feat: add n8n serve node and harden remote access

- Add the n8n community node package with credentials, command mapping, direct serve TCP client, and browser-cli protocol crypto helpers. - Cover Ed25519 signing, canonical JSON, PQ transport encryption, request mapping, and security behavior with unit tests. - Harden serve-http with per-address rate limiting, an 8 MB request body cap, and clear warnings when binding plain HTTP beyond loopback. - Stop one-shot --key overrides from being persisted automatically; document explicit remote trust and keep key-management behind the keys policy tier. - Make HTML-to-Markdown conversion safer by bounding tree depth and dropping unsafe link/image URL schemes. - Bump package and extension release metadata to 0.16.3.
2026-06-19 10:00:23 +02:00
parent 7fe0e27fec
commit cea8a7e994
28 changed files with 3687 additions and 164 deletions
@@ -0,0 +1,27 @@
+// Build the pure-logic tests to ESM and run them with node --test. request.ts
+// and protocol.ts import nothing from n8n, so this needs only esbuild + node.
+// node_modules stay external (--packages=external) so the @noble/post-quantum
+// dynamic import in protocol.ts resolves at runtime instead of being bundled.
+import { spawnSync } from 'node:child_process';
+import { dirname } from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+const root = dirname(dirname(fileURLToPath(import.meta.url)));
+const run = (cmd, args) => spawnSync(cmd, args, { cwd: root, stdio: 'inherit' });
+
+const suites = ['request', 'protocol'];
+
+const build = run('npx', [
+  'esbuild',
+  ...suites.map((name) => `test/${name}.test.ts`),
+  '--bundle',
+  '--format=esm',
+  '--platform=node',
+  '--packages=external',
+  '--outdir=test-dist',
+  '--out-extension:.js=.mjs',
+]);
+if (build.status !== 0) process.exit(build.status ?? 1);
+
+const test = run('node', ['--test', ...suites.map((name) => `test-dist/${name}.test.mjs`)]);
+process.exit(test.status ?? 1);