@adobe/helix-config-storage 1.4.0 → 1.6.0

package/CHANGELOG.md

@@ -1,3 +1,17 @@
+# [1.6.0](https://github.com/adobe/helix-config-storage/compare/v1.5.0...v1.6.0) (2024-09-02)
+
+
+### Features
+
+* allow modify access.admin.roles ([#17](https://github.com/adobe/helix-config-storage/issues/17)) ([20de603](https://github.com/adobe/helix-config-storage/commit/20de603828b9fdb582ae813e978abbe9bb407fad))
+
+# [1.5.0](https://github.com/adobe/helix-config-storage/compare/v1.4.0...v1.5.0) (2024-09-02)
+
+
+### Features
+
+* restructure transient-site-tokens ([#15](https://github.com/adobe/helix-config-storage/issues/15)) ([bec495c](https://github.com/adobe/helix-config-storage/commit/bec495cf3b594d38f0f2586fc3addba457be684f))
+
 # [1.4.0](https://github.com/adobe/helix-config-storage/compare/v1.3.2...v1.4.0) (2024-08-31)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/helix-config-storage",
-  "version": "1.4.0",
+  "version": "1.6.0",
   "description": "Helix Config Storage",
   "main": "src/index.js",
   "types": "src/index.d.ts",

package/src/config-store.js

@@ -39,7 +39,20 @@ const FRAGMENTS_COMMON = {
   access: {
     '.': 'object',
     site: 'object',
-    admin: 'object',
+    admin: {
+      '.': 'object',
+      role: {
+        '.': 'object',
+        admin: 'object',
+        author: 'object',
+        publish: 'object',
+        develop: 'object',
+        basic_author: 'object',
+        basic_publish: 'object',
+        config: 'object',
+        config_admin: 'object',
+      },
+    },
     preview: 'object',
     live: 'object',
   },

package/src/transient-token-store.js

@@ -14,9 +14,7 @@
  * @typedef Token
  * @property {string} id
  * @property {string} value
- * @property {string} hash
  * @property {Date} created
- * @property {Date} expires
  */
 
 /**
@@ -25,20 +23,8 @@
  * @property {Token} live
  */
 
-/**
- * @typedef SiteTokensData
- * @property {Token[]} preview
- * @property {Token[]} live
- */
-
+import crypto from 'crypto';
 import { HelixStorage } from '@adobe/helix-shared-storage';
-import { createToken } from './utils.js';
-
-/**
- * Default expiry time for transient site tokens (24 hours)
- * @type {number}
- */
-const DEFAULT_EXPIRY_TIME = 24 * 60 * 60 * 1000;
 
 /**
  * Store to manage transient site tokens.
@@ -80,12 +66,12 @@ export class TransientTokenStore {
     this.org = org;
     this.site = site;
     this.#key = `orgs/${this.org}/sites/${this.site}/transient-site-tokens.json`;
-    this.#now = Date.now();
+    this.#now = new Date();
   }
 
   /**
    * Returns the current time (mainly used for tests)
-   * @returns {number}
+   * @returns {Date}
    */
   now() {
     return this.#now;
@@ -94,22 +80,21 @@ export class TransientTokenStore {
   /**
    * Loads the transient site tokens from the storage
    * @param ctx
-   * @returns {Promise<SiteTokensData>}
+   * @returns {Promise<SiteTokens>}
    */
   async #load(ctx) {
     if (!this.#tokens) {
       this.#tokens = {
-        preview: [],
-        live: [],
+        preview: undefined,
+        live: undefined,
       };
       this.#modified = false;
       const storage = HelixStorage.fromContext(ctx).configBus();
       const buf = await storage.get(this.#key);
       if (buf) {
         const data = JSON.parse(buf.toString('utf-8'));
-        const isValid = (t) => Date.parse(t.expires) > this.#now;
-        this.#tokens.preview = data.tokens.preview.filter(isValid);
-        this.#tokens.live = data.tokens.live.filter(isValid);
+        this.#tokens.preview = data.tokens.preview;
+        this.#tokens.live = data.tokens.live;
       }
     }
     return this.#tokens;
@@ -140,12 +125,17 @@ export class TransientTokenStore {
       throw new Error(`Invalid partition: ${partition}`);
     }
     const tokens = await this.#load(ctx);
-    let token = tokens[partition][0];
+    let token = tokens[partition];
     if (!token) {
-      token = createToken(this.org, 'hlxtst');
-      token.created = new Date(this.#now).toUTCString();
-      token.expires = new Date(this.#now + DEFAULT_EXPIRY_TIME).toUTCString();
-      tokens[partition].push(token);
+      const value = crypto.randomBytes(32).toString('base64url');
+      const id = crypto.createHash('sha256').update(value).digest().toString('base64url');
+      const created = this.#now.toUTCString();
+      token = {
+        id,
+        value,
+        created,
+      };
+      tokens[partition] = token;
       this.#modified = true;
     }
     await this.#save(ctx);
@@ -153,15 +143,31 @@ export class TransientTokenStore {
   }
 
   /**
-   * Returns the transient site tokens for the given context
+   * Returns the token header values for the given user id.
+   * @param ctx
+   * @param partition
+   * @param userid
+   * @returns {Promise<string>}
+   */
+  async getTokenHeader(ctx, partition, userid) {
+    const token = await this.getOrCreateToken(ctx, partition);
+    const user64 = Buffer.from(userid)
+      .toString('base64url');
+    const key = `${user64};${this.#now.toISOString().split('T')[0]}`;
+    const hash = crypto
+      .createHmac('sha512', key)
+      .update(token.value, 'utf-8')
+      .digest()
+      .toString('base64url');
+    return `hlxtst_${hash};${user64}`;
+  }
+
+  /**
+   * Returns the transient site tokens
    * @param ctx
    * @returns {Promise<SiteTokens>}
    */
   async getSiteTokens(ctx) {
-    const tokens = await this.#load(ctx);
-    return {
-      preview: tokens.preview[0],
-      live: tokens.live[0],
-    };
+    return this.#load(ctx);
   }
 }