refactor(core): Cache workflow ownership (#6738)
* refactor: Set up ownership service * refactor: Specify cache keys and values * refactor: Replace util with service calls * test: Mock service in tests * refactor: Use dependency injection * test: Write tests * refactor: Apply feedback from Omar and Micha * test: Fix tests * test: Fix missing spot * refactor: Return user entity from cache * refactor: More dependency injection!
This commit is contained in:
Iván Ovejero
GitHub
@@ -9,9 +9,11 @@ import { In } from 'typeorm';
|
||||
import * as Db from '@/Db';
|
||||
import config from '@/config';
|
||||
import type { SharedCredentials } from '@db/entities/SharedCredentials';
|
||||
import { getRoleId, getWorkflowOwner, isSharingEnabled } from './UserManagementHelper';
|
||||
import { getRoleId, isSharingEnabled } from './UserManagementHelper';
|
||||
import { WorkflowsService } from '@/workflows/workflows.services';
|
||||
import { UserService } from '@/user/user.service';
|
||||
import { OwnershipService } from '@/services/ownership.service';
|
||||
import Container from 'typedi';
|
||||
|
||||
export class PermissionChecker {
|
||||
/**
|
||||
@@ -101,7 +103,9 @@ export class PermissionChecker {
|
||||
policy = 'workflowsFromSameOwner';
|
||||
}
|
||||
|
||||
const subworkflowOwner = await getWorkflowOwner(subworkflow.id);
|
||||
const subworkflowOwner = await Container.get(OwnershipService).getWorkflowOwnerCached(
|
||||
subworkflow.id,
|
||||
);
|
||||
|
||||
const errorToThrow = new SubworkflowOperationError(
|
||||
`Target workflow ID ${subworkflow.id ?? ''} may not be called`,
|
||||
|
||||
@@ -14,17 +14,6 @@ import { License } from '@/License';
|
||||
import { getWebhookBaseUrl } from '@/WebhookHelpers';
|
||||
import type { PostHogClient } from '@/posthog';
|
||||
|
||||
export async function getWorkflowOwner(workflowId: string): Promise<User> {
|
||||
const workflowOwnerRole = await Container.get(RoleRepository).findWorkflowOwnerRole();
|
||||
|
||||
const sharedWorkflow = await Db.collections.SharedWorkflow.findOneOrFail({
|
||||
where: { workflowId, roleId: workflowOwnerRole?.id ?? undefined },
|
||||
relations: ['user', 'user.globalRole'],
|
||||
});
|
||||
|
||||
return sharedWorkflow.user;
|
||||
}
|
||||
|
||||
export function isEmailSetUp(): boolean {
|
||||
const smtp = config.getEnv('userManagement.emails.mode') === 'smtp';
|
||||
const host = !!config.getEnv('userManagement.emails.smtp.host');
|
||||
|
||||
@@ -16,10 +16,10 @@ import type {
|
||||
IWorkflowExecutionDataProcess,
|
||||
} from '@/Interfaces';
|
||||
import { WorkflowRunner } from '@/WorkflowRunner';
|
||||
import { getWorkflowOwner } from '@/UserManagement/UserManagementHelper';
|
||||
import { recoverExecutionDataFromEventLogMessages } from './eventbus/MessageEventBus/recoverEvents';
|
||||
import { ExecutionRepository } from '@db/repositories';
|
||||
import type { ExecutionEntity } from '@db/entities/ExecutionEntity';
|
||||
import { OwnershipService } from './services/ownership.service';
|
||||
|
||||
@Service()
|
||||
export class WaitTracker {
|
||||
@@ -32,7 +32,10 @@ export class WaitTracker {
|
||||
|
||||
mainTimer: NodeJS.Timeout;
|
||||
|
||||
constructor(private executionRepository: ExecutionRepository) {
|
||||
constructor(
|
||||
private executionRepository: ExecutionRepository,
|
||||
private ownershipService: OwnershipService,
|
||||
) {
|
||||
// Poll every 60 seconds a list of upcoming executions
|
||||
this.mainTimer = setInterval(() => {
|
||||
void this.getWaitingExecutions();
|
||||
@@ -180,7 +183,8 @@ export class WaitTracker {
|
||||
if (!fullExecutionData.workflowData.id) {
|
||||
throw new Error('Only saved workflows can be resumed.');
|
||||
}
|
||||
const user = await getWorkflowOwner(fullExecutionData.workflowData.id);
|
||||
const workflowId = fullExecutionData.workflowData.id;
|
||||
const user = await this.ownershipService.getWorkflowOwnerCached(workflowId);
|
||||
|
||||
const data: IWorkflowExecutionDataProcess = {
|
||||
executionMode: fullExecutionData.mode,
|
||||
|
||||
@@ -8,14 +8,15 @@ import * as WebhookHelpers from '@/WebhookHelpers';
|
||||
import { NodeTypes } from '@/NodeTypes';
|
||||
import type { IExecutionResponse, IResponseCallbackData, IWorkflowDb } from '@/Interfaces';
|
||||
import * as WorkflowExecuteAdditionalData from '@/WorkflowExecuteAdditionalData';
|
||||
import { getWorkflowOwner } from '@/UserManagement/UserManagementHelper';
|
||||
import { ExecutionRepository } from '@db/repositories';
|
||||
import { OwnershipService } from './services/ownership.service';
|
||||
|
||||
@Service()
|
||||
export class WaitingWebhooks {
|
||||
constructor(
|
||||
private nodeTypes: NodeTypes,
|
||||
private executionRepository: ExecutionRepository,
|
||||
private ownershipService: OwnershipService,
|
||||
) {}
|
||||
|
||||
async executeWebhook(
|
||||
@@ -83,7 +84,7 @@ export class WaitingWebhooks {
|
||||
const { workflowData } = fullExecutionData;
|
||||
|
||||
const workflow = new Workflow({
|
||||
id: workflowData.id!.toString(),
|
||||
id: workflowData.id!,
|
||||
name: workflowData.name,
|
||||
nodes: workflowData.nodes,
|
||||
connections: workflowData.connections,
|
||||
@@ -95,7 +96,7 @@ export class WaitingWebhooks {
|
||||
|
||||
let workflowOwner;
|
||||
try {
|
||||
workflowOwner = await getWorkflowOwner(workflowData.id!.toString());
|
||||
workflowOwner = await this.ownershipService.getWorkflowOwnerCached(workflowData.id!);
|
||||
} catch (error) {
|
||||
throw new ResponseHelper.NotFoundError('Could not find workflow');
|
||||
}
|
||||
|
||||
@@ -58,8 +58,8 @@ import * as WorkflowExecuteAdditionalData from '@/WorkflowExecuteAdditionalData'
|
||||
import { ActiveExecutions } from '@/ActiveExecutions';
|
||||
import type { User } from '@db/entities/User';
|
||||
import type { WorkflowEntity } from '@db/entities/WorkflowEntity';
|
||||
import { getWorkflowOwner } from '@/UserManagement/UserManagementHelper';
|
||||
import { EventsService } from '@/services/events.service';
|
||||
import { OwnershipService } from './services/ownership.service';
|
||||
|
||||
const pipeline = promisify(stream.pipeline);
|
||||
|
||||
@@ -175,7 +175,7 @@ export async function executeWebhook(
|
||||
user = (workflowData as WorkflowEntity).shared[0].user;
|
||||
} else {
|
||||
try {
|
||||
user = await getWorkflowOwner(workflowData.id);
|
||||
user = await Container.get(OwnershipService).getWorkflowOwnerCached(workflowData.id);
|
||||
} catch (error) {
|
||||
throw new ResponseHelper.NotFoundError('Cannot find workflow');
|
||||
}
|
||||
|
||||
@@ -58,7 +58,6 @@ import { NodeTypes } from '@/NodeTypes';
|
||||
import { Push } from '@/push';
|
||||
import * as WebhookHelpers from '@/WebhookHelpers';
|
||||
import * as WorkflowHelpers from '@/WorkflowHelpers';
|
||||
import { getWorkflowOwner } from '@/UserManagement/UserManagementHelper';
|
||||
import { findSubworkflowStart, isWorkflowIdValid } from '@/utils';
|
||||
import { PermissionChecker } from './UserManagement/PermissionChecker';
|
||||
import { WorkflowsService } from './workflows/workflows.services';
|
||||
@@ -66,6 +65,7 @@ import { InternalHooks } from '@/InternalHooks';
|
||||
import type { ExecutionMetadata } from '@db/entities/ExecutionMetadata';
|
||||
import { ExecutionRepository } from '@db/repositories';
|
||||
import { EventsService } from '@/services/events.service';
|
||||
import { OwnershipService } from './services/ownership.service';
|
||||
|
||||
const ERROR_TRIGGER_TYPE = config.getEnv('nodes.errorTriggerType');
|
||||
|
||||
@@ -146,7 +146,9 @@ export function executeErrorWorkflow(
|
||||
// make sure there are no possible security gaps
|
||||
return;
|
||||
}
|
||||
getWorkflowOwner(workflowId)
|
||||
|
||||
Container.get(OwnershipService)
|
||||
.getWorkflowOwnerCached(workflowId)
|
||||
.then((user) => {
|
||||
void WorkflowHelpers.executeErrorWorkflow(errorWorkflow, workflowErrorData, user);
|
||||
})
|
||||
@@ -169,9 +171,11 @@ export function executeErrorWorkflow(
|
||||
workflowData.nodes.some((node) => node.type === ERROR_TRIGGER_TYPE)
|
||||
) {
|
||||
Logger.verbose('Start internal error workflow', { executionId, workflowId });
|
||||
void getWorkflowOwner(workflowId).then((user) => {
|
||||
void WorkflowHelpers.executeErrorWorkflow(workflowId, workflowErrorData, user);
|
||||
});
|
||||
void Container.get(OwnershipService)
|
||||
.getWorkflowOwnerCached(workflowId)
|
||||
.then((user) => {
|
||||
void WorkflowHelpers.executeErrorWorkflow(workflowId, workflowErrorData, user);
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -18,11 +18,11 @@ import { PermissionChecker } from '@/UserManagement/PermissionChecker';
|
||||
import config from '@/config';
|
||||
import type { Job, JobId, JobQueue, JobResponse, WebhookResponse } from '@/Queue';
|
||||
import { Queue } from '@/Queue';
|
||||
import { getWorkflowOwner } from '@/UserManagement/UserManagementHelper';
|
||||
import { generateFailedExecutionFromError } from '@/WorkflowHelpers';
|
||||
import { N8N_VERSION } from '@/constants';
|
||||
import { BaseCommand } from './BaseCommand';
|
||||
import { ExecutionRepository } from '@db/repositories';
|
||||
import { OwnershipService } from '@/services/ownership.service';
|
||||
|
||||
export class Worker extends BaseCommand {
|
||||
static description = '\nStarts a n8n worker';
|
||||
@@ -112,7 +112,7 @@ export class Worker extends BaseCommand {
|
||||
`Start job: ${job.id} (Workflow ID: ${workflowId} | Execution: ${executionId})`,
|
||||
);
|
||||
|
||||
const workflowOwner = await getWorkflowOwner(workflowId);
|
||||
const workflowOwner = await Container.get(OwnershipService).getWorkflowOwnerCached(workflowId);
|
||||
|
||||
let { staticData } = fullExecutionData.workflowData;
|
||||
if (loadStaticData) {
|
||||
|
||||
@@ -9,6 +9,10 @@ import { LoggerProxy, jsonStringify } from 'n8n-workflow';
|
||||
|
||||
@Service()
|
||||
export class CacheService {
|
||||
/**
|
||||
* Keys and values:
|
||||
* - `'cache:workflow-owner:${workflowId}'`: `User`
|
||||
*/
|
||||
private cache: RedisCache | MemoryCache | undefined;
|
||||
|
||||
async init() {
|
||||
|
||||
@@ -1,15 +1,18 @@
|
||||
import { EventEmitter } from 'events';
|
||||
import { Service } from 'typedi';
|
||||
import Container, { Service } from 'typedi';
|
||||
import type { INode, IRun, IWorkflowBase } from 'n8n-workflow';
|
||||
import { LoggerProxy } from 'n8n-workflow';
|
||||
import { StatisticsNames } from '@db/entities/WorkflowStatistics';
|
||||
import { WorkflowStatisticsRepository } from '@db/repositories';
|
||||
import { getWorkflowOwner } from '@/UserManagement/UserManagementHelper';
|
||||
import { UserService } from '@/user/user.service';
|
||||
import { OwnershipService } from './ownership.service';
|
||||
|
||||
@Service()
|
||||
export class EventsService extends EventEmitter {
|
||||
constructor(private repository: WorkflowStatisticsRepository) {
|
||||
constructor(
|
||||
private repository: WorkflowStatisticsRepository,
|
||||
private ownershipService: OwnershipService,
|
||||
) {
|
||||
super({ captureRejections: true });
|
||||
if ('SKIP_STATISTICS_EVENTS' in process.env) return;
|
||||
|
||||
@@ -41,7 +44,7 @@ export class EventsService extends EventEmitter {
|
||||
const upsertResult = await this.repository.upsertWorkflowStatistics(name, workflowId);
|
||||
|
||||
if (name === 'production_success' && upsertResult === 'insert') {
|
||||
const owner = await getWorkflowOwner(workflowId);
|
||||
const owner = await Container.get(OwnershipService).getWorkflowOwnerCached(workflowId);
|
||||
const metrics = {
|
||||
user_id: owner.id,
|
||||
workflow_id: workflowId,
|
||||
@@ -72,7 +75,7 @@ export class EventsService extends EventEmitter {
|
||||
if (insertResult === 'failed') return;
|
||||
|
||||
// Compile the metrics since this was a new data loaded event
|
||||
const owner = await getWorkflowOwner(workflowId);
|
||||
const owner = await this.ownershipService.getWorkflowOwnerCached(workflowId);
|
||||
|
||||
let metrics = {
|
||||
user_id: owner.id,
|
||||
|
||||
36
packages/cli/src/services/ownership.service.ts
Normal file
36
packages/cli/src/services/ownership.service.ts
Normal file
@@ -0,0 +1,36 @@
|
||||
import { Service } from 'typedi';
|
||||
import { CacheService } from './cache.service';
|
||||
import { RoleRepository, SharedWorkflowRepository, UserRepository } from '@/databases/repositories';
|
||||
import type { User } from '@/databases/entities/User';
|
||||
|
||||
@Service()
|
||||
export class OwnershipService {
|
||||
constructor(
|
||||
private cacheService: CacheService,
|
||||
private userRepository: UserRepository,
|
||||
private roleRepository: RoleRepository,
|
||||
private sharedWorkflowRepository: SharedWorkflowRepository,
|
||||
) {}
|
||||
|
||||
/**
|
||||
* Retrieve the user who owns the workflow. Note that workflow ownership is **immutable**.
|
||||
*/
|
||||
async getWorkflowOwnerCached(workflowId: string) {
|
||||
const cachedValue = await this.cacheService.get<User>(`cache:workflow-owner:${workflowId}`);
|
||||
|
||||
if (cachedValue) return this.userRepository.create(cachedValue);
|
||||
|
||||
const workflowOwnerRole = await this.roleRepository.findWorkflowOwnerRole();
|
||||
|
||||
if (!workflowOwnerRole) throw new Error('Failed to find workflow owner role');
|
||||
|
||||
const sharedWorkflow = await this.sharedWorkflowRepository.findOneOrFail({
|
||||
where: { workflowId, roleId: workflowOwnerRole.id },
|
||||
relations: ['user', 'user.globalRole'],
|
||||
});
|
||||
|
||||
void this.cacheService.set(`cache:workflow-owner:${workflowId}`, sharedWorkflow.user);
|
||||
|
||||
return sharedWorkflow.user;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user