctions, INodeProperties } from 'n8n-workflow';
+import { updateDisplayOptions, wrapData } from '@utils/utilities';
+import { theHiveApiRequest } from '../../transport';
+import { alertRLC } from '../../descriptions';
+
+const properties: INodeProperties[] = [
+	alertRLC,
+	{
+		displayName: 'Status Name or ID',
+		name: 'status',
+		type: 'options',
+		description:
+			'Choose from the list, or specify an ID using an <a href="https://docs.n8n.io/code-examples/expressions/">expression</a>',
+		default: '',
+		required: true,
+		typeOptions: {
+			loadOptionsMethod: 'loadAlertStatus',
+		},
+	},
+];
+
+const displayOptions = {
+	show: {
+		resource: ['alert'],
+		operation: ['status'],
+	},
+};
+
+export const description = updateDisplayOptions(displayOptions, properties);
+
+export async function execute(this: IExecuteFunctions, i: number): Promise<INodeExecutionData[]> {
+	const alertId = this.getNodeParameter('alertId', i, '', { extractValue: true }) as string;
+	const status = this.getNodeParameter('status', i) as string;
+
+	await theHiveApiRequest.call(this, 'PATCH', `/v1/alert/${alertId}`, { status });
+
+	const executionData = this.helpers.constructExecutionMetaData(wrapData({ success: true }), {
+		itemData: { item: i },
+	});
+
+	return executionData;
+}

packages/nodes-base/nodes/TheHiveProject/actions/alert/update.operation.ts

@@ -0,0 +1,151 @@
+import type {
+	IDataObject,
+	IExecuteFunctions,
+	INodeExecutionData,
+	INodeProperties,
+} from 'n8n-workflow';
+import { NodeOperationError } from 'n8n-workflow';
+import { updateDisplayOptions, wrapData } from '@utils/utilities';
+
+import { theHiveApiRequest } from '../../transport';
+import { fixFieldType, prepareInputItem } from '../../helpers/utils';
+import set from 'lodash/set';
+
+const properties: INodeProperties[] = [
+	{
+		displayName: 'Fields',
+		name: 'alertUpdateFields',
+		type: 'resourceMapper',
+		default: {
+			mappingMode: 'defineBelow',
+			value: null,
+		},
+		noDataExpression: true,
+		required: true,
+		typeOptions: {
+			resourceMapper: {
+				resourceMapperMethod: 'getAlertUpdateFields',
+				mode: 'update',
+				valuesLabel: 'Fields',
+				addAllFields: true,
+				multiKeyMatch: true,
+			},
+		},
+	},
+];
+
+const displayOptions = {
+	show: {
+		resource: ['alert'],
+		operation: ['update'],
+	},
+};
+
+export const description = updateDisplayOptions(displayOptions, properties);
+
+export async function execute(
+	this: IExecuteFunctions,
+	i: number,
+	item: INodeExecutionData,
+): Promise<INodeExecutionData[]> {
+	let body: IDataObject = {};
+	let updated = 1;
+
+	const dataMode = this.getNodeParameter('alertUpdateFields.mappingMode', i) as string;
+
+	if (dataMode === 'autoMapInputData') {
+		const schema = this.getNodeParameter('alertUpdateFields.schema', i) as IDataObject[];
+		body = prepareInputItem(item.json, schema, i);
+	}
+
+	if (dataMode === 'defineBelow') {
+		const alertUpdateFields = this.getNodeParameter(
+			'alertUpdateFields.value',
+			i,
+			[],
+		) as IDataObject;
+		body = alertUpdateFields;
+	}
+
+	body = fixFieldType(body);
+
+	const fieldsToMatchOn = this.getNodeParameter('alertUpdateFields.matchingColumns', i) as string[];
+
+	const updateBody: IDataObject = {};
+	const matchFields: IDataObject = {};
+	const { id } = body; // id would be used if matching on id, also we need to remove it from the body
+
+	for (const field of Object.keys(body)) {
+		if (field === 'customFields') {
+			//in input data customFields sent as an object, parse it extracting customFields that are used for matching
+			const customFields: IDataObject = {};
+			for (const customField of Object.keys(body.customFields || {})) {
+				const combinedPath = `customFields.${customField}`;
+				if (fieldsToMatchOn.includes(combinedPath)) {
+					matchFields[combinedPath] = (body.customFields as IDataObject)[customField];
+				} else {
+					customFields[customField] = (body.customFields as IDataObject)[customField];
+				}
+			}
+			set(updateBody, 'customFields', customFields);
+			continue;
+		}
+		if (fieldsToMatchOn.includes(field)) {
+			// if field is in fieldsToMatchOn, we need to exclude it from the updateBody, as values used for matching should not be updated
+			matchFields[field] = body[field];
+		} else {
+			// use set to construct the updateBody, as it allows to process customFields.fieldName
+			// if customFields provided under customFields property, it will be send as is
+			set(updateBody, field, body[field]);
+		}
+	}
+
+	if (fieldsToMatchOn.includes('id')) {
+		await theHiveApiRequest.call(this, 'PATCH', `/v1/alert/${id}`, body);
+	} else {
+		const filter = {
+			_name: 'filter',
+			_and: fieldsToMatchOn.map((field) => ({
+				_eq: {
+					_field: field,
+					_value: matchFields[field],
+				},
+			})),
+		};
+
+		const queryBody = {
+			query: [
+				{
+					_name: 'listAlert',
+				},
+				filter,
+			],
+		};
+
+		const matches = (await theHiveApiRequest.call(
+			this,
+			'POST',
+			'/v1/query',
+			queryBody,
+		)) as IDataObject[];
+
+		if (!matches.length) {
+			throw new NodeOperationError(this.getNode(), 'No matching alerts found');
+		}
+		const ids = matches.map((match) => match._id);
+		updated = ids.length;
+
+		updateBody.ids = ids;
+
+		await theHiveApiRequest.call(this, 'PATCH', '/v1/alert/_bulk', updateBody);
+	}
+
+	const executionData = this.helpers.constructExecutionMetaData(
+		wrapData({ success: true, updatedAlerts: updated }),
+		{
+			itemData: { item: i },
+		},
+	);
+
+	return executionData;
+}