@adobe/helix-config-storage 2.2.5 → 2.2.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +14 -0
- package/package.json +2 -2
- package/src/config-merge.js +1 -0
- package/src/config-store.js +22 -23
- package/src/utils.js +14 -3
package/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,17 @@
|
|
|
1
|
+
## [2.2.7](https://github.com/adobe/helix-config-storage/compare/v2.2.6...v2.2.7) (2025-05-16)
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
### Bug Fixes
|
|
5
|
+
|
|
6
|
+
* stricter apikey handling ([b533b1f](https://github.com/adobe/helix-config-storage/commit/b533b1fccd94cfd02d6cc1462220ac36682e9557))
|
|
7
|
+
|
|
8
|
+
## [2.2.6](https://github.com/adobe/helix-config-storage/compare/v2.2.5...v2.2.6) (2025-05-13)
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
### Bug Fixes
|
|
12
|
+
|
|
13
|
+
* escape jti correctly ([#125](https://github.com/adobe/helix-config-storage/issues/125)) ([906c4ba](https://github.com/adobe/helix-config-storage/commit/906c4ba771cea525de5985b76a2556fc901a2206))
|
|
14
|
+
|
|
1
15
|
## [2.2.5](https://github.com/adobe/helix-config-storage/compare/v2.2.4...v2.2.5) (2025-05-12)
|
|
2
16
|
|
|
3
17
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@adobe/helix-config-storage",
|
|
3
|
-
"version": "2.2.
|
|
3
|
+
"version": "2.2.7",
|
|
4
4
|
"description": "Helix Config Storage",
|
|
5
5
|
"main": "src/index.js",
|
|
6
6
|
"types": "src/index.d.ts",
|
|
@@ -46,7 +46,7 @@
|
|
|
46
46
|
"husky": "9.1.7",
|
|
47
47
|
"json-schema-to-typescript": "15.0.4",
|
|
48
48
|
"junit-report-builder": "5.1.1",
|
|
49
|
-
"lint-staged": "
|
|
49
|
+
"lint-staged": "16.0.0",
|
|
50
50
|
"mocha": "11.2.2",
|
|
51
51
|
"mocha-multi-reporters": "1.5.1",
|
|
52
52
|
"mocha-suppress-logs": "0.5.1",
|
package/src/config-merge.js
CHANGED
package/src/config-store.js
CHANGED
|
@@ -13,14 +13,13 @@
|
|
|
13
13
|
import crypto from 'crypto';
|
|
14
14
|
import { decodeJwt } from 'jose';
|
|
15
15
|
import { HelixStorage } from '@adobe/helix-shared-storage';
|
|
16
|
-
import { sanitizeName } from '@adobe/helix-shared-string';
|
|
17
16
|
import { StatusCodeError } from './status-code-error.js';
|
|
18
17
|
import {
|
|
19
18
|
createToken, createUser,
|
|
20
19
|
migrateToken,
|
|
21
20
|
updateCodeSource,
|
|
22
21
|
updateContentSource,
|
|
23
|
-
deepGetOrCreate, deepPut, prune, createSecret, migrateSecret, isDeepEqual,
|
|
22
|
+
deepGetOrCreate, deepPut, prune, createSecret, migrateSecret, isDeepEqual, base64ToBase64Url,
|
|
24
23
|
} from './utils.js';
|
|
25
24
|
import { validate as validateSchema } from './config-validator.js';
|
|
26
25
|
import { getMergedConfig } from './config-merge.js';
|
|
@@ -595,32 +594,32 @@ export class ConfigStore {
|
|
|
595
594
|
delete ret.hash;
|
|
596
595
|
}
|
|
597
596
|
if (frag.type === 'apiKeys') {
|
|
598
|
-
if (data.jwt) {
|
|
599
|
-
|
|
600
|
-
|
|
601
|
-
|
|
602
|
-
|
|
603
|
-
|
|
604
|
-
|
|
605
|
-
|
|
606
|
-
|
|
607
|
-
|
|
608
|
-
|
|
597
|
+
if (!data.jwt) {
|
|
598
|
+
throw new StatusCodeError(400, 'jwt missing for new keys');
|
|
599
|
+
}
|
|
600
|
+
try {
|
|
601
|
+
const payload = await decodeJwt(data.jwt);
|
|
602
|
+
data.id = payload.jti;
|
|
603
|
+
data.roles = payload.roles;
|
|
604
|
+
data.subject = payload.sub;
|
|
605
|
+
data.expiration = new Date(payload.exp * 1000).toISOString();
|
|
606
|
+
delete data.jwt;
|
|
607
|
+
} catch (e) {
|
|
608
|
+
throw new StatusCodeError(400, e.message);
|
|
609
609
|
}
|
|
610
|
-
|
|
610
|
+
data.created = new Date().toISOString();
|
|
611
|
+
frag.name = base64ToBase64Url(data.id);
|
|
611
612
|
frag.type = 'apiKey';
|
|
612
613
|
frag.relPath.push(frag.name);
|
|
613
|
-
}
|
|
614
|
-
|
|
615
|
-
|
|
616
|
-
throw new StatusCodeError(400, 'jwt not allowed in existing apiKey');
|
|
614
|
+
} else if (frag.type === 'apiKey') {
|
|
615
|
+
if (Object.keys(data).some((key) => key !== 'description')) {
|
|
616
|
+
throw new StatusCodeError(400, 'not allowed to alter properties other than "description" in apiKey');
|
|
617
617
|
}
|
|
618
|
-
const oldData = deepGetOrCreate(old, frag.relPath,
|
|
619
|
-
|
|
620
|
-
|
|
621
|
-
if (frag.name !== sanitizeName(data.id)) {
|
|
622
|
-
throw new StatusCodeError(400, 'apiKey id mismatch');
|
|
618
|
+
const oldData = deepGetOrCreate(old, frag.relPath, false);
|
|
619
|
+
if (!oldData) {
|
|
620
|
+
throw new StatusCodeError(404, 'object not found.');
|
|
623
621
|
}
|
|
622
|
+
data = Object.assign(oldData, data);
|
|
624
623
|
}
|
|
625
624
|
if (frag.type === 'secrets') {
|
|
626
625
|
// create new secret with random id
|
package/src/utils.js
CHANGED
|
@@ -194,6 +194,19 @@ export function createUser() {
|
|
|
194
194
|
};
|
|
195
195
|
}
|
|
196
196
|
|
|
197
|
+
/**
|
|
198
|
+
* converts a base64 to a base64url string.
|
|
199
|
+
*/
|
|
200
|
+
export function base64ToBase64Url(str) {
|
|
201
|
+
if (!str) {
|
|
202
|
+
return str;
|
|
203
|
+
}
|
|
204
|
+
return str
|
|
205
|
+
.replaceAll('+', '-')
|
|
206
|
+
.replaceAll('/', '_')
|
|
207
|
+
.replaceAll('=', '');
|
|
208
|
+
}
|
|
209
|
+
|
|
197
210
|
/**
|
|
198
211
|
* migrates an existing jwt token
|
|
199
212
|
* @param key
|
|
@@ -211,9 +224,7 @@ export async function migrateToken(key, jwt) {
|
|
|
211
224
|
if (!jti) {
|
|
212
225
|
throw new StatusCodeError(400, 'unable to migrate jwt: missing jti claim.');
|
|
213
226
|
}
|
|
214
|
-
const id = jti
|
|
215
|
-
.replaceAll('/', '_')
|
|
216
|
-
.replaceAll('+', '-');
|
|
227
|
+
const id = base64ToBase64Url(jti);
|
|
217
228
|
const hash = crypto
|
|
218
229
|
.createHmac('sha512', key)
|
|
219
230
|
.update(jwt, 'utf-8')
|