@adobe/helix-config-storage 1.0.0

package/src/schemas/tokens.schema.cjs

@@ -0,0 +1,12 @@
+/*
+ * Copyright 2024 Adobe. All rights reserved.
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+ * OF ANY KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+module.exports = require('./tokens.schema.json');

package/src/schemas/tokens.schema.json

@@ -0,0 +1,28 @@
+{
+  "$comment": "https://github.com/adobe/helix-config/blob/main/LICENSE.txt",
+  "$schema": "https://json-schema.org/draft/2019-09/schema",
+  "$id": "https://ns.adobe.com/helix/config/tokens",
+  "title": "tokens",
+  "type": "object",
+  "patternProperties": {
+    "^[a-zA-Z0-9-_=]+$": {
+      "type": "object",
+      "properties": {
+        "id": {
+          "type": "string",
+          "pattern": "^[a-zA-Z0-9-_=]+$"
+        },
+        "hash": {
+          "type": "string",
+          "pattern": "^[a-zA-Z0-9-_=]+$"
+        },
+        "created": {
+          "type": "string",
+          "format": "date-time"
+        }
+      },
+      "additionalProperties": false
+    }
+  },
+  "additionalProperties": false
+}

package/src/schemas/user.schema.cjs

@@ -0,0 +1,12 @@
+/*
+ * Copyright 2024 Adobe. All rights reserved.
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+ * OF ANY KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+module.exports = require('./user.schema.json');

package/src/schemas/user.schema.json

@@ -0,0 +1,42 @@
+{
+  "$comment": "https://github.com/adobe/helix-config/blob/main/LICENSE.txt",
+  "$schema": "https://json-schema.org/draft/2019-09/schema",
+  "$id": "https://ns.adobe.com/helix/config/user",
+  "title": "user",
+  "type": "object",
+  "properties": {
+    "id": {
+      "type": "string",
+      "pattern": "^[a-zA-Z0-9-_=]+$"
+    },
+    "email": {
+      "type": "string",
+      "format": "email"
+    },
+    "name": {
+      "type": "string"
+    },
+    "roles": {
+      "type": "array",
+      "items": {
+        "type": "string",
+        "enum": [
+          "admin",
+          "author",
+          "publish",
+          "develop",
+          "basic_author",
+          "basic_publish",
+          "config",
+          "config_admin"
+        ]
+      }
+    }
+  },
+  "required": [
+    "id",
+    "email",
+    "roles"
+  ],
+  "additionalProperties": false
+}

package/src/schemas/users.schema.cjs

@@ -0,0 +1,12 @@
+/*
+ * Copyright 2024 Adobe. All rights reserved.
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+ * OF ANY KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+module.exports = require('./users.schema.json');

package/src/schemas/users.schema.json

@@ -0,0 +1,10 @@
+{
+  "$comment": "https://github.com/adobe/helix-config/blob/main/LICENSE.txt",
+  "$schema": "https://json-schema.org/draft/2019-09/schema",
+  "$id": "https://ns.adobe.com/helix/config/users",
+  "title": "users",
+  "type": "array",
+  "items": {
+    "$ref": "https://ns.adobe.com/helix/config/user"
+  }
+}

package/src/status-code-error.js

@@ -0,0 +1,22 @@
+/*
+ * Copyright 2024 Adobe. All rights reserved.
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+ * OF ANY KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+export class StatusCodeError extends Error {
+  /**
+   * Creates a new StatusCodeError.
+   * @param {number} statusCode The status code.
+   * @param {string} message The error message.
+   */
+  constructor(statusCode, message) {
+    super(message);
+    this.statusCode = statusCode;
+  }
+}

package/src/utils.js

@@ -0,0 +1,223 @@
+/*
+ * Copyright 2024 Adobe. All rights reserved.
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+ * OF ANY KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+/* eslint-disable no-param-reassign */
+import crypto from 'crypto';
+import { GitUrl } from '@adobe/helix-shared-git';
+import { decodeJwt } from 'jose';
+import { StatusCodeError } from './status-code-error.js';
+
+/**
+ * Update the contentBusId field of the content object based on the source URL.
+ * @param ctx
+ * @param content
+ * @returns {boolean}
+ */
+export function updateContentSource(ctx, content) {
+  if (!content?.source?.url) {
+    return false;
+  }
+  const url = new URL(content.source.url);
+  let modified = false;
+  const sha256 = crypto
+    .createHash('sha256')
+    .update(url.toString())
+    .digest('hex');
+  const contentBusId = `${sha256.substring(0, 59)}`;
+  if (contentBusId === content.contentBusId) {
+    ctx.log.info(`contentBusId is already correct for ${url}: ${contentBusId}`);
+  } else {
+    ctx.log.info(`Updating contentBusId for ${url}: ${contentBusId}`);
+    content.contentBusId = contentBusId;
+    modified = true;
+  }
+
+  // calculate type based on source URL
+  if (!content.source.type) {
+    if (url.hostname === 'drive.google.com') {
+      content.source.type = 'google';
+      content.source.id = url.pathname.split('/').pop();
+      modified = true;
+    } else if (url.protocol === 'gdrive:') {
+      content.source.type = 'google';
+      content.source.id = url.pathname;
+      modified = true;
+    } else if (url.hostname.endsWith('.sharepoint.com') || url.hostname === '1drv.ms') {
+      content.source.type = 'onedrive';
+      modified = true;
+    } else if (url.protocol === 'onedrive:') {
+      content.source.type = 'onedrive';
+      content.source.itemId = url.pathname;
+      modified = true;
+    }
+  }
+  return modified;
+}
+
+/**
+ * updates the code source information
+ * @param ctx
+ * @param code
+ * @return {boolean} true if the code source was updated
+ */
+export function updateCodeSource(ctx, code) {
+  let modified = false;
+  if (code?.source?.url) {
+    // recompute owner, repo and type
+    code.source.type = 'github';
+    const url = new GitUrl(code.source.url);
+    if (url.owner !== code.owner) {
+      code.owner = url.owner;
+      modified = true;
+    }
+    if (url.repo !== code.repo) {
+      code.repo = url.repo;
+      modified ||= true;
+    }
+  } else if (code?.owner && code?.repo) {
+    code.source = {
+      type: 'github',
+      url: `https://github.com/${code.owner}/${code.repo}`,
+    };
+    modified = true;
+  }
+  return modified;
+}
+
+/**
+ * Creates a random token and hashes it with the given key
+ * @param {string} key
+ * @returns {object} the token
+ */
+export function createToken(key) {
+  const secret = crypto.randomBytes(32).toString('base64url');
+  const value = `hlx_${secret}`;
+  const hash = crypto
+    .createHmac('sha512', key)
+    .update(value, 'utf-8')
+    .digest()
+    .toString('base64url');
+  const id = crypto.createHash('sha256').update(hash).digest().toString('base64url');
+  const created = new Date().toISOString();
+  return {
+    id,
+    value,
+    hash,
+    created,
+  };
+}
+
+export function createUser() {
+  const id = crypto.randomBytes(16).toString('base64url');
+  return {
+    id,
+  };
+}
+
+/**
+ * migrates an existing jwt token
+ * @param key
+ * @param jwt
+ * @returns {Promise<object>}
+ */
+export async function migrateToken(key, jwt) {
+  let payload;
+  try {
+    payload = await decodeJwt(jwt);
+  } catch (e) {
+    throw new StatusCodeError(400, `unable to migrate jwt: ${e.message}`);
+  }
+  const { jti } = payload;
+  if (!jti) {
+    throw new StatusCodeError(400, 'unable to migrate jwt: missing jti claim.');
+  }
+  const id = jti
+    .replaceAll('/', '_')
+    .replaceAll('+', '-');
+  const hash = crypto
+    .createHmac('sha512', key)
+    .update(jwt, 'utf-8')
+    .digest()
+    .toString('base64url');
+  const created = new Date().toISOString();
+  return {
+    id,
+    value: jwt,
+    hash,
+    created,
+  };
+}
+
+/**
+ * Returns the property addressed by the given path in the object.
+ * If {@code create} is {@code true}, intermediate objects will be created if they do not exist.
+ *
+ * @param {object} obj the object to search
+ * @param {string|string[]} path the path or path segments
+ * @param {boolean} create if {@code true} intermediate objects will be created if they do not exist
+ * @returns {*}
+ */
+export function deepGetOrCreate(obj, path, create = false) {
+  const parts = Array.isArray(path) ? path : path.split('/');
+  let o = obj;
+  for (const prop of parts) {
+    if (Array.isArray(o)) {
+      // todo: better support for arrays
+      o = o.find((e) => e.id === prop);
+    } else if (typeof o !== 'object') {
+      return undefined;
+    } else if (prop in o) {
+      o = o[prop];
+    } else if (create) {
+      // eslint-disable-next-line no-multi-assign
+      o = o[prop] = {};
+    } else {
+      return undefined;
+    }
+  }
+  return o;
+}
+
+/**
+ * Sets the property addressed by the given path in the object.
+ * @param {object} obj the object to search
+ * @param {string|string[]} path the path or path segments
+ * @param {*} value the value to set on the object
+ * @returns {object} the passed in `obj`
+ */
+export function deepPut(obj, path, value) {
+  const parts = Array.isArray(path) ? path : path.split('/');
+  const last = parts.pop();
+  const parent = parts.reduce((o, prop) => {
+    if (!(prop in o)) {
+      // eslint-disable-next-line no-param-reassign
+      o[prop] = {};
+    }
+    return o[prop];
+  }, obj);
+
+  if (Array.isArray(parent)) {
+    // todo: better support for non id keys
+    const idx = parent.findIndex((e) => e.id === last);
+    if (idx >= 0 && value === null) {
+      parent.splice(idx, 1);
+    } else if (idx >= 0) {
+      parent[idx] = value;
+    } else if (value !== null) {
+      parent.push(value);
+    }
+  } else if (value === null) {
+    delete parent[last];
+  } else {
+    parent[last] = value;
+  }
+  return obj;
+}

package/types/org-config.d.ts

@@ -0,0 +1,51 @@
+/*
+ * Copyright 2024 Adobe. All rights reserved.
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+ * OF ANY KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+
+// NOTE: this file is autogenerated via 'npm run docs:types'
+
+export type Users = User[];
+
+export interface HelixOrgConfig {
+  version: 1;
+  /**
+   * human readable title. has no influence on the configuration.
+   */
+  title?: string;
+  /**
+   * description for clarity. has no influence on the configuration.
+   */
+  description?: string;
+  users?: Users;
+  groups?: Groups;
+}
+export interface User {
+  id: string;
+  email: string;
+  name?: string;
+  roles: ('admin' | 'author' | 'publish' | 'develop' | 'basic_author' | 'basic_publish' | 'config' | 'config_admin')[];
+}
+export interface Groups {
+  [k: string]: Group;
+}
+/**
+ * A group of members. Can be referenced in access.admin.role.
+ *
+ * This interface was referenced by `Groups`'s JSON-Schema definition
+ * via the `patternProperty` "^[a-zA-Z0-9-_=]+$".
+ */
+export interface Group {
+  members: {
+    email: string;
+    name?: string;
+    [k: string]: unknown;
+  }[];
+}