@adobe/helix-config-storage 1.1.1 → 1.2.0

package/CHANGELOG.md

@@ -1,3 +1,10 @@
+# [1.2.0](https://github.com/adobe/helix-config-storage/compare/v1.1.1...v1.2.0) (2024-08-22)
+
+
+### Features
+
+* add support for transient site tokens ([#5](https://github.com/adobe/helix-config-storage/issues/5)) ([0ce5664](https://github.com/adobe/helix-config-storage/commit/0ce56644ab97d0a2ab22e32cd2c5ce6b423aa138))
+
 ## [1.1.1](https://github.com/adobe/helix-config-storage/compare/v1.1.0...v1.1.1) (2024-08-19)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/helix-config-storage",
-  "version": "1.1.1",
+  "version": "1.2.0",
   "description": "Helix Config Storage",
   "main": "src/index.js",
   "types": "src/index.d.ts",

package/src/index.js

@@ -13,3 +13,4 @@ export { ConfigStore } from './config-store.js';
 export { SCHEMAS } from './config-validator.js';
 export * from './ValidationError.js';
 export * from './config-merge.js';
+export * from './transient-token-store.js';

package/src/transient-token-store.js

@@ -0,0 +1,167 @@
+/*
+ * Copyright 2024 Adobe. All rights reserved.
+ * This file is licensed to you under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License. You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+ * OF ANY KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+
+/**
+ * @typedef Token
+ * @property {string} id
+ * @property {string} value
+ * @property {string} hash
+ * @property {Date} created
+ * @property {Date} expires
+ */
+
+/**
+ * @typedef SiteTokens
+ * @property {Token} preview
+ * @property {Token} live
+ */
+
+/**
+ * @typedef SiteTokensData
+ * @property {Token[]} preview
+ * @property {Token[]} live
+ */
+
+import { HelixStorage } from '@adobe/helix-shared-storage';
+import { createToken } from './utils.js';
+
+/**
+ * Default expiry time for transient site tokens (24 hours)
+ * @type {number}
+ */
+const DEFAULT_EXPIRY_TIME = 24 * 60 * 60 * 1000;
+
+/**
+ * Store to manage transient site tokens.
+ * - the tokens have a fixed expiration time (default 24h) which can be verified on the edge
+ * - the transient site tokens are managed and delivered independent of the fixed site tokens
+ */
+export class TransientTokenStore {
+  /**
+   * Org name
+   */
+  org;
+
+  /**
+   * Site name
+   */
+  site;
+
+  /**
+   * S3/R2 Key for the transient site tokens
+   */
+  #key;
+
+  /**
+   * loaded tokens
+   */
+  #tokens;
+
+  /**
+   * modified flag
+   */
+  #modified;
+
+  /**
+   * consistent "now"
+   */
+  #now;
+
+  constructor(org, site) {
+    this.org = org;
+    this.site = site;
+    this.#key = `orgs/${this.org}/sites/${this.site}/transient-site-tokens.json`;
+    this.#now = Date.now();
+  }
+
+  /**
+   * Returns the current time (mainly used for tests)
+   * @returns {number}
+   */
+  now() {
+    return this.#now;
+  }
+
+  /**
+   * Loads the transient site tokens from the storage
+   * @param ctx
+   * @returns {Promise<SiteTokensData>}
+   */
+  async #load(ctx) {
+    if (!this.#tokens) {
+      this.#tokens = {
+        preview: [],
+        live: [],
+      };
+      this.#modified = false;
+      const storage = HelixStorage.fromContext(ctx).configBus();
+      const buf = await storage.get(this.#key);
+      if (buf) {
+        const data = JSON.parse(buf.toString('utf-8'));
+        const isValid = (t) => Date.parse(t.expires) > this.#now;
+        this.#tokens.preview = data.tokens.preview.filter(isValid);
+        this.#tokens.live = data.tokens.live.filter(isValid);
+      }
+    }
+    return this.#tokens;
+  }
+
+  /**
+   * Saves the transient site tokens to the storage if modified
+   * @param ctx
+   * @returns {Promise<void>}
+   */
+  async #save(ctx) {
+    if (this.#modified) {
+      const storage = HelixStorage.fromContext(ctx).configBus();
+      await storage.put(this.#key, JSON.stringify(this.#tokens));
+      this.#modified = false;
+    }
+  }
+
+  /**
+   * Returns the transient site token for the given partition. If the token does not exist or is
+   * expired, it will be created.
+   * @param ctx
+   * @param partition
+   * @returns {Promise<Token>}
+   */
+  async getOrCreateToken(ctx, partition) {
+    if (partition !== 'preview' && partition !== 'live') {
+      throw new Error(`Invalid partition: ${partition}`);
+    }
+    const tokens = await this.#load(ctx);
+    let token = tokens[partition][0];
+    if (!token) {
+      token = createToken(this.org, 'hlxtst');
+      token.created = new Date(this.#now).toUTCString();
+      token.expires = new Date(this.#now + DEFAULT_EXPIRY_TIME).toUTCString();
+      tokens[partition].push(token);
+      this.#modified = true;
+    }
+    await this.#save(ctx);
+    return token;
+  }
+
+  /**
+   * Returns the transient site tokens for the given context
+   * @param ctx
+   * @returns {Promise<SiteTokens>}
+   */
+  async getSiteTokens(ctx) {
+    const tokens = await this.#load(ctx);
+    return {
+      preview: tokens.preview[0],
+      live: tokens.live[0],
+    };
+  }
+}

package/src/utils.js

@@ -95,11 +95,12 @@ export function updateCodeSource(ctx, code) {
 /**
  * Creates a random token and hashes it with the given key
  * @param {string} key
+ * @param {string} [pfx='hlx'] the prefix of the token
  * @returns {object} the token
  */
-export function createToken(key) {
+export function createToken(key, pfx = 'hlx') {
   const secret = crypto.randomBytes(32).toString('base64url');
-  const value = `hlx_${secret}`;
+  const value = `${pfx}_${secret}`;
   const hash = crypto
     .createHmac('sha512', key)
     .update(value, 'utf-8')