@adobe/helix-config-storage 1.11.0 → 1.13.0

package/CHANGELOG.md

@@ -1,3 +1,17 @@
+# [1.13.0](https://github.com/adobe/helix-config-storage/compare/v1.12.0...v1.13.0) (2024-12-16)
+
+
+### Features
+
+* remove clientCertDN ([#73](https://github.com/adobe/helix-config-storage/issues/73)) ([20dafca](https://github.com/adobe/helix-config-storage/commit/20dafcaf34cf18d3c1cdc096775b315ee4c76ceb))
+
+# [1.12.0](https://github.com/adobe/helix-config-storage/compare/v1.11.0...v1.12.0) (2024-12-11)
+
+
+### Features
+
+* require owner/repo for byo git ([#71](https://github.com/adobe/helix-config-storage/issues/71)) ([2d67b01](https://github.com/adobe/helix-config-storage/commit/2d67b01af1d1e16dfa569f5fb10b6e466873a47a))
+
 # [1.11.0](https://github.com/adobe/helix-config-storage/compare/v1.10.0...v1.11.0) (2024-12-10)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/helix-config-storage",
-  "version": "1.11.0",
+  "version": "1.13.0",
   "description": "Helix Config Storage",
   "main": "src/index.js",
   "types": "src/index.d.ts",
@@ -41,12 +41,12 @@
     "@semantic-release/git": "10.0.1",
     "@semantic-release/npm": "12.0.1",
     "ajv-cli": "5.0.0",
-    "c8": "10.1.2",
+    "c8": "10.1.3",
     "eslint": "8.57.1",
     "husky": "9.1.7",
     "json-schema-to-typescript": "15.0.3",
     "junit-report-builder": "5.1.1",
-    "lint-staged": "15.2.10",
+    "lint-staged": "15.2.11",
     "mocha": "11.0.1",
     "mocha-multi-reporters": "1.5.1",
     "mocha-suppress-logs": "0.5.1",

package/src/ValidationError.js

@@ -55,7 +55,7 @@ function handleCDNProd(byPath, msg) {
 
 export class ValidationError extends Error {
   constructor(msg, errors = []) {
-    super(ValidationError.generateErrorDetail(errors));
+    super(ValidationError.generateErrorDetail(errors) || msg);
     this._errors = errors;
   }
 

package/src/schemas/access-site.schema.json

@@ -18,13 +18,6 @@
       "items": {
         "type": "string"
       }
-    },
-    "clientCertDN": {
-      "description": "the DNs of the client certificates that are allowed.",
-      "type": "array",
-      "items": {
-        "type": "string"
-      }
     }
   },
   "additionalProperties": false

package/src/schemas/code.schema.json

@@ -34,6 +34,14 @@
         "secretId": {
           "type": "string",
           "pattern":  "^[a-zA-Z0-9-_=]+$"
+        },
+        "owner": {
+          "type": "string",
+          "pattern": "^[a-zA-Z0-9_-]+$"
+        },
+        "repo": {
+          "type": "string",
+          "pattern": "^[a-zA-Z0-9_-]+$"
         }
       },
       "required": [

package/src/utils.js

@@ -14,6 +14,7 @@ import crypto from 'crypto';
 import { GitUrl } from '@adobe/helix-shared-git';
 import { decodeJwt } from 'jose';
 import { StatusCodeError } from './status-code-error.js';
+import { ValidationError } from './ValidationError.js';
 
 /**
  * Update the contentBusId field of the content object based on the source URL.
@@ -73,15 +74,21 @@ export function updateCodeSource(ctx, code) {
   if (code?.source?.url) {
     // recompute owner, repo and type
     code.source.type = 'github';
-    const url = new GitUrl(code.source.url);
-    let owner = url.owner.toLowerCase();
-    const repo = url.repo.toLowerCase();
+    const url = new URL(code.source.url);
+    let { owner, repo } = code.source;
     if (url.hostname !== 'github.com' && url.hostname !== 'www.github.com') {
+      if (!owner || !repo) {
+        throw new ValidationError('code.source.owner and code.source.repo are required for non github sources.');
+      }
       const hash = crypto
         .createHash('sha256')
         .update(url.hostname)
         .digest('base64url').toLowerCase();
       owner = `${hash}-${owner}`;
+    } else {
+      const gitUrl = new GitUrl(code.source.url);
+      owner = gitUrl.owner.toLowerCase();
+      repo = gitUrl.repo.toLowerCase();
     }
 
     if (owner !== code.owner) {

package/types/org-config.d.ts

@@ -16,6 +16,14 @@ export type Users = User[];
 
 export interface HelixOrgConfig {
   version: 1;
+  /**
+   * the date and time this configuration was created.
+   */
+  created: string;
+  /**
+   * the date and time this configuration was modified last.
+   */
+  lastModified: string;
   /**
    * human readable title. has no influence on the configuration.
    */
@@ -27,6 +35,7 @@ export interface HelixOrgConfig {
   users?: Users;
   groups?: Groups;
   tokens?: Tokens;
+  access?: OrgAccessConfig;
 }
 export interface User {
   id: string;
@@ -61,3 +70,11 @@ export interface Tokens {
     created?: string;
   };
 }
+export interface OrgAccessConfig {
+  admin?: {
+    /**
+     * the id of the API key(s). this is used to validate the API KEYS and allows to invalidate them.
+     */
+    apiKeyId?: string[];
+  };
+}

package/types/profile-config.d.ts

@@ -22,6 +22,14 @@ export interface HelixProfileConfig {
    * description for clarity. has no influence on the configuration.
    */
   description?: string;
+  /**
+   * the date and time this configuration was created.
+   */
+  created: string;
+  /**
+   * the date and time this configuration was modified last.
+   */
+  lastModified: string;
   content?: ContentSource;
   code?: CodeSource;
   folders?: Folders;
@@ -34,6 +42,7 @@ export interface HelixProfileConfig {
   metadata?: Metadata;
   robots?: Robots;
   public?: Public;
+  events?: EventsConfig;
 }
 /**
  * Defines the content bus location and source.
@@ -49,6 +58,9 @@ export interface ContentSource {
   description?: string;
   contentBusId: string;
   source: GoogleContentSource | OnedriveContentSource | MarkupContentSource;
+  /**
+   * Overlay from a BYOM source. Previewing resources will try the overlay source first. Please note, that the overlay config is tied to the base content and not to the site config. I.e. it's not possible to have multiple sites with different overlays on the same base content.
+   */
   overlay?: MarkupContentSource;
 }
 export interface GoogleContentSource {
@@ -90,6 +102,10 @@ export interface CodeSource {
   source: {
     type: 'github';
     url: string;
+    raw_url?: string;
+    secretId?: string;
+    owner?: string;
+    repo?: string;
   };
   [k: string]: unknown;
 }
@@ -103,7 +119,7 @@ export interface Folders {
 export interface HelixHeadersConfig {
   /**
    * This interface was referenced by `HelixHeadersConfig`'s JSON-Schema definition
-   * via the `patternProperty` "^/[a-zA-Z0-9-/.]*\*{0,2}$".
+   * via the `patternProperty` "^[a-zA-Z0-9-/._*]+$".
    */
   [k: string]: KeyValuePair[];
 }
@@ -249,13 +265,13 @@ export interface Role {
 }
 export interface SiteAccessConfig {
   /**
-   * IDs of the api keys (tokens) that are allowed.
+   * The email glob of the users or a group reference that are allowed access
    */
-  apiKeyId?: string[];
+  allow?: string[];
   /**
-   * the DNs of the client certificates that are allowed.
+   * IDs of the api keys (tokens) that are allowed.
    */
-  clientCertDN?: string[];
+  apiKeyId?: string[];
 }
 export interface Tokens {
   /**
@@ -367,3 +383,8 @@ export interface Robots {
 export interface Public {
   [k: string]: unknown;
 }
+export interface EventsConfig {
+  github: {
+    target: string;
+  };
+}

package/types/site-config.d.ts

@@ -26,6 +26,14 @@ export interface HelixSiteConfig {
    * description for clarity. has no influence on the configuration.
    */
   description?: string;
+  /**
+   * the date and time this configuration was created.
+   */
+  created: string;
+  /**
+   * the date and time this configuration was modified last.
+   */
+  lastModified: string;
   content: ContentSource;
   code: CodeSource;
   folders?: Folders;
@@ -38,6 +46,7 @@ export interface HelixSiteConfig {
   metadata?: Metadata;
   robots?: Robots;
   public?: Public;
+  events?: EventsConfig;
   extends?: {
     profile?: string;
   };
@@ -56,6 +65,9 @@ export interface ContentSource {
   description?: string;
   contentBusId: string;
   source: GoogleContentSource | OnedriveContentSource | MarkupContentSource;
+  /**
+   * Overlay from a BYOM source. Previewing resources will try the overlay source first. Please note, that the overlay config is tied to the base content and not to the site config. I.e. it's not possible to have multiple sites with different overlays on the same base content.
+   */
   overlay?: MarkupContentSource;
 }
 export interface GoogleContentSource {
@@ -97,6 +109,10 @@ export interface CodeSource {
   source: {
     type: 'github';
     url: string;
+    raw_url?: string;
+    secretId?: string;
+    owner?: string;
+    repo?: string;
   };
   [k: string]: unknown;
 }
@@ -110,7 +126,7 @@ export interface Folders {
 export interface HelixHeadersConfig {
   /**
    * This interface was referenced by `HelixHeadersConfig`'s JSON-Schema definition
-   * via the `patternProperty` "^/[a-zA-Z0-9-/.]*\*{0,2}$".
+   * via the `patternProperty` "^[a-zA-Z0-9-/._*]+$".
    */
   [k: string]: KeyValuePair[];
 }
@@ -256,13 +272,13 @@ export interface Role {
 }
 export interface SiteAccessConfig {
   /**
-   * IDs of the api keys (tokens) that are allowed.
+   * The email glob of the users or a group reference that are allowed access
    */
-  apiKeyId?: string[];
+  allow?: string[];
   /**
-   * the DNs of the client certificates that are allowed.
+   * IDs of the api keys (tokens) that are allowed.
    */
-  clientCertDN?: string[];
+  apiKeyId?: string[];
 }
 export interface Tokens {
   /**
@@ -374,3 +390,8 @@ export interface Robots {
 export interface Public {
   [k: string]: unknown;
 }
+export interface EventsConfig {
+  github: {
+    target: string;
+  };
+}