IAV-1331/feat(credentials): dynamic schema-based allowedHttpRequestDomains detection + customer-care replication bypass (!50) · Requêtes de fusion · iavia / iavia-core-n8n-service

salaheddine zidani a demandé de fusionner feature/IAV-1331 vers develop avr. 30, 2026

Summary

This MR refactors CredentialServiceImpl in two main areas:

Replacing the static type exclusion list for allowedHttpRequestDomains with a live schema check against the N8N API
Allowing credential re-replication within the customer-care instance by bypassing the existing-instance guard

Changes

Dynamic schema detection for `allowedHttpRequestDomains`

Previously, applyDefaultAllowedHttpRequestDomains relied on a hardcoded Set of N8N type names (telegramApi, whatsAppTriggerApi) to decide whether to skip injecting "allowedHttpRequestDomains": "all". This was brittle — any new credential type that does not declare that field would silently fail on creation.

The method now:

Calls GET /credentials/schema/{typeName} on the target N8N instance
Reads the schema's properties map
Only injects allowedHttpRequestDomains if the field is explicitly declared in the schema
Removes the stale allowedDomains key when the injection is applied
Degrades gracefully with a warning log if the schema call fails, without blocking the main operation The method signature now receives N8NInstanceConfig instance as a third parameter; all three call sites (createCredential, updateCredential, replicateCredential, updateCredentialInN8n) have been updated accordingly.

Customer-care replication bypass

replicateCredential previously returned early if a CredentialInstance already existed in the target instance. This prevented re-deploying a credential to the customer-care N8N instance when it had already been replicated there once.

A bypass is now applied when both sourceInstanceName and targetInstanceName equal customer-care, allowing the creation of a new CredentialInstance even if one already exists for that credential in that instance.

`updateCredential` structural cleanup

The CredentialInstance lookup (findByN8nCredentialIdAndInstanceName) has been moved earlier in the method, removing a duplicated orElseThrow call that existed lower in the original flow.

Bug Fixed

Location	Issue
`replicateCredential`	`applyDefaultAllowedHttpRequestDomains` was called on `credentialData` after `dataForN8n` had already been populated via `putAll(credentialData)`, meaning `allowedHttpRequestDomains` was never present in the actual N8N request payload. The call now targets `dataForN8n` directly.

What Was Not Changed

normalizeCredentialDataForReplication remains defined but is still not called — out of scope for this MR, tracked separately
The bidirectional type mapping methods (mapCredentialTypeToN8NType / mapN8NTypeToCredentialType) are unchanged
All other service methods are unchanged

Closes IAV-1331

Modification effectuée avr. 30, 2026 par salaheddine zidani

IAV-1331/feat(credentials): dynamic schema-based allowedHttpRequestDomains detection + customer-care replication bypass