@adobe/helix-config-storage 1.3.2 → 1.5.0

package/CHANGELOG.md

@@ -1,3 +1,17 @@
+# [1.5.0](https://github.com/adobe/helix-config-storage/compare/v1.4.0...v1.5.0) (2024-09-02)
+
+
+### Features
+
+* restructure transient-site-tokens ([#15](https://github.com/adobe/helix-config-storage/issues/15)) ([bec495c](https://github.com/adobe/helix-config-storage/commit/bec495cf3b594d38f0f2586fc3addba457be684f))
+
+# [1.4.0](https://github.com/adobe/helix-config-storage/compare/v1.3.2...v1.4.0) (2024-08-31)
+
+
+### Features
+
+* allow adding several users ([cc0722d](https://github.com/adobe/helix-config-storage/commit/cc0722d35b7dc75e78926922c9e9b1a55bbc8377))
+
 ## [1.3.2](https://github.com/adobe/helix-config-storage/compare/v1.3.1...v1.3.2) (2024-08-31)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/helix-config-storage",
-  "version": "1.3.2",
+  "version": "1.5.0",
   "description": "Helix Config Storage",
   "main": "src/index.js",
   "types": "src/index.d.ts",

package/src/config-store.js

@@ -68,6 +68,13 @@ const FRAGMENTS = {
   },
   profiles: FRAGMENTS_COMMON,
   org: {
+    tokens: {
+      '.': 'tokens',
+      '.param': {
+        name: 'id',
+        '.': 'token',
+      },
+    },
     users: {
       '.': 'users',
       '.param': {
@@ -353,17 +360,28 @@ export class ConfigStore {
         // don't expose hash in return value
         delete ret.hash;
       } else if (frag.type === 'users') {
-        const user = createUser();
-        data = {
-          ...data,
-          ...user,
-        };
-        relPath = ['users', user.id];
-        frag.type = 'user';
         // todo: define via "schema"
         if (!old.users) {
           old.users = [];
         }
+        if (Array.isArray(data)) {
+          const users = [...old.users];
+          for (const userData of data) {
+            users.push({
+              ...createUser(),
+              ...userData,
+            });
+          }
+          data = users;
+        } else {
+          const user = createUser();
+          data = {
+            ...data,
+            ...user,
+          };
+          relPath = ['users', user.id];
+          frag.type = 'user';
+        }
       } else if (frag.type === 'user') {
         const user = deepGetOrCreate(old, relPath);
         if (!user) {

package/src/schemas/org.schema.json

@@ -17,6 +17,9 @@
     },
     "groups": {
       "$ref": "https://ns.adobe.com/helix/config/groups"
+    },
+    "tokens": {
+      "$ref": "https://ns.adobe.com/helix/config/tokens"
     }
   },
   "required": [

package/src/transient-token-store.js

@@ -14,9 +14,7 @@
  * @typedef Token
  * @property {string} id
  * @property {string} value
- * @property {string} hash
  * @property {Date} created
- * @property {Date} expires
  */
 
 /**
@@ -25,20 +23,8 @@
  * @property {Token} live
  */
 
-/**
- * @typedef SiteTokensData
- * @property {Token[]} preview
- * @property {Token[]} live
- */
-
+import crypto from 'crypto';
 import { HelixStorage } from '@adobe/helix-shared-storage';
-import { createToken } from './utils.js';
-
-/**
- * Default expiry time for transient site tokens (24 hours)
- * @type {number}
- */
-const DEFAULT_EXPIRY_TIME = 24 * 60 * 60 * 1000;
 
 /**
  * Store to manage transient site tokens.
@@ -80,12 +66,12 @@ export class TransientTokenStore {
     this.org = org;
     this.site = site;
     this.#key = `orgs/${this.org}/sites/${this.site}/transient-site-tokens.json`;
-    this.#now = Date.now();
+    this.#now = new Date();
   }
 
   /**
    * Returns the current time (mainly used for tests)
-   * @returns {number}
+   * @returns {Date}
    */
   now() {
     return this.#now;
@@ -94,22 +80,21 @@ export class TransientTokenStore {
   /**
    * Loads the transient site tokens from the storage
    * @param ctx
-   * @returns {Promise<SiteTokensData>}
+   * @returns {Promise<SiteTokens>}
    */
   async #load(ctx) {
     if (!this.#tokens) {
       this.#tokens = {
-        preview: [],
-        live: [],
+        preview: undefined,
+        live: undefined,
       };
       this.#modified = false;
       const storage = HelixStorage.fromContext(ctx).configBus();
       const buf = await storage.get(this.#key);
       if (buf) {
         const data = JSON.parse(buf.toString('utf-8'));
-        const isValid = (t) => Date.parse(t.expires) > this.#now;
-        this.#tokens.preview = data.tokens.preview.filter(isValid);
-        this.#tokens.live = data.tokens.live.filter(isValid);
+        this.#tokens.preview = data.tokens.preview;
+        this.#tokens.live = data.tokens.live;
       }
     }
     return this.#tokens;
@@ -140,12 +125,17 @@ export class TransientTokenStore {
       throw new Error(`Invalid partition: ${partition}`);
     }
     const tokens = await this.#load(ctx);
-    let token = tokens[partition][0];
+    let token = tokens[partition];
     if (!token) {
-      token = createToken(this.org, 'hlxtst');
-      token.created = new Date(this.#now).toUTCString();
-      token.expires = new Date(this.#now + DEFAULT_EXPIRY_TIME).toUTCString();
-      tokens[partition].push(token);
+      const value = crypto.randomBytes(32).toString('base64url');
+      const id = crypto.createHash('sha256').update(value).digest().toString('base64url');
+      const created = this.#now.toUTCString();
+      token = {
+        id,
+        value,
+        created,
+      };
+      tokens[partition] = token;
       this.#modified = true;
     }
     await this.#save(ctx);
@@ -153,15 +143,31 @@ export class TransientTokenStore {
   }
 
   /**
-   * Returns the transient site tokens for the given context
+   * Returns the token header values for the given user id.
+   * @param ctx
+   * @param partition
+   * @param userid
+   * @returns {Promise<string>}
+   */
+  async getTokenHeader(ctx, partition, userid) {
+    const token = await this.getOrCreateToken(ctx, partition);
+    const user64 = Buffer.from(userid)
+      .toString('base64url');
+    const key = `${user64};${this.#now.toISOString().split('T')[0]}`;
+    const hash = crypto
+      .createHmac('sha512', key)
+      .update(token.value, 'utf-8')
+      .digest()
+      .toString('base64url');
+    return `hlxtst_${hash};${user64}`;
+  }
+
+  /**
+   * Returns the transient site tokens
    * @param ctx
    * @returns {Promise<SiteTokens>}
    */
   async getSiteTokens(ctx) {
-    const tokens = await this.#load(ctx);
-    return {
-      preview: tokens.preview[0],
-      live: tokens.live[0],
-    };
+    return this.#load(ctx);
   }
 }

package/types/org-config.d.ts

@@ -26,6 +26,7 @@ export interface HelixOrgConfig {
   description?: string;
   users?: Users;
   groups?: Groups;
+  tokens?: Tokens;
 }
 export interface User {
   id: string;
@@ -49,3 +50,14 @@ export interface Group {
     [k: string]: unknown;
   }[];
 }
+export interface Tokens {
+  /**
+   * This interface was referenced by `Tokens`'s JSON-Schema definition
+   * via the `patternProperty` "^[a-zA-Z0-9-_=]+$".
+   */
+  [k: string]: {
+    id?: string;
+    hash?: string;
+    created?: string;
+  };
+}

package/types/profile-config.d.ts

@@ -49,6 +49,7 @@ export interface ContentSource {
   description?: string;
   contentBusId: string;
   source: GoogleContentSource | OnedriveContentSource | MarkupContentSource;
+  overlay?: MarkupContentSource;
 }
 export interface GoogleContentSource {
   type: 'google';

package/types/site-config.d.ts

@@ -56,6 +56,7 @@ export interface ContentSource {
   description?: string;
   contentBusId: string;
   source: GoogleContentSource | OnedriveContentSource | MarkupContentSource;
+  overlay?: MarkupContentSource;
 }
 export interface GoogleContentSource {
   type: 'google';

package/validate-json-schemas.sh

@@ -21,8 +21,8 @@ npx ajv-cli --spec=draft2019 -c ajv-formats compile \
 -s src/schemas/metadata-source.schema.json \
 -s src/schemas/user.schema.json \
 -s src/schemas/users.schema.json \
--s src/schemas/org.schema.json \
 -s src/schemas/tokens.schema.json \
+-s src/schemas/org.schema.json \
 -s src/schemas/sidekick.schema.json \
 -s src/schemas/robots.schema.json \
 -s src/schemas/public.schema.json \