@adobe/helix-config-storage 1.15.3 → 2.0.0

package/CHANGELOG.md

@@ -1,3 +1,27 @@
+# [2.0.0](https://github.com/adobe/helix-config-storage/compare/v1.15.4...v2.0.0) (2025-03-03)
+
+
+### Bug Fixes
+
+* tetss ([2d6c782](https://github.com/adobe/helix-config-storage/commit/2d6c782e7685416fe329608254a763b48b2c2102))
+
+
+### Features
+
+* add access control around features, limits and modifying admin roles ([c3d4a20](https://github.com/adobe/helix-config-storage/commit/c3d4a2005fdc9f580e0149198bdc02ac0af7f17a))
+
+
+### BREAKING CHANGES
+
+* modifying access control needs 'isAdmin' flag to be set
+
+## [1.15.4](https://github.com/adobe/helix-config-storage/compare/v1.15.3...v1.15.4) (2025-02-25)
+
+
+### Bug Fixes
+
+* **deps:** update dependency jose to v6 ([#95](https://github.com/adobe/helix-config-storage/issues/95)) ([663608d](https://github.com/adobe/helix-config-storage/commit/663608def22b6c92a0a2d213fd0d48e195e4137e))
+
 ## [1.15.3](https://github.com/adobe/helix-config-storage/compare/v1.15.2...v1.15.3) (2025-02-22)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/helix-config-storage",
-  "version": "1.15.3",
+  "version": "2.0.0",
   "description": "Helix Config Storage",
   "main": "src/index.js",
   "types": "src/index.d.ts",
@@ -66,6 +66,6 @@
     "@adobe/helix-shared-utils": "3.0.2",
     "ajv": "8.17.1",
     "ajv-formats": "3.0.1",
-    "jose": "5.10.0"
+    "jose": "6.0.6"
   }
 }

package/src/config-store.js

@@ -23,6 +23,7 @@ import {
 } from './utils.js';
 import { validate as validateSchema } from './config-validator.js';
 import { getMergedConfig } from './config-merge.js';
+import { ValidationError } from './ValidationError.js';
 
 const FRAGMENTS_COMMON = {
   content: 'object',
@@ -300,6 +301,28 @@ export class ConfigStore {
       ? `/orgs/${org}/${name || 'config'}.json`
       : `/orgs/${org}/${type}/${name}.json`;
     this.now = new Date();
+    this.isAdmin = false;
+    this.isOps = false;
+  }
+
+  /**
+   * Controls if setting the admin role is allowed.
+   * @param {boolean} v
+   * @returns {ConfigStore} this
+   */
+  withAllowAdmin(v) {
+    this.isAdmin = v;
+    return this;
+  }
+
+  /**
+   * Controls if setting ops related properties, like features and limits are allowed.
+   * @param {boolean} v
+   * @returns {ConfigStore} this
+   */
+  withAllowOps(v) {
+    this.isOps = v;
+    return this;
   }
 
   /**
@@ -370,6 +393,62 @@ export class ConfigStore {
     return validateSchema(data, this.type);
   }
 
+  /**
+   * Checks if the permissions allow to update the config.
+   * @param {AdminConfig} ctx
+   * @param {object} oldConfig
+   * @param {object} newConfig
+   * @returns {Promise<void>}
+   */
+  async validatePermissions(ctx, oldConfig, newConfig) {
+    // prevent setting the ops role
+    if (newConfig.access?.admin?.role?.ops) {
+      throw new ValidationError('invalid role: ops');
+    }
+    // ops can do everything
+    if (this.isOps) {
+      return;
+    }
+    // required admin to set admin role
+    if (!this.isAdmin) {
+      if (this.type === 'org') {
+        const getAdmins = (users) => users
+          .filter((user) => user.roles.includes('admin'))
+          .map((user) => user.email)
+          .sort((a, b) => a.localeCompare(b));
+        // get the users with the admin role
+        const oldAdmins = getAdmins(oldConfig?.users ?? []);
+        const newAdmins = getAdmins(newConfig?.users ?? []);
+        if (oldAdmins.join() !== newAdmins.join()) {
+          throw new StatusCodeError(403, 'not allowed to modify admin role');
+        }
+      } else {
+        // check for changed admin roles
+        const oldAdmins = (oldConfig?.access?.admin?.role?.admin || [])
+          .sort((a, b) => a.localeCompare(b));
+        const newAdmins = (newConfig?.access?.admin?.role?.admin || [])
+          .sort((a, b) => a.localeCompare(b));
+        if (oldAdmins.join() !== newAdmins.join()) {
+          throw new StatusCodeError(403, 'not allowed to modify admin role');
+        }
+      }
+    }
+
+    // check for changed features or limits
+    if (this.type !== 'org') {
+      const oldFeatures = oldConfig?.features ?? {};
+      const newFeatures = newConfig?.features ?? {};
+      if (!isDeepStrictEqual(oldFeatures, newFeatures)) {
+        throw new StatusCodeError(403, 'not allowed to modify features');
+      }
+      const oldLimits = oldConfig?.limits ?? {};
+      const newLimits = newConfig?.limits ?? {};
+      if (!isDeepStrictEqual(oldLimits, newLimits)) {
+        throw new StatusCodeError(403, 'not allowed to modify limits');
+      }
+    }
+  }
+
   async create(ctx, data, relPath = '') {
     if (relPath) {
       throw new StatusCodeError(409, 'create not supported on substructures.');
@@ -396,6 +475,7 @@ export class ConfigStore {
     this.#updateTimeStamps(data);
     const config = await this.getAggregatedConfig(ctx, data);
     await this.validate(ctx, config);
+    await this.validatePermissions(ctx, {}, config);
     await storage.put(this.key, JSON.stringify(data), 'application/json');
     await this.purge(ctx, null, config);
   }
@@ -576,6 +656,7 @@ export class ConfigStore {
     }
 
     await this.validate(ctx, newConfig);
+    await this.validatePermissions(ctx, oldConfig, newConfig);
     await storage.put(this.key, JSON.stringify(config), 'application/json');
     await this.purge(ctx, oldConfig, newConfig);
     return ret ?? redact(data, frag);