feat: Add n8n Public API (#3064)

* ✨ Inicial setup

* ⚡ Add authentication handler

* ⚡ Add GET /users route

* ⚡ Improvements

* 👕 Fix linting issues

* ⚡ Add GET /users/:identifier endpoint

* ⚡ Add POST /users endpoint

* ⚡ Add DELETE /users/:identifier endpoint

* ⚡ Return error using express native functions

* 👕 Fix linting issue

* ⚡ Possibility to add custom middleware

* ⚡ Refactor POST /users

* ⚡ Refactor DELETE /users

* ⚡ Improve cleaning function

* ⚡ Refactor GET /users and /users/:identifier

* ⚡ Add API spec to route

* ⚡ Add raw option to response helper

* 🐛 Fix issue adding custom middleware

* ⚡ Enable includeRole parameter in GET /users/:identifier

* ⚡ Fix linting issues after merge

* ⚡ Add missing config variable

* ⚡ General improvements

⚡ asasas

* ⚡ Add POST /users tests

* Debug public API tests

* Fix both sets of tests

* ⚡ Improvements

* ⚡ Load api versions dynamically

* ⚡ Add endpoints to UM to create/delete an API Key

* ⚡ Add index to apiKey column

* 👕 Fix linting issue

* ⚡ Clean open api spec

* ⚡ Improvements

* ⚡ Skip tests

* 🐛 Fix bug with test

* ⚡ Fix issue with the open api spec

* ⚡ Fix merge issue

* ⚡ Move token enpoints from /users to /me

* ⚡ Apply feedback to openapi.yml

* ⚡ Improvements to api-key endpoints

* 🐛 Fix test to suport API dynamic loading

* ⚡ Expose swagger ui in GET /{version}/docs

* ⚡ Allow to disable public api via env variable

* ⚡ Change handlers structure

* 🚧 WIP create credential, delete credential complete

* 🐛 fix route for creating api key

* ⚡ return api key of authenticated user

* ⚡ Expose public api activation to the settings

* ⬆️ Update package-lock.json file

* ⚡ Add execution resource

* ⚡ Fix linting issues

* 🛠 conditional public api endpoints excluding

* ⚡️ create credential complete

* ✨ Added n8n-card component. Added spacing utility classes.

* ♻️ Made use of n8n-card in existing components.

* ✨ Added api key setup view.

* ✨ Added api keys get/create/delete actions.

* ✨ Added public api permissions handling.

* ♻️ Temporarily disabling card tests.

* ♻️ Changed translations. Storing api key only in component.

* ✨ Added utilities storybook entry

* ♻️ Changed default value for generic copy input.

* 🧹 clean up createCredential

* ⚡ Add workflow resource to openapi spec

* 🐛 Fix naming with env variable

* ⚡ Allow multifile openapi spec

* ⚡ Add POST /workflows/:workflowId/activate

* fix up view, fix issues

* remove delete api key modal

* remove unused prop

* clean up store api

* remove getter

* remove unused dispatch

* fix component size to match

* use existing components

* match figma closely

* fix bug when um is disabled in sidebar

* set copy input color

* remove unused import

* ⚡ Remove css path

* ⚡ Add POST /workflows/:workflowId/desactivate

* ⚡ Add POST /workflows

* Revert "⚡ Remove css path"

a3d0a71

* attempt to fix docker image issue

* revert dockerfile test

* disable public api

* disable api differently

* Revert "disable api differently"

b70e294

* Revert "disable public api"

886e516

* remove unused box

* ⚡ PUT /workflows/:workflowId

* ⚡ Refactor workflow endpoints

* ⚡ Refactor executions endpoints

* ⚡ Fix typo

* ✅ add credentials tests

* ✅ adjust users tests

* update text

* add try it out link

* ⚡ Add delete, getAll and get to the workflow resource

* address spacing comments

* ⚡️ apply correct structure

* ⚡ Add missing test to user resource and fix some issues

* ⚡ Add workflow tests

* ⚡ Add missing workflow tests and fix some issues

* ⚡ Executions tests

* ⚡ finish execution tests

* ⚡ Validate credentials data depending on type

* ⚡️ implement review comments

* 👕 fix lint issues

* ⚡ Add apiKey to sanatizeUser

* ⚡ Fix issues with spec and tests

* ⚡ Add new structure

* ⚡ Validate credentials type and properties

* ⚡ Make all endpoints except /users independent on UM

* ⚡ Add instance base path to swagger UI

* ⚡ Remove testing endpoints

* ⚡ Fix issue with openapi tags

* ⚡ Add endpoint GET /credentialTypes/:id/schema

* 🐛 Fix issue adding json middleware to public api

* ⚡ Add API playground path to FE

* ⚡ Add telemetry and external hooks

* 🐛 Fix issue with user tests

* ⚡ Move /credentialTypes under /credentials

* ⚡ Add test to GET /credentials/schema/:id

* 🛠 refactor schema naming

* ⚡ Add DB migrations
asas

* ✅ add tests for crd apiKey

* ✨ Added API View telemetry events.

* ⚡ Remove rsync from the building process as it is missing on alpine base image

* ⚡ add missing BE telemetry events

* 🐛 Fix credential tests

* ⚡ address outstanding feedback

* 🔨 Remove move:openapi script

* ⬆️ update dependency

* ⬆️ update package-lock.json

* 👕 Fix linting issue

* 🐛 Fix package.json issue

* 🐛 fix migrations and tests

* 🐛 fix typos + naming

* 🚧 WIP fixing tests

* ⚡ Add json schema validation

* ⚡ Add missing fields to node schema

* ⚡ Add limit max upper limit

* ⚡ Rename id paths

* 🐛 Fix tests

* Add package-lock.jsonto custom dockerfile

* ⬆️ Update package-lock.json

* 🐛 Fix issue with build

* ✏️ add beta label to api view

* 🔥 Remove user endpoints

* ⚡ Add schema examples to GET /credentials/schema/:id

* 🔥 Remove user endpoints tests

* 🐛 Fix tests

* 🎨 adapt points from design review

* 🔥 remove unnecessary text-align

* ⚡️ update UI

* 🐛 Fix issue with executions filter

* ⚡ Add tags filter to GET /workflows

* ⚡ Add missing error messages

* ✅ add and update public api tests

* ✅ add tests for owner activiating/deactivating non-owned wfs

* 🧪 add tests for filter for tags

* 🧪 add tests for more filter params

* 🐛 fix inclusion of tags

* 🛠 enhance readability

* ⚡️ small refactorings

* 💄 improving readability/naming

* ⚡ Set API latest version dinamically

* Add comments to toJsonSchema function

* ⚡ Fix issue

* ⚡ Make execution data usable

* ⚡ Fix validation issue

* ⚡ Rename data field and change parameter and options

* 🐛 Fix issue parameter "detailsFieldFormat" not resolving correctly

* Skip executions tests

* skip workflow failing test

* Rename details property to data

* ⚡ Add includeData parameter

* 🐛 Fix issue with openapi spec

* 🐛 Fix linting issue

* ⚡ Fix execution schema

Co-authored-by: Iván Ovejero <ivov.src@gmail.com>
Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
Co-authored-by: Alex Grozav <alex@grozav.com>
Co-authored-by: Mutasem <mutdmour@gmail.com>
Co-authored-by: Jan Oberhauser <jan.oberhauser@gmail.com>

packages/cli/config/schema.ts

@@ -582,6 +582,21 @@ export const schema = {
 		},
 	},
 
+	publicApi: {
+		disabled: {
+			format: Boolean,
+			default: false,
+			env: 'N8N_PUBLIC_API_DISABLED',
+			doc: 'Whether to disable the Public API',
+		},
+		path: {
+			format: String,
+			default: 'api',
+			env: 'N8N_PUBLIC_API_ENDPOINT',
+			doc: 'Path for the public api endpoints',
+		},
+	},
+
 	workflowTagsDisabled: {
 		format: Boolean,
 		default: false,

packages/cli/package.json

@@ -20,7 +20,7 @@
   },
   "scripts": {
     "build": "run-script-os",
-    "build:default": "tsc && cp -r ./src/UserManagement/email/templates ./dist/src/UserManagement/email",
+    "build:default": "tsc && cp -r ./src/UserManagement/email/templates ./dist/src/UserManagement/email && cp ./src/PublicApi/swaggerTheme.css ./dist/src/PublicApi/swaggerTheme.css; find ./src/PublicApi -iname 'openapi.yml' -exec swagger-cli bundle {} --type yaml --outfile \"./dist\"/{} \\;",
     "build:windows": "tsc && xcopy /E /I src\\UserManagement\\email\\templates dist\\src\\UserManagement\\email\\templates",
     "dev": "concurrently -k -n \"TypeScript,Node\" -c \"yellow.bold,cyan.bold\" \"npm run watch\" \"nodemon\"",
     "format": "cd ../.. && node_modules/prettier/bin-prettier.js packages/cli/**/**.ts --write",
@@ -37,7 +37,7 @@
     "test:postgres:alt-schema": "export DB_POSTGRESDB_SCHEMA=alt_schema; npm run test:postgres",
     "test:mysql": "export N8N_LOG_LEVEL=silent; export DB_TYPE=mysqldb; jest",
     "watch": "tsc --watch",
-    "typeorm": "ts-node ../../node_modules/typeorm/cli.js"
+    "typeorm": "ts-node -T ../../node_modules/typeorm/cli.js"
   },
   "bin": {
     "n8n": "./bin/n8n"
@@ -72,8 +72,7 @@
     "@types/express": "^4.17.6",
     "@types/jest": "^27.4.0",
     "@types/localtunnel": "^1.9.0",
-    "@types/lodash.get": "^4.4.6",
-    "@types/lodash.merge": "^4.6.6",
+    "@types/lodash": "^4.14.182",
     "@types/node": "14.17.27",
     "@types/open": "^6.1.0",
     "@types/parseurl": "^1.3.1",
@@ -95,11 +94,14 @@
     "typescript": "~4.6.0"
   },
   "dependencies": {
+    "@apidevtools/swagger-cli": "4.0.0",
     "@oclif/command": "^1.5.18",
     "@oclif/errors": "^1.2.2",
     "@rudderstack/rudder-sdk-node": "1.0.6",
     "@types/json-diff": "^0.5.1",
     "@types/jsonwebtoken": "^8.5.2",
+    "@types/swagger-ui-express": "^4.1.3",
+    "@types/yamljs": "^0.2.31",
     "basic-auth": "^2.0.1",
     "bcryptjs": "^2.4.3",
     "body-parser": "^1.18.3",
@@ -117,16 +119,17 @@
     "csrf": "^3.1.0",
     "dotenv": "^8.0.0",
     "express": "^4.16.4",
+    "express-openapi-validator": "^4.13.6",
     "fast-glob": "^3.2.5",
     "flatted": "^3.2.4",
     "google-timezones-json": "^1.0.2",
     "inquirer": "^7.0.1",
     "json-diff": "^0.5.4",
+    "jsonschema": "^1.4.1",
     "jsonwebtoken": "^8.5.1",
     "jwks-rsa": "~1.12.1",
     "localtunnel": "^2.0.0",
-    "lodash.get": "^4.4.2",
-    "lodash.merge": "^4.6.2",
+    "lodash": "^4.17.21",
     "mysql2": "~2.3.0",
     "n8n-core": "~0.120.0",
     "n8n-editor-ui": "~0.146.0",
@@ -135,6 +138,7 @@
     "nodemailer": "^6.7.1",
     "oauth-1.0a": "^2.2.6",
     "open": "^7.0.0",
+    "openapi-types": "^10.0.0",
     "p-cancelable": "^2.0.0",
     "passport": "^0.5.0",
     "passport-cookie": "^1.0.9",
@@ -144,10 +148,12 @@
     "request-promise-native": "^1.0.7",
     "sqlite3": "^5.0.2",
     "sse-channel": "^3.1.1",
+    "swagger-ui-express": "^4.3.0",
     "tslib": "1.14.1",
     "typeorm": "0.2.30",
     "uuid": "^8.3.0",
     "validator": "13.7.0",
-    "winston": "^3.3.3"
+    "winston": "^3.3.3",
+    "yamljs": "^0.3.0"
   }
 }

packages/cli/src/Interfaces.ts

@@ -178,6 +178,8 @@ export interface ICredentialsDecryptedResponse extends ICredentialsDecryptedDb {
 export type DatabaseType = 'mariadb' | 'postgresdb' | 'mysqldb' | 'sqlite';
 export type SaveExecutionDataType = 'all' | 'none';
 
+export type ExecutionDataFieldFormat = 'empty' | 'flattened' | 'json';
+
 export interface IExecutionBase {
 	id?: number | string;
 	mode: WorkflowExecuteMode;
@@ -229,6 +231,19 @@ export interface IExecutionFlattedResponse extends IExecutionFlatted {
 	retryOf?: string;
 }
 
+export interface IExecutionResponseApi {
+	id: number | string;
+	mode: WorkflowExecuteMode;
+	startedAt: Date;
+	stoppedAt?: Date;
+	workflowId?: string;
+	finished: boolean;
+	retryOf?: number | string;
+	retrySuccessId?: number | string;
+	data?: string; // Just that we can remove it
+	waitTill?: Date | null;
+	workflowData: IWorkflowBase;
+}
 export interface IExecutionsListResponse {
 	count: number;
 	// results: IExecutionShortResponse[];
@@ -363,16 +378,20 @@ export interface IInternalHooksClass {
 		firstWorkflowCreatedAt?: Date,
 	): Promise<unknown[]>;
 	onPersonalizationSurveySubmitted(userId: string, answers: Record<string, string>): Promise<void>;
-	onWorkflowCreated(userId: string, workflow: IWorkflowBase): Promise<void>;
-	onWorkflowDeleted(userId: string, workflowId: string): Promise<void>;
-	onWorkflowSaved(userId: string, workflow: IWorkflowBase): Promise<void>;
+	onWorkflowCreated(userId: string, workflow: IWorkflowBase, publicApi: boolean): Promise<void>;
+	onWorkflowDeleted(userId: string, workflowId: string, publicApi: boolean): Promise<void>;
+	onWorkflowSaved(userId: string, workflow: IWorkflowBase, publicApi: boolean): Promise<void>;
 	onWorkflowPostExecute(
 		executionId: string,
 		workflow: IWorkflowBase,
 		runData?: IRun,
 		userId?: string,
 	): Promise<void>;
-	onUserDeletion(userId: string, userDeletionData: ITelemetryUserDeletionData): Promise<void>;
+	onUserDeletion(
+		userId: string,
+		userDeletionData: ITelemetryUserDeletionData,
+		publicApi: boolean,
+	): Promise<void>;
 	onUserInvite(userInviteData: { user_id: string; target_user_id: string[] }): Promise<void>;
 	onUserReinvite(userReinviteData: { user_id: string; target_user_id: string }): Promise<void>;
 	onUserUpdate(userUpdateData: { user_id: string; fields_changed: string[] }): Promise<void>;
@@ -468,6 +487,7 @@ export interface IN8nUISettings {
 	personalizationSurveyEnabled: boolean;
 	defaultLocale: string;
 	userManagement: IUserManagementSettings;
+	publicApi: IPublicApiSettings;
 	workflowTagsDisabled: boolean;
 	logLevel: 'info' | 'debug' | 'warn' | 'error' | 'verbose' | 'silent';
 	hiringBannerEnabled: boolean;
@@ -495,6 +515,11 @@ export interface IUserManagementSettings {
 	showSetupOnFirstLoad?: boolean;
 	smtpSetup: boolean;
 }
+export interface IPublicApiSettings {
+	enabled: boolean;
+	latestVersion: number;
+	path: string;
+}
 
 export interface IPackageVersions {
 	cli: string;

packages/cli/src/InternalHooks.ts

@@ -64,24 +64,30 @@ export class InternalHooksClass implements IInternalHooksClass {
 		);
 	}
 
-	async onWorkflowCreated(userId: string, workflow: IWorkflowBase): Promise<void> {
+	async onWorkflowCreated(
+		userId: string,
+		workflow: IWorkflowBase,
+		publicApi: boolean,
+	): Promise<void> {
 		const { nodeGraph } = TelemetryHelpers.generateNodesGraph(workflow, this.nodeTypes);
 		return this.telemetry.track('User created workflow', {
 			user_id: userId,
 			workflow_id: workflow.id,
 			node_graph: nodeGraph,
 			node_graph_string: JSON.stringify(nodeGraph),
+			public_api: publicApi,
 		});
 	}
 
-	async onWorkflowDeleted(userId: string, workflowId: string): Promise<void> {
+	async onWorkflowDeleted(userId: string, workflowId: string, publicApi: boolean): Promise<void> {
 		return this.telemetry.track('User deleted workflow', {
 			user_id: userId,
 			workflow_id: workflowId,
+			public_api: publicApi,
 		});
 	}
 
-	async onWorkflowSaved(userId: string, workflow: IWorkflowDb): Promise<void> {
+	async onWorkflowSaved(userId: string, workflow: IWorkflowDb, publicApi: boolean): Promise<void> {
 		const { nodeGraph } = TelemetryHelpers.generateNodesGraph(workflow, this.nodeTypes);
 
 		const notesCount = Object.keys(nodeGraph.notes).length;
@@ -98,6 +104,7 @@ export class InternalHooksClass implements IInternalHooksClass {
 			notes_count_non_overlapping: notesCount - overlappingCount,
 			version_cli: this.versionCli,
 			num_tags: workflow.tags?.length ?? 0,
+			public_api: publicApi,
 		});
 	}
 
@@ -215,21 +222,73 @@ export class InternalHooksClass implements IInternalHooksClass {
 	async onUserDeletion(
 		userId: string,
 		userDeletionData: ITelemetryUserDeletionData,
+		publicApi: boolean,
 	): Promise<void> {
-		return this.telemetry.track('User deleted user', { ...userDeletionData, user_id: userId });
+		return this.telemetry.track('User deleted user', {
+			...userDeletionData,
+			user_id: userId,
+			public_api: publicApi,
+		});
 	}
 
-	async onUserInvite(userInviteData: { user_id: string; target_user_id: string[] }): Promise<void> {
+	async onUserInvite(userInviteData: {
+		user_id: string;
+		target_user_id: string[];
+		public_api: boolean;
+	}): Promise<void> {
 		return this.telemetry.track('User invited new user', userInviteData);
 	}
 
 	async onUserReinvite(userReinviteData: {
 		user_id: string;
 		target_user_id: string;
+		public_api: boolean;
 	}): Promise<void> {
 		return this.telemetry.track('User resent new user invite email', userReinviteData);
 	}
 
+	async onUserRetrievedUser(userRetrievedData: {
+		user_id: string;
+		public_api: boolean;
+	}): Promise<void> {
+		return this.telemetry.track('User retrieved user', userRetrievedData);
+	}
+
+	async onUserRetrievedAllUsers(userRetrievedData: {
+		user_id: string;
+		public_api: boolean;
+	}): Promise<void> {
+		return this.telemetry.track('User retrieved all users', userRetrievedData);
+	}
+
+	async onUserRetrievedExecution(userRetrievedData: {
+		user_id: string;
+		public_api: boolean;
+	}): Promise<void> {
+		return this.telemetry.track('User retrieved execution', userRetrievedData);
+	}
+
+	async onUserRetrievedAllExecutions(userRetrievedData: {
+		user_id: string;
+		public_api: boolean;
+	}): Promise<void> {
+		return this.telemetry.track('User retrieved all executions', userRetrievedData);
+	}
+
+	async onUserRetrievedWorkflow(userRetrievedData: {
+		user_id: string;
+		public_api: boolean;
+	}): Promise<void> {
+		return this.telemetry.track('User retrieved workflow', userRetrievedData);
+	}
+
+	async onUserRetrievedAllWorkflows(userRetrievedData: {
+		user_id: string;
+		public_api: boolean;
+	}): Promise<void> {
+		return this.telemetry.track('User retrieved all workflows', userRetrievedData);
+	}
+
 	async onUserUpdate(userUpdateData: { user_id: string; fields_changed: string[] }): Promise<void> {
 		return this.telemetry.track('User changed personal settings', userUpdateData);
 	}
@@ -248,13 +307,37 @@ export class InternalHooksClass implements IInternalHooksClass {
 	async onUserTransactionalEmail(userTransactionalEmailData: {
 		user_id: string;
 		message_type: 'Reset password' | 'New user invite' | 'Resend invite';
+		public_api: boolean;
 	}): Promise<void> {
 		return this.telemetry.track(
-			'Instance sent transactional email to user',
+			'Instance sent transacptional email to user',
 			userTransactionalEmailData,
 		);
 	}
 
+	async onUserInvokedApi(userInvokedApiData: {
+		user_id: string;
+		path: string;
+		method: string;
+		api_version: string;
+	}): Promise<void> {
+		return this.telemetry.track('User invoked API', userInvokedApiData);
+	}
+
+	async onApiKeyDeleted(apiKeyDeletedData: {
+		user_id: string;
+		public_api: boolean;
+	}): Promise<void> {
+		return this.telemetry.track('API key deleted', apiKeyDeletedData);
+	}
+
+	async onApiKeyCreated(apiKeyCreatedData: {
+		user_id: string;
+		public_api: boolean;
+	}): Promise<void> {
+		return this.telemetry.track('API key created', apiKeyCreatedData);
+	}
+
 	async onUserPasswordResetRequestClick(userPasswordResetData: { user_id: string }): Promise<void> {
 		return this.telemetry.track(
 			'User requested password reset while logged out',
@@ -273,6 +356,7 @@ export class InternalHooksClass implements IInternalHooksClass {
 	async onEmailFailed(failedEmailData: {
 		user_id: string;
 		message_type: 'Reset password' | 'New user invite' | 'Resend invite';
+		public_api: boolean;
 	}): Promise<void> {
 		return this.telemetry.track(
 			'Instance failed to send transactional email to user',